ID Protection Toolbox

		Object Oriented Cybersecurity Detection Architecture (OOCDA) Suite

Executive Summary	Start	Author	Project Map

Sam's ID Protection Toolbox (SIPBox)
Introduction - Lesson to Learn:
Currently, traveling through any airport requires a number of security processes including taking your shoes off and run them through a scanner. When it comes to Cybersecurity, we may not be far off the airports' securities. In short, all electronic users may have to go through a number of procedures to get their tasks done in a secure matter.

The Main Issues:
Access using security procedures is becoming a major task and companies are adding more and more measures to protect access. For example, now banks will text their customers a code as second security measure. Some will ask for mother median name. Some companies require double ID or passwords. Regardless of all these measure, hackers are still able to evade detection.

As for mobile, it is becoming more difficult to implement protection specially with some Apps have access to all mobile features such as camera, voice, images, and what is stored on the mobile. Mobile users may not know what is being done with their mobile devices or privacy.

We are proposing what we call "Sam's ID Protection Toolbox" or "SIPBox." SIPBox is a small software or an App which must be synchronized between the users and companies. We will cover SIPBox architect-design, but we need to present what could any user would encounter when accessing a company's site.

Keyboard Strokes	Hackers can track every single keystroke you enter through computer system keyboard, including passwords and usernames. For example, keylogger Trojan virus is a program that logs keystrokes. Keyloggers are a form of spyware where users would not know that their keystrokes are being tracked. Another aoftware is SpyAgent PC which is an activity tracker. It can track computer activities such as keypresses, clicks, software used, browsing history, and more.
Screenshots	Can hacker see your screen? Hackers can gain access to your computer monitor and monitor and manipulate what you see on your screen. Screenshot: There is a malware which has been named Zacinlo and first it appeared in 2012. It allows attackers to take screenshots of infected machines' desktops. Zacinlo is delivered by rootkit, a malicious form of software which can manipulate the operating system. It makes the computer oblivious to its existence.
Packet Interception	What is a Web packet? A packet is a small amount of data sent over a network, such as a LAN or the Internet. Each packet includes a source (the starting Router) and destination (the end router) as well as the content (data) being transferred. How do hackers intercept packets? Packet sniffers work by intercepting and logging network traffic via the wired or wireless network interface on its host computer. Inbound and Outbound Packets: Inbound refers to connections coming-in to a specific device (host/server) from a remote location. Any packet going out of the router is considered as outbound. A Web Browser connecting to your Web Server is an inbound connection (to your Web Server). Outbound refers to connections going-out to a specific device from a device/host. Regardless of inbound or outbound packets, hackers can still get a copy of each. What can hacker do with packet? Once a packet is captured in real-time, it is stored for a period of time so that it can be analyzed, and then either be downloaded, archived or discarded. Hackers use packet sniffers to spy on network user traffic and collecting personal data such as passwords.
Cache	What is Cache Data? Cached data (text, images and forms) is information stored on your computer or device after you visit a website. Developers use cached data to improve-speed your online experience. Can cache be used to hack? Hackers could use Cache data to launch an attack which is a security risk. Web Cache Poisoning Attacks: Hackers use such method to divert traffic from legitimate web servers to their own malicious ones, where unsuspecting users can be re-routed to booby-trapped websites and served with malware. Can cache history leak private data? Cached images pose a threat of leaking personal and private information to hackers.
Cookies	What is a Cookie? An HTTP cookie is a small piece of data (string) sent from a site (web server) to a user's web browser. Every time the user visits the site, the browser sends the cookie back to the server to notify the user's previous activity. In a nutshell, a cookie is a string of information that a site's web server stores on the browser's side and gets it back when the user visits the site. Misuse of Cookies: Cookies' developers have been loading cookies with data to make their tasks easier. Sadly loaded cookies with data can be used by hackers to gain information about users and site servers. Third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories; which is a potential privacy concern. Third-party tracking cookies are shared by different vendors for personalizing and customizing web pages. Issues with Cookies? The problem is cookies are being misused and mobile vendors are restricting the number of cookies and usage on mobile platforms. Not to mention Apple and Google have their own unique approach, Apple has Universal Device Identifiers (UDID) and Google has an identifier all of its own.
System Control	Can hackers run their code on your computer? Unless your computer is turned off, hackers' program installed on your system will run your system with or without your approval. Hackers have been known to store their software programs on their victims' computers. Hackers are coming through your computer ports and network connections.
Attack Other Computers	Your computer can be used to attack other computers. Hackers have the ability to take over a computer or thousands of them, to launch an attack on a website they’ve targeted. This is known as Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks.
Operating System	Operating systems can also be hacked and rendered helpless.
Reverse Engineering	What is Decompiling code? A decompiler is a software which turns an executable program into source code. The conversion is usually not a perfect one and sometimes reconstructing or restructuring the source may require a lot of effort, talent and time. With patience, time and team work, the result can be rewarding especially for hackers who need to know how to add their code without detection. What is Reverse Engineering? Reverse Engineering is the analysis of a device or program to determine its function or structure, often with the intent of re-creating or modifying it. Reverse engineering can be used by hackers to add their malicious code without detection, while Cybersecurity specialists use reverse engineering to detect malicious code. It is a never-ending cycle of outsmarting each other.

