Scientific Computing: Open Source Software

     There is a great need for software in the scientific community that can simplify and reduce the work required to solve complex mathematical equations. Otherwise manually solving science related problems would take forever and be error-prone. Scientific computing aims to resolve complicated problems in a range of fields including the physical and engineering sciences, finance and economics, medical, social and biological sciences. It can enhance communication of information by creating visual representations of scientific data. The major numerical computing environment and programming-language that most have heard of is MATLAB. Unfortunately MATLAB is proprietary software and thus has a high monetary cost. Fortunately there are open source alternatives that have much, if not all, of the capabilities required for scientific computations.

     SciPy is an open source computing environment built for the Python programming language. The core elements of SciPy are the NumPy and SciPy libraries that include all the algorithms and mathematical tools required for core scientific computing. There are also additional libraries to expand the features of SciPy such as the Matplotlib library which is used to show plots.
 

Here’s a list of some of SciPy’s features and their packages:

• Special Functions (scipy.special)‏

• Signal Processing (scipy.signal)‏

• Fourier Transforms (scipy.fftpack)‏

• Optimization (scipy.optimize)‏

• General plotting (scipy.[plt, xplt, gplt])‏

• Numerical Integration (scipy.integrate)‏

• Linear Algebra (scipy.linalg)‏

• Input/Output (scipy.io)‏

• Genetic Algorithms (scipy.ga)‏

• Statistics (scipy.stats)‏

• Distributed Computing (scipy.cow)‏

• Fast Execution (weave)‏

• Clustering Algorithms (scipy.cluster)‏

• Sparse Matrices* (scipy.sparse)‏

These allow the creation of vast variety of functions required for use by the scientific community. If you are looking for a powerful open source computing environment for scientific computing visit their site at http://www.scipy.org/ and download the software.

Get started with Python and SciPy: Introduction to Scientific Computing

Computer Graphics: CAPTCHA Image Processing

In 1999, slashdot.com create an online poll to ask the people which graduate school had the best computer science program. This was a big mistake. Both MIT and Carnegie Mellon wrote programs or “bots” that voted for them. As a result the poll became a contest between the voting “bots” where each school ended up with over 20,000 votes while the rest had less than a 1,000 votes. This led to research in preventing such programs and the CAPTCHA was created. CAPTCHA stands for “Completely Automated Public Turing Test to Tell Computers and Humans Apart.” The idea is that the CAPTCHA is a test that humans can pass but computers can't pass with a probability greater than guessing. What does the CAPTCHA have to do with computer image processing?

CAPTCHAs are distorted images which computers can't solve due to the segmentation problem. Computers are actually better than humans at solving fundamental CAPTCHA problems. Yet the computers fail at separating letters from each other, recognizing distorted letters, and understanding the context of each letter. Humans on the other hand excel at recognizing the letters and the resulting words. Computers are not able to recognize distorted letters because there are infinitely many distortions. They are not able to separate letters from each other as well because CAPTCHA images have lines going across the words and confusing background patterns. Thus the computer's CAPTCHA image processing problem is a difficult problem in the field of artificial intelligence. One last interesting thought: CAPTCHA is a program that can generate and grade tests that it itself cannot pass.

Sources:

http://en.wikipedia.org/wiki/CAPTCHA

http://www.cs.cmu.edu/~biglou/captcha_cacm.pdf\

Information Security: Principles and Practice by Mark Stamp

Cryptography: TLS/SSL Protocol

     Network interactions require specific protocols for them to take place. These protocols are based around user authentication and confidentiality. Protocols can be used for authentication, confidentiality, or both. The protocols allow you to make secure transactions, application connections, and user connections over non-secure networks. Examples of these protocols are TLS/SSL, IPSec, and Kerberos. I’ll focus this blog on TLS/SSL as that is the protocol most visible to everyone today.

TLS/SSL

     We all use this protocol when we browse the internet because TLS/SSL is the underlying security protocol for HTTPS. The protocol is implemented at the socket layer (to use it applications have to implement it) and is relatively simple. TLS/SSL main purpose is for secure transaction. To purchase an item you want to be sure you are dealing with the real business (authentication), you want your credit card information to be protected (confidentiality and integrity), and the business does not need to authenticate you since all they want is the money (no mutual authentication). Now to the actual steps of the protocol. If you are ready to purchase an item on Amazon then the first step is for you to request a connection with Amazon.  Along with it you will send a list of ciphers that you support and a random nonce (number used once). Amazon will then reply with their certificate, a chosen cipher, and their own random nonce. You then reply with a secret that is encrypted with Amazon’s public key and another encrypted message that is used for integrity check and establishes a session key. Amazon replies with one last message to prove that they were able to decrypt your previous messages. A couple of important parts are the certificate sent by Amazon and the established session key. The certificate prevents a man-in-the-middle attack because it is signed by a certificate authority and your browser will check the certificate signature. If an attacker sends a false certificate the browser will see that it is not signed and gives a warning to you. Unfortunately users can ignore this warning and allow the connection to proceed which allows the man-in-the-middle attack to succeed. This is a flaw in human nature not the protocol. The other important part of the protocol messages is the session key. The session key is a hash of the secret you sent and both of the nonces. Often your browser opens multiple parallel connections to improve performance. The TLS/SSL session are costly but given an existing session new connections are cheap. Thus any number of new connections can be created from the existing key to allow multiple parallel connections.

Book I've been reading: Information Security: Principles and Practice by Mark Stamp.