Image processing in C/C++ : Installing Opencv in Microsoft Visual studio 10 ( without Cmake )

Operating System: Windows 7 

For installing Visual studio 10 : http://www.microsoft.com/visualstudio/eng#products/visual-studio-express-products (free version)

For installing Opencv-2.4.5 :  http://ncu.dl.sourceforge.net/project/opencvlibrary/opencv-win/2.4.5/OpenCV-2.4.5.exe

For installing latest version of Opencv: http://opencv.org/downloads.html

Download the latest version of opencv  and install it within a folder say C:/program files/Opencv. 

Note: Create a copy of the path variable before installing because it may replace the path variable while installing (how to get path variable is explained bellow).

Setting up path variable

Go to location where all dll files are located. Here C:\Program Files\opencv\build\x86\vc10\bin( if your os is 64 bit then C:\Program Files\opencv\build\x64\vc10\bin).

Now Click start -> My Computer -> right click -> properties -> Advanced System Settings -> Environment Variables -> Under system variable select ‘path’ and click edit.

Add the location “C:\Program Files\opencv\build\x86\vc10\bin” at the end of the path and put a semicolon at the end.

Then click Apply if not Ok.

Building a project

Open visual studio ->new project -> visual c++ ->  enter name of the project(say Sample) and select Win32 console application  -> click Ok ->  click finish

In left side of the window you can see Sample. Right click Sample -> properties -> a dialog box appears as following

Adding include and library files

Change Configuration to ‘all configuration’  ->Configuration properties -> VC++ directories ->include->edit

Ctrl-insert->browse to the location where you had installed include files then add these locations.

Here “C:\Program Files\opencv\include\opencv” and “C:\Program Files\opencv\include\opencv2”

Similarly add library directory

Here “ C:\Program Files\opencv\build\x86\vc10\lib “  if you are using visual studio 9 then “C:\Program Files\opencv\build\x86\vc9\lib”

Click apply

Last Step: Go to linker -> input -> Additional dependency ->edit then add the following files

opencv_calib3d245.lib

opencv_calib3d245d.lib

opencv_contrib245.lib

opencv_contrib245d.lib

opencv_core245.lib

opencv_core245d.lib

opencv_features2d245.lib

opencv_features2d245d.lib

opencv_flann245.lib

opencv_flann245d.lib

opencv_gpu245.lib

opencv_gpu245d.lib

opencv_haartraining_engine.lib

opencv_haartraining_engined.lib

opencv_highgui245.lib

opencv_highgui245d.lib

opencv_imgproc245.lib

opencv_imgproc245d.lib

opencv_legacy245.lib

opencv_legacy245d.lib

opencv_ml245.lib

opencv_ml245d.lib

opencv_nonfree245.lib

opencv_nonfree245d.lib

opencv_objdetect245.lib

opencv_objdetect245d.lib

opencv_photo245.lib

opencv_photo245d.lib

opencv_stitching245.lib

opencv_stitching245d.lib

opencv_superres245.lib

opencv_superres245d.lib

opencv_ts245.lib

opencv_ts245d.lib

opencv_video245.lib

opencv_video245d.lib

opencv_videostab245.lib

opencv_videostab245d.lib

These are nothing but library files in “C:\Program Files\opencv\build\x86\vc10\lib “ ( note : never mind liblept168.lib liblept168d.lib libtesseract302.lib in the image ).

Now copy paste the program

#include "stdafx.h"

#include<cv.h>

#include<highgui.h>

using namespace std;

using namespace cv;

int main()

{

IplImage *inputImage = cvLoadImage( "C:/Users/Public/Pictures/Sample Pictures/c_flight.jpg",CV_LOAD_IMAGE_COLOR);

cvShowImage("original",inputImage);

cvReleaseImage(&inputImage);

while(1)

{ }

return 0;

}

Note : Make sure #include "stdafx.h" is at the beginning.

Now press F7 (building the project) then F5 (run the program). That’s it !

Errors encountered during execution

E.1  Error in ‘include<cv.h>’ or any other include files. Try ‘#include <opencv/cv.h>’.

