ANDROID FOR SMART FUTURE

Android is the operating system for mobile phones based on Linux. Android provides an open platform to developers for creating their own applications for use by a variety of mobile devices. Initially, Google Inc.. bought Android Inc.., newcomers who make software for mobile phones. Then to develop Android, formed the Open Handset Alliance, a consortium of 34 companies for hardware, software, and telecommunications, including Google, HTC, Intel, Motorola, Qualcomm, T-Mobile, and Nvidia. There are several versions of android that has been issued by the company Google, namely:

 

1. Android version 1.1
This version was released on March 9, 2009, which came with an update on the aesthetics of the application, alarm clock, voice search (search sound), sending messages to Gmail, and email notification.

2. Android version 1.5 (Cupcake)
Cupcake or in free translation means the cup cake is the alias name of the Android operating system version 1.5. There are some updates and also the addition of several features in this version is the ability to record and watch video on the camera mode, upload videos to YouTube and pictures directly to Picasa, support Bluetooth A2DP, animated display, and keyboard on the screen.

3. Android version 1.6 (Donut)
Donut is also known as holey cake is used as an alias name from Android version 1.6. This version is released in September 2009 with the ability of the search process better than before, the use of battery indicator and control applet VPN. And there is an additional gallery feature that allows users to choose photos to be deleted. This version has been able to be integrated with CDMA / EVDO, 802.1x, VPN, Gestures, and Text-to-speech engine.

 
4. Android version 2.0/2.1 (Eclair)
On December 3, 2009 re Android operating system released a new version is the version 2.0/2.1 alias named Eclair. Eclair is a long-shaped eclairs with chocolate toping on it.
Changes in this version that is the optimization of hardware, improved Google Maps 3.1.2, change the UI with a new browser and support for HTML5, a new list of contacts, support for 3.2 MP camera flash, digital zoom, and Bluetooth 2.1.

5. Android version 2.2 (Froyo)
Froyo (Frozen yogurt) is a yogurt (milk made through bacterial fermentation) are frozen like ice cream. Froyo used as an alias name of the Android operating system version 2.2
This version is slid in May 2010 with an increase in performance and memory, integration with Chrome, USB tethering, WIFI Hotspot, Quick switching, voice dialing, and support for Adobe Flash 10.1.

6. Android version 2.3 (Gingerbread)
Gingerbread is a cake made from ginger, usually in the form of dolls are often presented sebangai friend for coffee.
Gingerbread is used as an alias name of the Android operating system version 2.3. Currently version 2.3 of Android is the latest version of the Android operating system. There are some promising improvements in this Gingerbread Android among other things:

• NFC Application Support, Application gadget that allows manufacturers to create devices that can be used for wireless transactions (electronic wallet)
• Support the front of the camera.
• Mobile Internet or phone capability via the Internet, or Voice over IP without any additional applications which means users can make VoIP calls directly from the handset without the need to add additional applications.
• Display a more tidy, Display interface android version 2.3 is more neat and easy to learn. Menus and corrected visual theme for easy navigation.
• Management Applications, available shortcut to an application called Manage Applications. Here users can see how much memory is absorbed by each running applications.
• Input text faster, the keyboard of Gingerbread Android promises to be better, with some changes in location and bentuk.Copy Paste, the ability to choose (select) and then do the Copy, Cut or Paste getting better and better.

Solar Plant for a better life

Solar Plant is "Plants" that can change sunlight into electricity. Actually this device is the development of the existing solar technology into a more portable format. Limited charging shaped vase is capable of converting sunlight into electrical energy with the concept of photosynthesis. By combining the principles of nature and technology, maybe in the future we will change the world a better place than today.

Photosynthesis is done by using solar panels mounted on top as the energy collector and converted into electrical energy consumed ganget enough for you, quite simple and very friendly environment. Imagine if millions of people who use gadgets to switch to this technology, not how much renewable energy can be saved.

