An RSA-Type OTP Generator

An RSA-Type OTP Generator An RSA-Type OTP Generator Aiswarya Vinayachandran,  Sivasankar M Abstract Simple and secure authentication protocols are in great demand due to the ever expanding use of internet for financial and message communications. Multifactor authentication, in particular 2Factor Authentication (2FA) is preferred to static passwords-only authentication. One Time Passwords (OTPs) play a vital role in the construction of 2FA protocols. In this paper, an efficient OTP generation algorithm, based on RSA scheme is discussed. Implementation and computational issues related to the algorithm are also discussed. Keywords: Authentication, RSA, One Time Password, LFSR, Primitive Element 1. Introduction These days, almost all our day to day activities, starting from buying vegetables to booking a movie ticket depend on internet. As highly private data is being communicated between the server and the client, secure protocols are required for protecting these transactions from attackers. Over the years, we realized that encryption methods alone are not sufficient to secure online transactions. Hence evolved the idea of sending some message each time personally to the user and prompting him to send back the message along with his/her password to complete the transaction. This provides a second layer of security and strength to the existing concept of static passwords. In this paper, we present a way to generate OTPs, based on RSA type exponentiation. This research paper is organised as: Section 2 explains authentication process; Section 3 briefly discusses the conventional way of OTP generation; Section 4 is the proposed algorithm; Section 5 discusses about the randomness in the generation of the OTPs; Section 6 analyses the operational complexity and security of the proposed algorithm; Section 7 gives some concluding remarks. 2. Authentication Authentication is the process of identifying the legitimate user [1]. The identity is proven by various cryptographic methods where the user has to enter some input to the system. This can range from simply entering a password to more complicated security mechanisms like biometrics, strings displayed by tokens, key encryptions. Based on this input, the system will identify and authenticate the person. After authentication, comes authorization, where the system identifies the various privileges available to the user. Only authorized users can get access to the data as not all the users will have the same privileges. Some users will be allowed to only read the data while some users will be allowed to read as well as modify it. 2.1. Message Authentication Message authentication is used to check if the received message has been tampered in the middle of the communication channel. Message authentication is used to protect the integrity of the message wherein the receiver should be notified if any bits in the message are modified, removed or extra bits are added during the communication. This is achieved by sending a message digest – usually hash of the message will be the digest – together with the message. If the receiver also is obtaining the same digest over the received message then he/she can be sure of the integrity of the message. 2.2. Entity Authentication Entity authentication is the process in which an entity (machine/human) in a distributed network will get belief on another entity (machine/human) based on a key already established between them. The idea is that the key is kept secret and only the two genuine communicating entities know the secret key. Machine authentication is achieved through the verification of digital credentials or digital certificates. Digital Credentials are like a machine provided ID and password or a digital certificated issued by a Certifying Authority (CA). It is like a digital passport that provides trusted identification. Digital Signature is a mathematical technique used to validate the authenticity of a digital document, software or a message. It is used to identify whether a communication is impersonalized. Human based authentication relies on at least one of the three key factors: something the user knows (a password or an answer to a security question), something the user possesses (an object for authentication, say smart card), and something the user is (behavioural or physiological characteristics of the individual say, finger print and retina scanning). 