E.2  After pressing F7 you may find errors something like ‘failed 1 success 0‘ in the output window, this is     due to error in building include or library files. This can be solved by solution of E.1 or recheck include and library files that were done while building library and include files.

E.3  No error during building ( F7 ) but error during execution like ‘ linkage error ’Try adding the files from “C:\Program Files\opencv\build\x86\vc10\lib” to project folder (here C:\...\Visual Studio2010\Projects\Sample\Sample ).I solved the problem by adding opencv_core245.lib opencv_imgproc245.lib opencv_highgui245.lib.   

Mysql Hardening

MySQL is a open source relational database management system (RDBMS) that runs as a server providing multi-user access to a number of databases .

Following are the ways to harden mysql

1. Disable remote Access

    Add 'bind-address =127.0.0.1' to the 'mysqld' section of 'my.cnf ' file. You can find 'my.cnf' in '/etc/mysql'. You need root privilege to change the file.

2. Disable use of local infile

  The "LOCAL INFILE" command can be used to gain access to other files on the operating system, for example "/etc/passwd".
To disable this add " set-variable=local-infile=0 " to the  'mysqld' section of 'my.cnf' file.

3. Change Default username and password

  Login to mysql prompt and enter the following
  RENAME USER root TO newuser

4. Remove default database

 Use the following command to remove default database
 drop database test

5. Root privilege to 'mysql' folder

  The databases are stored in '/var/lib/mysql' . For security reasons enable root privilege to this folder

SSL Packet Capture using Wireshark

After installing wireshark in your computer, capture the SSL packets and answer the following questions.

1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server),determine the number of SSL records that are included in the frame, and list the SSL record types that are included in the frame. Draw a timing diagram between client and server, with one arrow for each SSL record.


Answer:

Total number of records =11

 2. Each of the SSL records begins with the same three fields (with possibly different values).One of these fields is “content type” and has length of one byte. List all three fields and their lengths.

Answer:

 Content type : 1 byte
 version : 2byte
 Length : 2byte

3. Expand the ClientHello record. (If your trace contains multiple ClientHello records, expand the frame that contains the first one.) What is the value of the content type?



 Answer:

The value of content type is Handshake(22)

4. Does the ClientHello record advertise the cipher suites it supports? If so, in the first listed suite, what are the public-key algorithm, the symmetric-key algorithm, and the hash algorithm?










Answer:

The client advertise the cipher suites with ECDHE(Elliptic curve Diffe-Hellman) and ECDSA (Elliptic curve Digitial Signature Algorithm) as public key algorithm ,AES as symmetric algorithm and SHA1 as hash algorithm

5. Look to the ServerHello packet. What cipher suite does it choose?

Answer :

Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
RSA with SHA is used.

6. Does this record include a nonce? If so, how long is it? What is the purpose of the client and server nonces in SSL?






Answer:

This record includes a nonce under Random. The length of nonce is 28 bytes . The purpose is to prevent a replay attack.

7 .Does this record include a session ID? What is the purpose of the session ID?

Answer:

The record includes a session ID. It provides a unique persistent identifier for the SSL session which is sent in the clear. The client may resume the same session later by using the server provided session ID when it sends the ClientHello.

8. How many frames does the SSL certificate take to send?

Answer: 

SSL certificate takes 2 frames.

    

What is SSL and How to setup a https in Apache2 webserver

What is SSL?

Secure Socket Layer(SSL) is an encryption technology that was created by Netscape. SSL creates an encrypted connection between the web browser and the web server. This helps is transmitting private information like credit card numbers,passwords etc through a secure channel without the problem of eavesdropping,message tampering etc. 

To enable SSL on the webserver we need to get a SSL certificate that identifies the website. If the web server is SSL enabled ,we can access the webserver using https instead of http .Accessing websites with SSL certificate ensures that out data is encrypted and cannot be tampered by a third person.

How SSL works ?

Suppose a webserver wants to enable SSL then

1.The webserver produces a public and private key

2.The webserver contacts a trusted thrid party. This trusted third party checks whether the website(websever) is valid or not.