   The risk of using WIFI connection    

The most effective method to prevent interception of data via Wi-Fi is to use a VPN. However, VPN is too complicated because at present there is no solution to the VPN plug-and-play. For modern society, technology, Wi-Fi (Wireless-Fidelity) is a part of everyday life. In the big cities in Indonesia, Wi-Fi not only penetrated the office. But also shopping centers, restaurants, coffee shops, hotels, campuses, and even housing-housing. The main function is Wi-Fi wireless internet access.

In public places, there is Wi-Fi that are served free of charge and some are paid. In public places also, for example in shopping centers, plenty of options usually available access point. Access points were visible when the notebook users have to select the SSID (Service Set Identifier), the alias name you want to use the wireless network. When a notebook is connected with a particular SSID, the notebook that was already entered into a Wi-Fi network.
Malware Analyst, Kaspersky Lab warns Christian Funk, notebook users should be vigilant when accessing Wi-Fi in public places. Because, Funk asserted, access the Internet through Wi-Fi network extremely vulnerable to attack in the form of data piracy. To trap the victim, criminals generally create a wireless access point (hotspot) for free or copy the login page of the Wi-Fi service provider trusted. Furthermore, criminals are just waiting for the victim lured into dangerous networks.
"To perform this attack, the perpetrator does not need to have technical knowledge of high-end computing. Actors only need to create a fake access point in order to trap the victim. Once the victim is trapped, then the players can tap into typed data that the victim in the web pages opened via Wi-Fi , "said Funk.
Funk explained that the main target of this attack is to steal credit card information on the victim when the victim make transactions online using the Wi-Fi. However, criminals also steal information such as e-mail accounts as well as their passwords, as well as the accounts used by victims to access Internet sites, such as social networking sites.
Funk warned, data theft has serious consequences. For example, if criminals could steal credit card information of victims, the criminals could take advantage of the victims credit card for shopping. Spending bill that also fell into the victim. Though the victim have never committed expenditure.
Another example, if criminals are able to steal account and password of your e-mail the victim, the criminals can take advantage of e-mails offering to spread spam (unsolicited e-mail address.) These crimes can be done if the criminals could steal another account, such as accounts of social networking sites.
Funk emphasized that the most effective method to prevent piracy of data via Wi-Fi network is to use a VPN (Virtual Private Network). With VPN, the data from the notebook users are sent to the server through a virtual tunnel, and vice versa. As a result, the data can not intercepted. However, Funk admits, VPN technology is too complicated for most notebook users.

"Encryption of wireless data traffic is too complicated for users. At this time there has been no VPN solution that is plug-and-play (can be used without the need setting)," said Funk.

Without VPN, Wi-Fi users should not conduct financial transactions or access the internet banking. Also, users should be diligent, industrious change the password of the accounts owned. If you must conduct internet banking transactions in a mobile, Funk suggested, notebook users should use the 3G internet network.

"3G Internet becomes an attractive alternative because of the Wi-Fi and 3G data traffic is more difficult to plow. Also, 3G Internet network has wider coverage than Wi-Fi. speed 3G internet is also more than enough for most purposes mobile computing," said Funk .

Encryption for Data Security in Networks

One of the things that are important in communication using a computer to ensure the confidentiality of the data is encrypted. Encryption dalah a process to change a code of which can be understood to be a code that can not be understood (not legible). Encryption can be interpreted as a code or cipher. A coding system using a table or a dictionary that has been defined to replace the words of the information or that are part of the information sent. A cipher uses an algorithm that can encode all data streams (stream) bit of a message into an incomprehensible cryptogram (unitelligible). Because cipher technique is a system that has been prepared for the automation, then the technique used in computer and network security systems.In the next section we will discuss a variety of encryption techniques commonly used in security systems of computer systems and networks.