3. Conventional OTP Generators OTP is an authentication technique, which comes in the second layer of authentication protocols after static passwords. An OTP is valid only for a single transaction. Even if an attacker succeeds in decrypting the password of a user, he/she has to get the OTP generated to validate the transaction. Since OTP is based on randomness/collision resistance, it is very difficult to guess an OTP. Even if the attacker succeeds in acquiring an OTP, he may not be able to predict the next OTP. OTP generation is based on hashing algorithms. Hashing is an irreversible process, i.e. for an input we can get the output, but with the obtained output we cannot get back the input. Even if an attacker obtains many OTPs, it is of no use as he/she cannot find a pattern to guess the seed used to generate the OTPs. An OTP is valid for a limited time, generally two to fifteen minutes based on the web site’s restrictions. Also in online transactions, while entering an OTP, a user is allowed to make errors only a limited number of times, say twice or thrice, which again adds to its security. A most common way of generating a sequence of OTPs[2] is described in Algorithm 1. Algorithm 1: Conventional OTP Generation Algorithm Note that the weakness of the OTP mechanism lies on the channel used to send the OTP and the security of the device to which the OTP is send. It will be advisable to secure the device with some biometric credentials making it totally safe. 4 Proposed RSA type OTP Generating Algorithm After the invention of public key cryptography, encrypted communication reached the next level. In general, public key cryptography relies on some hard mathematical problems like Integer Factorisation Problem (IFP), Discrete Logarithm Problem (DLP) [3]. As our proposed OTP generation is based on RSA crypto-system, we briefly do a recap of RSA encryption [4]. 4.1 The RSA Algorithm The Rivest-Shamir-Adleman (RSA) algorithm is one of the popular and secure publickey encryption methods. The security of the algorithm relies on the fact that there is no efficient way to factor very large numbers. Using an encryption key (e, N), the algorithm is as follows: Choose two very large prime numbers, p and q; Set N equal to p.q. Choose any large integer, d, such that gcd(d, à ¯Ã‚ Ã‚ ¦(N) ) = 1. Find e such that e.d = 1 (mod à ¯Ã‚ Ã‚ ¦(N)); The encryption key (e,n) is made public. The decryption key d is kept private by the user. Represent the message as an integer between 0 and (N-1). Encrypt the message by raising it to the eth power mod n. The result is the cipher text C. To decrypt the cipher text message C, raise it to the power d mod n 4.2 Proposed OTP Generation Technique: Our proposed algorithm is based on RSA encryption/decryption process and is described in Algorithm 2 below. Algorithm 2: Proposed Algorithm The above procedure can be represented by a schematic diagram as in Fig.1. Fig. 1. Architecture of the Proposed Model 4.3. A Comment on the Selection of N and the Possible Number of OTPs Present day OTPs are of generally 6 digits in length. Hence they can range from 000000 to 999999, totalling to 10,00,000. This is so, as we have 10 choices (numbers 0 to 9) for every digit and hence 10.10.10.10.10.10 = 106 = 10,00,000. If we incorporate a module to condition that the first two most significant digits should be non zero, even then 9.9.10.10.10.10 = 8,10,000 OTPs are available. In our proposed algorithm, if we require 6 digit OTPs, we can select N close to the integer 999999. For example a choice of 991 . 997 = 988027 will be sufficient for our implementation. As the number of bits used to represent a 6 digit decimal number is approximately 20 bits (log2 999999 =19.93156713), we need to select a 20 bit RSA number for our algorithm. Note that, a 20 bit RSA crypto system can be easily broken by the present day computers when e and N are known outside. But here as the attacker does not know N and a, he/she cannot guess the next OTP, which is some random number that lies b etween 1 and N-1.The only information that the attacker can get is the current OTP, which is some 6 digit number. 