Scribd
Upload
11 views

Security and Privacy: IBU 020 Computer Engineering Orientation

Uploaded by

Prza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
11 views

Security and Privacy: IBU 020 Computer Engineering Orientation

Uploaded by

Prza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 31

IBU

Security and Privacy


International Burch University

IBU 020 Computer Engineering


Orientation

Assoc. Prof. Dr. Zerina Altoka


Summary

 Security
 Privacy
 Basic Terminology
 Methods of Defense
 Defense of Computer System
 Cryptography
Security

 Security is the process, not a final state


 Computer security: field/discipline that uses Information and Communication Technology (ICT)
to control the malicious behavior and intentions
 Information security: field/discipline focused on data protection in Information Systems (IS)
Security

 Malicious behavior includes:


 Fraud
 Spying
 Spamming
 Phishing
 Illegal activities
 Warfare
 Vandalism
 Etc...
Security

 In the context of computers, security generally means three things:


 Confidentiality
 Limit the access to systems or data only to authorized parties; prevent unauthorized disclosure of
information
 Integrity
 Data cannot be modified in unauthorized manner; make sure that data hasn‘t been changed

 Availability
 Make sure that the content/data is available when needed to authorized users
Security and Reliability

 A secure system is one you can rely on to (for example):


 Keep your personal data confidential
 Allow only authorized access or modifications to resources
 Give you correct and meaningful results
 Give you correct and meaningful results when you want them
Privacy

 One good definition of privacy is „informational self-determination“


 you get to control information about you

 The privacy is the right of every person to control his/her personal data/information
Privacy

 “Control” means many things:


 Who gets to see it
 Who gets to use it
 What they can use it for
 Who they can give it to
 etc.
Security vs Privacy

 Privacy and security are related.


 Privacy relates to any rights you have to control your personal information and how it’s
used.
 Think about those privacy policies you’re asked to read and agree to when you download new
smartphone apps.
 Security, on the other hand, refers to how your personal information is protected. Your data
— different details about you — may live in a lot of places.
Security vs Privacy

 That can challenge both your privacy and your security.


 Some people regard privacy and security as pretty much the same thing. That’s because the
two sometimes overlap in a connected world. But they aren’t the same, and knowing how
they differ may help you to protect yourself in an increasingly connected world.
Security vs Privacy

 E.g. you might share personal information with your bank when you open a checking
account. What happens after that? Here are three possible outcomes, all related to your
personal information:
 Your privacy and security are maintained. The bank uses your information to open your account
and provide you products and services. They go on to protect that data.
 Your privacy is compromised, and your security is maintained. The bank sells some of your
information to a marketer. Note: You may have agreed to this in the bank’s privacy disclosure.
The result? Your personal information is in more hands than you may have wanted.
 Both your privacy and security are compromised. The bank gets hit by a data breach.
Cybercriminals penetrate a bank database, a security compromise. Your information is exposed
and could be sold on the dark web. Your privacy is gone. You could become the victim of cyber
fraud and identity theft.
Basic Terminology

 Assets: Things we might want to protect, such as:


 Hardware
 Software
 Data
Basic Terminology

 Vulnerabilities: Weaknesses in a system that may be able to be exploited in order to cause


loss or harm
 a file server that doesn't authenticate its users
Basic Terminology

 Threats: A loss or harm that might befall a system


 users' personal files may be revealed to the public
 There are four major categories of threats:
 Interception
 Interruption
 Modification
 Fabrication
Basic Terminology

 Attack: An action which exploits a vulnerability


 telling the file server you are a different user in an attempt to read or modify their files
Basic Terminology

 Control: Removing or reducing a vulnerability


 You control a vulnerability to prevent an attack and block a threat
Methods of Defense

 How can we defend against a threat?


 Prevent it: block the attack
 Deter it: make the attack harder or more expensive
 Deflect it: make yourself less attractive to attacker
 Detect it: notice that attack is occurring (or has occurred)
 Recover from it: mitigate the effects of the attack
Defense of Computer System

 Cryptography
 Protecting data by making it unreadable to an attacker
 Authenticating users with digital signatures
 Authenticating transactions with cryptographic protocols
 Ensuring the integrity of stored data
 Aid customers' privacy by having their personal information automatically become unreadable
after a certain length of time
Defense of Computer System

 Software Controls
 Passwords and other forms of access control
 Operating systems - separate users' actions from each other
 Virus scanners for some kinds of malware
 Personal firewalls that run on your desktop
Defense of Computer System

 Hardware Controls
 Fingerprint readers
 Smart tokens
 Firewalls
 Intrusion detection systems
Cryptography

 Cryptology – scientific field of creating and decrypthing secret codes/kleys


 Cryptography – creating secret keys
 Cryptoanalysis – decrypting secret keys

 Cipher or cryptosystem is used for encrypting the plaintext


 The result of this process is ciphertext
 Decrypting is the process of creating plaintext from ciphertext
Cryptography

 The key is used for cryptosystem configuration

 Cryptography is used in many applications like banking transactions cards, computer


passwords, and e- commerce transactions.
 Three types of cryptographic techniques used in general.
 Symmetric-key cryptography
 Hash functions.
 Public-key cryptography
Cryptography

 Symmetric-key Cryptography:
 Both the sender and receiver share a single key.
 The sender uses this key to encrypt plaintext and send the cipher text to the receiver.
 On the other side the receiver applies the same key to decrypt the message and recover the plain
text.
Cryptography

 Symmetric-key Cryptography:
Cryptography

 Symmetric-key Cryptography:
 Famous algorithms are
 DES 56 bits,
 Triple DES 112 bits,
 AES (Rijndael algoritam) 128, 192 and 256 bits
 IDEA
 Blowfish
 RC6
 TEA
Cryptography

 Public-Key Cryptography:
 two related keys (public and private key) are used.
 Public key may be freely distributed, while its paired private key, remains a secret.
 The public key is used for encryption and for decryption private key is used.
Cryptography

 Public-Key Cryptography:
Cryptography

 Public-Key Cryptography:
 Famous algorithms:
 DSA
 RSA (Rivest, Shamir, Adleman)
 PGP
 GNUPG (GNU Privacy Guard)
Cryptography

 Hash Functions:
 No key is used in this algorithm.
 A fixed-length hash value is computed as per the plain text that makes it impossible for the
contents of the plain text to be recovered.
 Hash functions are also used by many operating systems to encrypt passwords.
Cryptography

 Cryptography Applications:
 Email encryption
 File encryption
 Disc encryption
 Network traffic protection
 Database protection

You might also like