A. Conventional encryption.
 This encryption process can be described as follows: 

Plain text -> Encryption Algorithm -> Cipher text -> Algorithm Dekrispsi -> Plain text   

User A |                                      | User B

User B|---------------------- Lock (Key) --------------------| 

Figure 1 

Origin information that can be understood in symbolized by the Plain text, which then by the encryption algorithm translated into information that can not be to understand that symbolized the cipher text. The process of encryption consists of two algorithms and keys. Locks are usually a short string of bits that control the algorithm. Encryption algorithm will produce different results depending on which key is used. Changing the encryption key will change the output of encryption algorithms.Once the cipher text has been generated, then transmitted. In the next recipient of the cipher text received converted back to plain text and key algorithm and the same.Security of conventional encryption depends on several factors. First encryption algorithm must be sufficiently strong so that makes it very difficult to decrypt the cipher text with the basic cipher text. Furthermore the security of conventional encryption algorithms rely on the secrecy of the key is not the algorithm. That is assuming that it is very impractical to decrypt the cipher text based information and knowledge about the algorithm description / encryption. Or in other words, we do not need to maintain the secrecy of the algorithm, but enough with the secrecy of the key. 

Benefits of a conventional encryption algorithm is the ease in use widely. With the fact that this algorithm does not need to be kept secret with the intent that the makers can and are able to make an implementation in the form of chips with low price. Chips can be widely available and provided also for several types of products. With the use of conventional encryption, security principle is to maintain the security of the key. 

The model is widely used encryption is a model based on data encrytion standard (DES), taken by the Bureau of U.S. national standard in 1977. For the DES encryption of data on the 64 bit block using 56-bit key. By using this key, the 64 input data converted to a sequence of methods to 64-bit output. That the same process with the same key is used to change the encryption back.

B. Public-Key Encryption 
One of the main difficulties of the conventional encryption is the need to distribute the keys used in a safe condition. An appropriate way has been found to overcome this weakness with a model of encryption that is surprisingly not require a key to be distributed. This method is known as public-key encryption and was first introduced in 1976. 
Plain text -> Encryption Algorithm -> Cipher text -> Algorithm Dekrispsi -> Plain text                                       User A |                                           | User B

                                         Private Key B----|                                                                                         

|---------------------- Lock (Key) --------------------|

 Figure 2 

The algorithm is as depicted in the image above. For conventional encryption, the key used in encryption and decryption cent is the same. But this is not actually the required conditions. But it is possible to construct an algorithm that uses one key for encryption and her partner, a different key, for decryption. Furthermore it is possible to create an algorithm in which knowledge of the encryption key encryption algorithm plus not enough to determine the key dekrispi. So the following technique will be done:1. Each - each of the systems in the network will create a pair of keys used for encryption and decryption of information received.2. Each - each of the system will publish the encryption key (public key) to install in public registers or files, while her partner still maintained as a private key (private key).3. If A wants mengisim message to B, then A will encrypt the message with the public key of B.4. When B receives a message from A then B will use the private key to describe the message from A.As we have seen, public-key distribution because it does not solve the problem needed a key to be distributed. All participants have access to a public key (public key) and private keys generated locally by each participant, so no need to be distributed. During each control system - each private key with both the communication becomes secure communications. Each partner's private key system to change the public key will replace the old public key. The weakness of public key encryption method is compared with conventional encryption methods encryption algorithm has a more complex algorithm. So for comparison of size and price of the hardware, the public key method will result in lower performance. The following table will show the various important aspects of the conventional encryption and public key.

Conventional Encryption
Required to work:
1. The same algorithm with the same key can be used for the decryption process - the encryption.
2. The sender and receiver must share the same algorithm and key.
    What is needed for security:
1. Keys must be kept secret.
2. It is impossible or highly impractical to translate that information is encrypted.
3.Knowledge of algorithms and sample of an encrypted word is not sufficient to determient the key

 
Public Key Encryption
Required to work:
1. The algorithm used for encryption and decryption with a pair of keys, one for encryption one for                 decryption.
2. The sender and receiver must have a suitable key pair.
    What is needed for security:
1. One of the key must be kept secret.
2. It is impossible or highly impractical to translate that information is encrypted.
3. Knowledge of algorithms and sample of an encrypted word untu insufficient to determine the key.