5. Randomness in the Generation of the OTPs from ZN* Considering the demand for OTPs and the computational expenses of different exponential algorithms, it is advisable to follow a systematic approach for the selection of the random number aà ¯Ã†â€™Ã… ½ {1, 2,†¦ ,N–1} .We propose two convincing methods for the selection of a. 5.1. Linear Feedback Shift Registers (LFSRs): LFSR is a mechanism for generating random numbers based on the initial seed given to it. So if we start with a non-zero 20 bit string, the LFSR can generate all the other 220–1 20-bit strings. We refer to [5] for some basic facts about LFSR. An LFSR of length L consists of L stages 0,1 , †¦ , L-1, each capable of storing one bit and having one input and output and a clock which controls the movement of data. During each unit of time the following operations are performed; (i) the content of stage 0 is output and forms part of the output sequence; (ii) the content of stage i is moved to stage i 1 for each i, 1 ≠¤ i ≠¤ L – 1; (iii) the new content of stage L – 1 is the feedback bit s which is calculated by adding together modulo 2 the previous contents of a fixed subset of stages 0,1, †¦ , L – 1. We note that for an n-bit LFSR connectionpolynomials are available, where à ¯Ã‚ Ã‚ ¦ is the Euler’s totient function. So, for a six digit OTP, i.e. for a 20 bit string, we have = 24,000 choices. With each connection polynomial, we can generate all the 20-bit strings in different random ways. Since we have 24,000choices, we can assign a single connection polynomial for a single customer, and OTPs generated for each customer will be in entirely different pattern. 5.2 Primitive Roots: Another mechanism for generating 6 digit random numbers is by using the concept of primitive roots.We refer [6] for the concepts related to cyclic groups and generators/primitive elements..Let p be a prime number. Consider Zp*. Let gà ¯Ã†â€™Ã… ½ ZP*. As i vary from 0 to p–1, by computing gi mod p, we can generate all elements in Zp*. Here g is called the primitive root/generator of Zp*. As we have selected an RSA number N, which is not a prime number, to follow this kind of random number generation, we can N as a prime number very close to 999999. For example, N = p = 999983 will be sufficient. It is a known result that, if g is a primitive root, then gi is also a primitive root if gcd (i,à ¯Ã‚ Ã‚ ¦(p))=1. Hence we are available with à ¯Ã‚ Ã‚ ¦(à ¯Ã‚ Ã‚ ¦(p)) generators [6]. Hence if N = 999983 (a six digit prime), we have à ¯Ã‚ Ã‚ ¦(à ¯Ã‚ Ã‚ ¦(999983)) =493584 generators which means we have sufficiently large number of primitive roots at our disposal. 6. Computational Complexity and Security of the Proposed Algorithm The proposed algorithm is an RSA-type algorithm which uses modular exponentiation for its computation. The modular exponentiation operation generally consumes a considerable amount of time for large operands as it consists of a series of square-and-multiply operations under a modular value. For a particular user, e will be fixed. Hence the time complexity for ae (mod N) is O(log2e). As RSA is a widely implemented cryptosystem, improvements in modular exponentiation algorithms are evolving very frequently [7]. Though the proposed algorithm uses the concept of RSA with a 20-bit modular (where as the current standard is 256 to 512 bits), since a, e, N are not known publicly we achieve security through obscurity. 7. Conclusions and Future Works In this paper, we have proposed a new method to generate OTPs and discussed the possible ways of implementing it practically. There may exist other novel methods with less time complexity. Incorporating new methods we can design more efficient algorithm for generating OTPs. The possibility of generating alphanumeric OTPs will be also explored, in future. References [1]Bruce Schneier, â€Å"Applied Cryptographyâ€Å", Wiley Publications, 2002. [2] L. Lamport, â€Å"Password authentication with insecure communication,† Communications of the ACM,vol.24,no.11, pp.770-772,1981. [3] Neal Koblitz, â€Å"Towards a Quarter Century of Public Key Cryptography†, A Special Issue of Designs, codes and Cryptography, Vol. 19, No. 2/3, Springer, 2000. [4] Rivest R. L. ,Shamir A.,Adleman L., â€Å"A Method for Obtaining Digital Signatures and Public-key Cryptosystems†, Communications of the ACM, Vol. 21, No. 2, pp. 120-126, 1978. [5] Alfred, J., Van Menezes Paul, C., Oorschot, S., Vanstone, A. â€Å"Handbook of Applied Cryptography† , CRC Press LCC (1996) [6] James K Strayer, â€Å"Elementary Number Theory† ,Waveland Press, 2001. [7] Gueron, Shay and Krasnov, Vlad , â€Å" Software Implementation of Modular Exponentiation, Using Advanced Vector Instructions Architectures† , LNCS Vol. 7369, pp.119-135, Springer, 2012.