3.If it is valid then the trusted third party will give an SSL certificate.

Suppose a client wants to establish a SSL connection with the server

1.The client connects to the SSL port of the company.

2.The webserver then sends the certificate to the client and the client verifies it.Verification is as follows. The client has the public key of the trusted third party.It  verifies the certificate of the server with the public key which the client has.

3. If the certificate is valid then the client choose an SSL cipher to use from the list of encryption methods provided by the server and generates a symmetric key.

4.The symmetric key is then send to the server by encrypting it with the public key of the server.

5.The server decrypts the symmetric key using its private key.

6.Further communication between the client and server happens through the symmetric key.

Setting up a https in Apache2 webserver in ubuntu 12.04(self signed certificate)

1.Create a self signed certificate

  sudo make-ssl-cert generate-default-snakeoil-force-overwrite

2. next we need to activate ssl module

   sudo a2enmod ssl

3.Next we need to activate default ssl virtual host

sudo a2ensite default-ssl

4.restart apache 

sudo /etc/init.d/apache2 restart

if you encounter this error 

Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName

Then enter the following

sudo sh -c 'echo "ServerName localhost" >> /etc/apache2/conf.d/name' && sudo service apache2 restart

Open Browser then in address bar type "https://locahost/".In the address bar you can see a lock symbol in firefox or a cross symbol above the lock in google chrome

Symmetric and Asymmetric Encryption Algorithm

Symmetric cryptography uses the same secret (private) key to encrypt and decrypt its data whereas asymmetric uses both a public and private key. Symmetric requires that the secret key be known by the party encrypting the data and the party decrypting the data. Asymmetric allows for distribution of your public key to anyone with which they can encrypt the data they want to send securely and then it can only be decoded by the person having the private key.

Let us see which one is faster!

Let us compare their performance by comparing the time taken by each to encrypt files of size 100MB,200MB,300MB,400MB and 500MB.

We use following syntax to create a file of 100MB size

jothis@jothis:~/Openssl$ dd if=/dev/zero of=100mb bs=1MB count=100
100+0 records in
100+0 records out
100000000 bytes (100 MB) copied, 0.373584 s, 268 MB/s

similarly we can create a file of 200MB size.

jothis@jothis:~/Openssl$ dd if=/dev/zero of=200mb bs=1MB count=200
200+0 records in
200+0 records out
200000000 bytes (200 MB) copied, 2.06894 s, 96.7 MB/s


Time taken for Symmetric encryption

jothis@jothis:~/Openssl$ time openssl enc -aes-256-cbc -in 200mb -out 200mb.enc -pass pass:hello

real    0m2.282s
user    0m1.224s
sys    0m0.272s

For Asymmetric Encryption we need a public key  and a private key

jothis@jothis:~/Openssl$ openssl req -x509 -nodes -days 100000 -newkey rsa:2048  -keyout privatekey.pem  -out publickey.pem

Time taken by Asymmetric Encryption

jothis@jothis:~/Openssl$ time openssl smime -encrypt -aes256 -in 200mb 
-binary -outform DEM -out 200mbasym.enc publickey.pem

real    0m4.080s
user    0m1.496s
sys    0m0.588s


Similarly we can calculate the time taken by each algorithm for files of size 100MB,300MB..etc.

Let us plot the time taken by both algorithm.We use gnuplot to plot a graph in ubuntu.

To install gnuplot

sudo apt-get install gnuplot

To plot the graph we write the time taken by each to two separate file "symmetric.txt" and "asymmetric.txt"

We use the following the syntax to plot the graph

$ set xlabel "Time(ms)"

$ set ylabel "File size(mb)"
$ plot "symmetric" using 2:1 with lines title "Symmetric encryption" "asymmetric" using 2:1 with lines title "Asymmetric encryption"

 So we can conclude that Symmetric encryption is faster than Asymmetric encryption
 

Cryptographic Hash Function

A cryptographic hash function is a function that takes a message of any length as input and transforms into a fixed length output called a hash value, a message digest, a checksum or a digital fingerprint.