NETWORK SECURITY

1. What is Network Security

One thing to keep in mind that there is no network of anti tapping or no computer network is completely secure. The nature of the network is to perform communication. Any communication to fall into the hands of others and abused. Security systems help secure the network without blocking its use and place of anticipation when the network is successfully penetrated. Also, make sure that the user in the network have enough knowledge about security and make sure that they accept and understand the security plan that you created. If they do not understand this, then they will create a hole (hole) security on your network.

          There are two main elements forming the network security:

• Wall of security, both physical and virtual, which is placed between the devices and network services used and the people who would do evil.
• Security Plan, which will be implemented together with other users, to keep the system can not be penetrated from outside.
Defined security aspects of these five points.

a.   Confidentiality Require that information (data) can only be accessed by parties who    have authority.

b.   Integrity Requires that information can only be modified by parties who have

      authority.

c.   Availability Requires that information available to parties who have authority when needed.

d.   Require that a sender authentication information can be correctly identified and there is no guarantee that the false identity is not obtained.

e.   Nonrepudiation Requiring that both the sender and receiver of information can not deny sending and receiving messages.

Attacks (interference) for security can be categorized into four main categories:

a. Interruption
An asset of a system being attacked so become unavailable or can not be used by the authorities. An example is the destruction / modification of hardware or network channels.

b. Interception
An unauthorized person gaining access to an asset. Parties in question can be a person, program, or other systems. An example is the interception of data in a network.

c. Modification
An unauthorized person can make changes to an asset. Examples are changes in the value of the data files, modify the program so that it runs with no proper, and the modification of message being transmitted in the network.

d. Fabrication
An unauthorized party inserts counterfeit objects into the system.
An example is sending false messages to others.     

There are several principles that should be avoided in dealing with security issues:
 Ÿ      silent and all will be fine
 Ÿ      hide and they will not be able to find your
 Ÿ      technology used complex / complicated, meaning safe

2. Concern Network Problems

Overview
Defining security (on a computer network) can be done by looking at the targets to be achieved through the concept of 'safe'. Here is a list of features
  that can prevent / anticipate the attacks from outside parties or the party inside.

Security Policy
Before proceeding to the implementation of a more distant level should be determined first what was to be protected and protected from whom. Some of the following questions to help determine the security policies are taken.
1. What information is considered confidential or sensitive?
2. You protect your system from whom?
3. Do you need remote access?
4. Are passwords and encryption enough to protect?
5. Do you need Internet access?
6. What action do you do if you find that your system is compromised?
And many other questions depend on the form of organization you manage.
Security policy depends for what you believe other people, inside or outside your organization. Policy should be a balance between allowing the user to access the information needed while maintaining system security.

   Physical Security
Physical in this section is defined as a situation where someone can get into the room server / network and can access these devices are illegal. Unauthorized persons could have been a guest, cleaning staff, delivery courier packages, and others who can get into the room and fiddling with existing devices. If someone has access to that room, that person can just install Trojan horse programs on the computer, booting from a floppy disk, or steal sensitive data (such as the password file) and unpack in a safer place.
To maintain security, put the server in a room that can be locked and make sure that the room was locked properly. To avoid surveillance, use a screen-saver that can dipassword. Set also all computers to perform the function of auto-logout after inactivity in a certain period.

   BIOS Security

  Actually, an admin is recommended to disable boot from floppy. Or it could be done by creating a                password on the BIOS and set boot password.