Bus405 Final Project

Final Project Ashford University Trena Mealor Dr. James Prentice August 27, 2012 ? Final Project Investing in the total stock market allows an investor to capture the return of the stock market while at the same time diversifying an investment portfolio. The easiest way to build a total stock market portfolio is with a mutual fund or an exchange traded fund. This particular portfolio is diversified with Vanguard ETF’s that were carefully chosen to seek the highest return with moderately aggressive to aggressive risk strategy.The investment strategy associated with this portfolio is short-term with an aggressive attitude of â€Å"more risk more reward†. 7/24 priceInvestment Amount# of Shares8/13 priceValue Vanguard Consumer Discretionary ETF – (VCR)67. 8910000147. 2970971. 7410567. 0932 Vanguard Financial ETF – (VFH)30. 2510000330. 578531. 5810439. 6690 Vanguard Growth ETF – (VUG)66. 9110000149. 454570. 4810533. 5531 Vanguard Information Technology E TF – (VGT)66. 9310000149. 409871. 7710723. 1413 Vanguard Intermediate-Term Corporate Bond ETF – (VGIT)86. 9410000115. 154386. 579968. 9077 50,00052232. 36Exchange Traded Funds, also known as ETFs, are mini-portfolios of securities and derivatives that track an asset like an index and/or commodity. When creating a portfolio, it is important to note that there is a difference between diversifiable risk and market risk. According to Elton (1977), diversifiable risk may be caused by random events that are particular to an individual firm. Since these events are random, the influence of events, such as a lawsuit or strike can be almost eliminated via diversification. However, diversification cannot entirely eliminate market risk. Market risk ffects most firms. Examples of market risk include war, recessions and high interest rates. By researching the portfolio funds, the investor can gain an understanding of risk and how it fits into diversification. A single stock has more risk of not creating a positive return than a stock portfolio. In a market dominated by risk-averse investors, riskier securities must have higher expected returns Ross, Westerfield & Jordan (1993) indicates, the principle of diversification tells us that the spreading of an investment across a number of assets will eliminate some but not all the risk.Unsystematic risk is essentially eliminated by diversification, so a relatively large portfolio has almost no unsystematic risk. Ong (1982) mentions that diversification can reduce the overall portfolio risk. However, the possibility for the risk reduction depends on the correlation coefficient and the proportion of the total funds invested in each. According to Jordan, etal (2012), the benchmark for a well-diversified portfolio would be a portfolio of all stocks in the market. Relevant market risk of the stocks within the portfolio is calculated using a beta coefficient.Accordingly, a stock with a high beta will bring a lot of risk t o the portfolio. The authors further explain, as you calculate the beta for various stocks, you may begin to see groupings of low, average and high beta risk. Beta measures the stock’s risk relative to the stock market average. Calculate the weighted average of these groupings, and you will discover the market risk for the entire portfolio. A â€Å"low† beta is generally 1. 0 or below. The average beta is 1. 00 and assets with a beta greater than 1. 00 have more than average systematic risk.Rosenberg and Guy (1995) further explain the importance of beta as the value of beta measures the expected response to market returns and because the vast majority of returns in diversified portfolios can be explained by their response to the market, an accurate prediction of beta is the most important single element in predicting the future behavior of a portfolio. To the degree that one believes that one can forecast the future direction of market movement, a forecast of beta, by predicting the degree of response to that movement, provides a prediction of the resultant portfolio return.To the degree that one is uncertain about the future movement of the market, the forecast of beta, by determining one's exposure to that uncertainty, provides a prediction of portfolio risk. We begin with the first description of the portfolio. Unlike mutual funds or index baskets, the investor does not have to make multiple transactions in order to achieve a market price. With ETFs it's one trade, one price. The first fund in this portfolio is Vanguard Consumer Discretionary ETF. From July 24, 2012 to August 13, 2012 the value has risen from $67. 9 to $71. 14. The annual investment returns of this ETF are: Annual investment returns as of 12/31/2011 (Vanguard, 2012) Year EndedVanguard Consumer Discretionary ETFSpliced US IMI Consumer Discr 25/50* Capital Return by NAVIncome Return by NAVTotal Return by NAVTotal Return by Market PriceTotal Return 20112. 28%1. 42%3. 71%3. 70%3. 83% 201029. 30%1. 27%30. 57%30. 62%30. 87% The Vanguard Consumer Discretionary ETF is generating 0. 16% of daily returns assuming volatility of 0. 71% on return distribution over 30 days investment horizon.MERGENT online indicates, the one month beta on this investment is 1. 