Properties of Cryptographic hash function

1. Cryptographic hash function accept a block of data of any size as input.

2. Cryptographic hash function produce a fixed length output independent of the message size.

3. Cryptographic hash function behaves like a random function.

4. Given a message digest it is very difficult to generate the message.

MD5 hash algorithm ,SHA(Secure Hash function) are examples of Cryptographic hash function.

Message digest produced by a MD5 hash function

Message digest produced by a SHA hash function

Message digest produced by a SHA hash function after changing a single character

Message digest produced by a  MD5 hash function after changing a single character

We can see that the hash value generated using MD5 and SHA are different for  the original and modified message.

Top 10 Web Application Attacks

1. SQL Injection

SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database.

How SQL injection is done ?

Consider the SQL code to get the username and password from the users table.The query will be executed if the name and password are valid.

 

 Using SQL Injection given below,an unauthorized user can view sensitive information .

 

 since '0=0' the query returns a true value thus an authorized user can easily see the information without giving the password.

How to prevent SQL Injection?

1. Prevent unnecessary database users and stored procedure

2. Parametrize the variable ( using 'PreparedStatement' in java).

2. Cross Site Scripting Attack(XSS)

XSS allows attackers to inject client side script into web pages. By injecting malicious scripts into web pages, an attacker can gain access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user.

How to prevent Cross Site Scripting?

It can be prevented by filtering and escaping  mechanism.In filtering mechanism 

the external data are passed through a filter which removes dangerous keyword such as JavaScript commands, CSS styles and other dangerous HTML markup.

In Escaping we are telling the browser that the data we are sending should be treated as data and should not be interpreted in any other way.

3. Buffer Overflow Attack

Hackers exploit buffer overflows by executing instructions and causing that code to overwrite adjacent memories. It can cause DOS attack and remote command execution.

How to prevent Buffer Overflow?

Bound checking within application is one way of preventing buffer overflow.

4. Session Hijacking

Session hijacking is exploiting of valid computer session to gain unauthorized access to services in a computer system.

How to prevent Session Hijacking?

Prevention 

1. Match connection with timestamp ,ip address etc
2. Encrypting the data which are transfered between the two entities
3. Using a long random number or string as session key

5. Source Code Disclosure

Here attacker can retrieve the source code of the web application. The code can then be used for further loopholes in the application.This occurs because of poor application design.

How to prevent Source Code Disclosure?

1.locking down web server configuration.

2.Secure coding practices.

6. Retrieving "non web " Files

Here the attacker can access "non web" application which includes zip files,text files,backup files etc.

How to prevent Retrieving "non web" Files?

One way to prevent is avoid presence of such files. The administrator should disable serving such file.

7. Directory Browsing

Here the attacker can retrieve complete directory listing within directories of the web server.This happens when the default document is missing.

How to prevent Directory browsing?

1.By locking down the web server configuration.

2.Disable serving of directory content.

8. Denial Of Service

This attack is making unavailable a resource (site, application, server) for the purpose it was designed. There are many ways to make a service unavailable for users by manipulating network packets, programming, logical, or resources handling vulnerabilities. If a service receives a very large number of requests, it may stop providing service to legitimate users. 

How to prevent Denial of Service?

1. Defines a Maximum Segment Life. This is the maximum amount of time to wait for an ACK in reply to a SYN-ACK or FIN-ACK, in milliseconds.

2. Through web application firewall inspects your HTTP traffic and checks their packets against rules so as to stop web applications from being exploited.

9. Server-Side-Include(SSI)

 

Here the attacker can send code to the web application which will later be executed in locally by the web server. This is done by injecting HTML scripts or any executable codes remotely.

 

How to prevent Server-Side-Include?

This can be prevented by controlling the type and size of character that are expected by the web server .

10. Cross-Site Request Forgery (CSRF)

Here the attacker tricks the victim into loading a page that contains a malicious request. It is malicious in the sense that it inherits the identity and privileges of the victim to perform an undesired function.

How to prevent Cross-Site Request Forgery?

1. Add a hash to URL and all forms.

2. Checking the referrer in the client's HTTP request will prevent CSRF attacks.