To summarize what is listed in the table, hackers have a lot of options, tools, code, tricks, ..etc to access and cause damages to any system.
Therefore hackers can:

       1. Have a copy of the Cookies
       2. Intercept packets
       3. Track user's keystrokes
       4. See users' screens
       5. Run users' system
       6. Run operating system,
       7. Educate themselves on users' habits and history of users' actions using Cache
       8. Use users' computer to attack other system
       9. Use Reverse engineering to learn about application plus add their malicious code
       10. Use Artificial Intelligence to hack
       11. Use Machine Learning to hack

Our attempting here is not to end hacking, but to address accessing system using login name and password. We are proposing what we call "Sam's ID Protection Toolbox"or "SIPBox". SIPBox is a small software or an App which must be synchronized between the users and companies. SIPBox would have a GUI interface on the mobile or user system (desktop, laptop, ..etc).

Assumption and Methodology:
With the assumption that hackers can:

       1. See (screenshots) what users are doing
       2. Listen (keyboard strokes)
       3. Run the show (run their code)
       4. Know how your applications and operating systems work and manipulate them (Reverse Engineering)
       5. Know your habits and tendencies (tracking Cache and Cookies)
       6. Track data (Packets stiffening)
       7. Hide within victims' systems
       8. ..etc

The only thing we can use is: what we call playing the numbers game.

What does playing the numbers game mean?

       "To use amounts or figures to support an argument, often in a way that confuses or misleads people."

In short, we encryption with dynamic variables which can change even ever millisecond as system clock.
The following are possible dynamic variables:

       1. Index-hash
       2. System clock
       3. Virtual Operating System (starts and ends with encryption application)
       4. Name
       5. Pass Word
       6. IDs
       7. Combination of what is listed

SIPBox VM Encryption Diagram

Image #1

SIPBox Hacker Interception

Image #2

Image #1 has the following parts:

1.	User's Browser Tab with Sam Insurance company login page An internet tab where a user would use desktop browser to login into Sam Insurance company. Sam Insurance page would provide to user two values-variable Company ID and Encryption Index. User would cut/paste these values-variable into SIPBox input fields
2.	Virtual Machine created on the user desktop or laptop running SIPBox A user would run a batch or Java application on his desktop where the application would open a window and create a Virtual Machine (container) and run SIPBox application (component). The user would paste two values-variable Company ID and Encryption Index in the SIPBox input fields plus enter name and password. SIPBox would create encrypted Name and Password to be pasted into Sam Insurance login fields.
3.	Mobile App running SIPBox The processes done with Virtual Machine on the desktop would be done with Sam Insurance App also
4.	Encryption Engine (application) which would access an Encryption Matrix The Encryption Engine (application) and Encryption Matrix are rough presentation of what would be done behind the scene to help present the variables which would be used to perform the encryption

The virtual machine created would have its own operating system and keyboard buffer. The encryption Engine would perform the encryption fast and the user would end the virtual machine windows.
The user has the option to close the window with VM and ends SIPBox.

We also recommend that SIPBox would has a timer and ends when the scheduled time is done and not be running for long time which closes the chance for hackers to try to hack SIPBox.

SIPBox can be used to access one or more company with the coordination and cooperation of all parties.

Image #2 is what hackers would be able to see, track or intercept. The encrypted name and password would have no value to hackers nor would they be able to decrypt them.

How many SIPBox would a user need to run all application?
Based on every individual and what is must be secured, there could be few. We can also create SIPBox for groups of companies with dropdown box for different companies.