  Password Attack
  Many people store important information on the computer and it is often a password that prevents    others   to   see it. To avoid attack user password then you should use a password that is pretty good. Hint password selection:
   • All passwords must consist of at least 7 characters.
   • Enter a combination of letters, numbers, and punctuation as much as possible with a record that still easy    to remember passwords. One way is to combine random words with punctuation or by combining the words with numbers. Examples: @ sweet melon flavor #, komputer0digital1, less 2001
  • Use the first letter of a phrase that is memorable. Examples: parking is prohibited between the hours of 7 am and at 8 pm à dpap7php8s, no system is completely secure within the context of network à tasybbadkj
  • Use a number or punctuation mark to replace the letters in the password. Example: success à k3b3rh45! L4n
  • Change your passwords regularly
 
Malicious Code
Malicious code can be a virus, trojan or worm, usually in the form of code instructions that will burden the system so that system performance decreases. How to anticipate it could be seen at 6 the following example:
1. provide awareness to the user about the virus threat.
2. use a good anti-virus program on a workstation, server and internet gateway (if any).
3. teach and train users how to use anti-virus program
4. as admins should always update your anti-virus program and virus databases
5. Familiarize the user to NOT open the email attachment file or any file from a floppy before 110% sure or     not an attachment / file page "clean".
6. Make sure your security policy up to date.

 
Sniffer
Sniffer is a computer network communication interception devices utilizing premicious mode on ethernet. Because the computer communication network consisting of random binary data will typically have sniffer protocol analyzer so that a random binary data can be solved. Sniffer for the management functions can be used for network maintenance, to an outsider can to break down the system.
The easiest way to anticipate the sniffer is using a secure application, for example: ssh, ssl, secureftp etc.

Scanners
Network services (network service) of different runs on different ports as well. Each network service running on a particular network address (eg 167.205.48.130) and listening (listening) in one or more ports (between 0 to 65 535). Both make up what is called a socket address that uniquely identifies a service within the network. Ports 0 to 1023 the most commonly used is defined as a well-known number in the UNIX convention and described in RFC 1700.
Port Scanner is a program designed to find the service (service) what is running on the host network. To gain access to the host, the cracker must know the points of weakness that exist. For example, if a cracker has to know that the host is running the ftp server, he can use the weaknesses that exist on the ftp server to gain access. From this passage we can conclude that the service is not absolutely necessary should be removed to minimize the security risks that might occur.
Similar to a port scanner in the previous section, network scanner provides information on the intended target, such as the operating system used, an active network service, type of machine that is connected to the network, and network configuration. Sometimes, network scanner also integrates port scanners in their applications. This tool is useful for finding information about the target as much as possible before doing the actual attack. By knowing the conditions and network configurations, one would more easily enter and damage the system.
Example scanners: nmap, netcat, NetScan Tools Pro 2000, SuperScan

Spoofing
Spoofing (impersonation), usually done by irresponsible parties to use the facilities and resources of the system. Spoofing is a technique that is detected as an undercover identity that is not true, eg: posing as a specific IP, computer name and even a certain e-mail address. The anticipation can be done by using a firewall application.

Denial of Service
Denial of Service (DoS) attack in which a party is to exploit aspects of the Internet Protocol suite to block access to those who are entitled to information or systems under attack. Hole that allows denial is in category C, which is in a low priority. These attacks are usually based on the operating system that is used. That is, this hole is in the network part of the operating system itself. When this kind of hole appears, this hole must be repaired by the owner of the software or patched by the vendor that issued the operating system. Examples of this are TCP SYN attack where a network connection request is sent to the server in a very large number. As a result, the server was flooded with requests and the connection becomes slow or even not be achieved at all. These holes are almost in all operating systems running TCP / IP to communicate on the Internet. This seems to be an issue contained in the design suite TCP / IP, and is something that is not easily solved.
In a DoS attack, someone can do something which interfere with the performance and operation of the network or server. As a result of this attack is slow in responding servers or networks, or can even cause crashes. DoS attacks interfere with the legitimate user to obtain a legitimate service, but does not allow a cracker to get into the existing network system. However, this kind of attack against a server that handles e-commerce activities can result in financial losses.