03. This EFT includes stocks of companies that manufacture products and provide services that consumers purchase on a discretionary basis. The following risks are associated with this type of ETF: Stock market risk, Sector risk, Non-diversification and Investment style risk (Vanguard, 2012). Vanguard Consumer Discretionary ETF fund’s manufacturing segment includes the following industries: automotive, household durable goods, textiles and apparel, and leisure equipment.The services segment includes hotels, restaurants and other leisure facilities, media production and services, and consumer retailing. The next fund in this portfolio is Vanguard Financial ETF, which includes stocks of companies that provid e financial services. The investment has a one month beta of 0. 73 which indicates that the investment is 73% less risky than the average. This ETF fund is classified as aggressive is subject to extremely wide fluctuations in share prices.The unusually high volatility associated with these funds may stem from one or more of the following strategies: a concentration of fund holdings in a relatively low number of individual stocks, or in a particular sector of the stock market, or in a particular geographical region of the world; a heavy emphasis on small-capitalization stocks or growth stocks with relatively high market valuations; holdings of international stocks or bonds, which are subject to price declines caused by changes in the value of the U. S. ollar against foreign currencies; or investments in bonds that have exceptionally long average durations, whose prices are highly sensitive to changes in interest rates. According to the Wall Street Journal online, the annual investmen t returns of this ETF: Annual investment returns as of 12/31/2011 (Vanguard, 2012): Year EndedVanguard Financials ETFSpliced US IMI Consumer Discr 25/50* Capital Return by NAVIncome Return by NAVTotal Return by NAVTotal Return by Market PriceTotal Return 2011-16. 04%1. 69%-14. 35%-14. 35%-14. 24% 201013. 15%1. 58%14. 74%14. 77%14. 7% Vanguard Financials ETF seeks to track the investment performance of the MSCI US Investable Market Financials 25/50 Index, a benchmark of large-, mid-, and small-cap U. S. stocks in the financials sector, as classified under the Global Industry Classification Standard (GICS). This GICS sector is made up of companies involved in activities such as banking, mortgage finance, consumer finance, specialized finance, investment banking and brokerage, asset management and custody, corporate lending, insurance, financial investment, and real estate (including REITs).The next ETF in this portfolio is the Moderately-Aggressive Vanguard Growth ETF with a closing p rice of $66. 91 on July 24, 2012 and an ending close of $70. 48 on August 13, 2012. The one month beta on this investment is 0. 99 with a positive strong direction. Annual investment returns as of 12/31/2011 (Vanguard, 2012): Year EndedVanguard Growth ETFMSCI US Prime Market Growth Index* Capital Return by NAVIncome Return by NAVTotal Return by NAVTotal Return by Market PriceTotal Return 20110. 0%1. 27%1. 87%1. 84%1. 96% 201015. 66%1. 46%17. 11%17. 15%17. 23% An investment in this the fund could lose money over short or even long periods. The investor should expect the fund’s share price and total return to fluctuate within a wide range, like the fluctuations of the overall stock market. Vanguard funds classified as moderate to aggressive are broadly diversified but are subject to wide fluctuations in share price because they hold virtually all of their assets in common stocks.In general, such funds are appropriate for investors who have a long-term investment horizon (ten ye ars or longer), who are seeking growth in capital as a primary objective, and who are prepared to endure the sharp and sometimes prolonged declines in share prices that occur from time to time in the stock market. This price volatility is the trade-off for the potentially high returns that common stocks can provide. The level of current income produced by funds in this category ranges from moderate to very low.The type of risks associated with this investment is: stock market risk and investment style risk. The chance that stock prices overall will decline. Stock markets tend to move in cycles, with periods of rising stock prices and periods of falling stock prices. The fund’s target index may, at times, become focused in stocks of a particular sector, category, or group of companies. Because the fund seeks to track its target index, the fund may underperform the overall stock market. The chance that returns from large-capitalization growth stocks will trail returns from the overall stock market.Large-cap stocks tend to go through cycles of doing better—or worse—than other segments of the stock market or the stock market in general. These periods have, in the past, lasted for as long as several years. The next investment in the portfolio is Vanguard information technology ETF. This ETF seeks to track the performance of a benchmark index that measures the investment return of stocks in the information technology sector. With a one month beta of 1. 1, this fund is passively managed, using a full-replication strategy when possible and a sampling strategy if regulatory constraints dictate.Includes stocks of companies that serve the electronics and computer industries or that manufacture products based on the latest applied science. The risk potential for this fund is aggressive, more risk more reward. Annual investment returns as of 12/31/2011 (Vanguard, 2012) Year EndedVanguard Information Technology ETFMSCI US Prime Market Growth Index* Capi tal Return by NAVIncome Return by NAVTotal Return by NAVTotal Return by Market PriceTotal Return 2011-0. 28%0. 80%0. 52%0. 53%0. 66% 201012. 08%0. 66%12. 74%12. 67%12. 99%Vanguard Information Technology ETF is made up of companies in the following three general areas: technology software and services, including companies that primarily develop software in various fields (such as the Internet, applications, systems, databases, management, and/or home entertainment), and companies that provide information technology consulting and services, data processing, and outsourced services; technology hardware and equipment, including manufacturers and distributors of communications equipment, computers and peripherals, electronic equipment, and related instruments; and semiconductors and semiconductor equipment manufacturers.Vanguard Intermediate-Term Corporate Bond ETF which seeks to provide a moderate and sustainable level of current income. Invests primarily in high-quality (investment-gra de) corporate bonds. Moderate interest rate risk, with a dollar-weighted average maturity of 5 to 10 years. Vanguard Intermediate-Term Corporate Bond ETF seeks to track the performance of a market-weighted corporate bond index with an intermediate-term dollar-weighted average maturity. The fund invests by sampling the index, meaning that it holds a range of securities that, in the aggregate, approximates the full index in terms of key risk factors and other characteristics. Annual investment returns as of 12/31/2011 (Vanguard, 2012)Year EndedVanguard Intermediate-Term Corporate Bond ETFMSCI US Prime Market Growth Index* Capital Return by NAVIncome Return by NAVTotal Return by NAVTotal Return by Market PriceTotal Return 20113. 77%4. 17%7. 94%8. 97%8. 03% 20106. 16%4. 48%10. 65%9. 88%10. 80% All of the fund’s investments will be selected through the sampling process and at least 80% of the fund’s assets will be invested in bonds included in the index. The fund maintains a dollar-weighted average maturity consistent with that of the index. An investment in the fund could lose money over short or even long periods. The fund’s performance could be hurt by: Interest rate risk: The chance that bond prices overall will decline because of rising interest rates.Interest rate risk should be moderate for the fund because it invests primarily in intermediate-term bonds, whose prices are less sensitive to interest rate changes than are the prices of long-term bonds. Income risk: The chance that the fund’s income will decline because of falling interest rates. Credit risk: The chance that a bond issuer will fail to pay interest and principal in a timely manner, or that negative perceptions of the issuer’s ability to make such payments will cause the price of that bond to decline. Index sampling risk: The chance that the securities selected for the fund, in the aggregate, will not provide investment performance matching that of the index. In dex sampling risk for the fund should be low. Annual investment returns as of 12/31/2011 (Vanguard, 2012)Year EndedVanguard Intermediate-Term Corporate Bond ETFMSCI US Prime Market Growth Index* Capital Return by NAVIncome Return by NAVTotal Return by NAVTotal Return by Market PriceTotal Return 20113. 77%4. 17%7. 94%8. 97%8. 03% 20106. 16%4. 48%10. 65%9. 88%10. 80% ETFs combine the advantages of both index funds and stocks. They are liquid, easy to use and can be traded in any quantity just like stocks. At the same time an ETF provides the diversification, market coverage and low expenses of an index fund. These characteristics combine to create an investment tool that provides investors with the broad exposure they require, at the level they want; at the moment they need it.As such, they are fast gaining a reputation as an innovative investment solution – a claim greatly supported by the accelerated growth in ETFs. Reference Elton, E, & Gruber, M. (1977), Risk, reduction and portfolio size: an analytical solution. Journal of Business. Vol. 50, 415-437. Hope-Bell, E. (2008). Focus on: Index investing – exchange traded funds – an innovative investment solution. Professional Wealth Management, , 1-n/a. Retrieved from http://search. proquest. com/docview/205081570? accountid=32521 Jordan, B. , Miller, T. , & Dolvin, S. (2012). Fundamentals of investments, valuation andmanagement (6th ed. ). New York, NY: McGraw-Hill. MERGENT Online. Retrieved from http://www. mergentonline. com/companydetail. php? pagetype=highlights&compnumber=116548 Ong, Poh Wah (1982).Measuring the expected return and risk of combining several shares in an investment portfolio. Securities Industry Review. Vol. 8, No I, 6-16. Rosenberg, B. , & Guy, J. (1995). Prediction of beta from investment fundamentals. Financial Analysts Journal, 51(1), 101-101. Retrieved from http://search. proquest. com/docview/219118485? accountid=32521 Ross, S. , Westerfield, W. , & Jordan, B. (199 3). Fundamentals of corporate finance, 2nd ed. , Richard D. Irwin, Inc. https://personal. vanguard. com/us/home Vanguard (2012). Retrieved from https://personal. vanguard. com/us/home Wall Street Journal online. (2012). Retrieved from http://online. wsj. com/home-page

The True Story of Joan/John

There is a fine line between sex and gender. In fact, most probably do not even know that there is even difference between the two! People just assume a boy should act like a boy and a girl should act like a girl. Society forces us to think and behave that way. If you think about it when a baby girl is born everything is pink, but not all girls love the color pink. Society shapes the role of each child based on its biological sex. What happens if you do not behave like your sex is supposed to behave? In the article, â€Å"The True Story of Joan/John,† Joan does not act like the female that her surrounding pushed on her to be.This article tells the story of a man who goes through a long journey of finding himself. John was born male, and then through complications was told he was a female and now he indentifies himself as a male. I cannot comprehend how traumatic these gender and sex changes were on his life. In this one situation it shows how John, who was always told he was a girl, still behaved a like a male because in reality at birth he was. This example makes me think that society plays a part in deciding your gender and who you are. However, John was pushed to behave like a girl. He never did, he wanted to play with the stereotypical â€Å"boy† toys like trucks.Is it possible that your biological sex can determine your gender? Social constructionist is not totally correct or accurate. There are girls that are tomboys and boys that gay or just super feminine. Society cannot always push people in the route that they want them in. A majority of times when an individual, like John, does not conform to society they are ridiculed. Harassment can have many effects and sometimes the effect is not to conform them but it can be as serious as suicide. Society interrupts a child’s growth and individuality. In the case of Joan / John, he was living a â€Å"double life†.He knew at a very young age that something was wrong. He didn’t l ike being put in dresses or playing with dolls. â€Å"Joan† just wasn’t performing like other females her age and just about everyone was noticing that. Social constructionism is pushing John to behave differently than how he wants to behave. In a way society was disturbing his normal growth as a child by changing who he thought he was, his gender identity. In the end, he knew he was a male, which relates back to gender essentialism. Dr. Money definitely took advantage of John’s parents by giving them false knowledge.John’s parents were so uninformed about everything that was going on with John’s situation. Dr. Money was a very strict social constructionist that believed if he told John he was a female then he would be a female. How could Dr. Money, a doctor, think that telling a child that it is a specific sex and that it would grow up believing and acting like that sex? Things just don’t work like that. I think genes and your sex have a bi g part in identifying your gender. Each situation for each child is so incredibly different I find it too extraordinary that society and environment could change the identity of a person.I do not think that gender essentialism or social constructionism is the way, but a balance in between the two. Gender essentialism and social constructionism challenge each other. The two are the extremes of reality. A balance between the two is how people live each and every day. In the situation of John, his life shows a journey through all three ways, gender essentialism, social constructionism and reality. Dr. Money believed in social constructionism, but while John was told he was a female he showed his belief in gender essentialism. He ignored people because he â€Å"knew† something was not right and that he should be a male.Now he lives his life as a male but in what I call â€Å"reality†. He listens to society in some ways but he focuses on being a father and that to him is wh at a male is, a father. The article challenges the two opposing beliefs because no one knows the correct answer. Each person and situation is different. Maybe for some the theory of gender essentialism will push them to be who they truly are, while for others it may be society, the theories of social constructionism. For the rest it is reality, a combination of the two. Works Cited Colapinto, John. â€Å"â€Å"The True Story of Joan/John†. † Rolling Stone 11 Dec. 1997: 54-97. Print.

Online Gaming and Fraud in Massive Multiplayer Online...

1. Online Gaming Security and Fraud Throughout the evolution of gaming, there has been a movement of large communities to online gaming. With that high amount of traffic, these online games have become prime targets for crime to emerge from. Due to the online nature and virtual elements of this kind of community, the most common type of crime committed was theft, followed closely by fraud (Chen 2005). With the increase in online communities from online gaming, businesses have started advertising both to these markets and through them. This has opened up not only the online communities to the threat of fraud, but also those businesses and their competitors. This paper will focus primarily on the Massive Multiplayer Online Role-Playing Game (MMORPG) community, and the ways that fraud is committed in that type of gaming. 2.1 Fraud in MMORPGs Fraud has been influencing MMORPGs and online gaming for years. The world of online has moved from being a software license industry to an uplink time payment model due to illegal sharing and software copying (Chen 2005). With the move to subscription based gameplay, in game items now have a monetary value due to the growth of economies that trade the virtual game money or items for real world currency (Chen 2005). Throughout the MMORPGs there has been a trend of criminals targeting the users of these online games for purposes of theft and fraud, especially when it comes to the in game currencies and identities. According to a study