Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Privacy and Digital Security Shhh, It’s a Secret lawrence snyder c h a p.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Section 3.8: More Modular Arithmetic and Public-Key Cryptography
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Electronic Transaction Security (E-Commerce)
Chapter 17 (Lecture 14) Shhh, It's a Secret: Privacy and Digital Security.
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 1.
INTERNET and CODE OF CONDUCT
Per Anders Eriksson
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
Lecture # 34 Privacy and Security. Passwords Spam Scams Viruses and Worms (Malware) Intellectual Property and Copyright Cookies Encryption Back-Ups.
Chapter 11 Security and Privacy: Computers and the Internet.
Learning Objectives Explain the meaning of privacy; discuss the issues surrounding privacy of information List and explain the meaning of the OECD Fair.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Cyber Crimes.
Test Your Tech The dangers of phishing include A. Sharp hooks and nightcrawlers. B. Credit-card fraud at a look-alike Web site that mimics your bank. C.
Shhh, It's a Secret: Privacy and Digital Security
Chapter 17 Shhh, It's a Secret: Privacy and Digital Security.
Encryption Encryption encodes information to hide it from everyone else … maintaining your privacy.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.
Chapter 11 Computers and Society, Security, Privacy, and Ethics.
Spring Term 2011 Washington College Professor Suydam Week 13 Final Project Preparation & Privacy.
Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.
E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.
E-commerce Vocabulary Terms By: Laura Kinchen. Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the.
Privacy CSC385 Kutztown University Fall 2009 Oskars J. Rieksts.
Created by, Author Name, School Name—State FLUENCY WITH INFORMATION TECNOLOGY Skills, Concepts, and Capabilities.
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
Internet Safety Internet Safety LPM
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
© 2013 BALANCE / REV0513 Identity Theft Identity theft can be one of the most shocking and upsetting events to ever happen to you. Fortunately, there are.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.
Digital Citizenship By Lisa Brackett ED 505. Netiquette on Social Media Sites What is it? “Netiquette is the etiquette guidelines that govern behavior.
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.
Privacy CSC385 Kutztown University Fall 2009 Oskars J. Rieksts.
Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Privacy and Digital Security Shhh, It’s a Secret lawrence snyder c h a p.
Digital Privacy and Intellectual Property Dr. Nazli Hardy Partially adapted from Fluency with Information Technology, Lawrence SnyderMillersville University:
DIGITAL FOOTPRINTS 11 TIPS FOR MONITORING YOUR DIGITAL FOOTPRINT AND 5 TIPS TO MAKE IT POSITIVE.
Learning Objectives Explain the meaning of privacy; discuss the issues surrounding privacy of information List and explain the meaning of the OECD Fair.
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Protecting Your Credit
Chapter 13: Shhh, It's a Secret: Privacy and Digital Security
Fluency with Information Technology Lawrence Snyder
G061 - Network Security.
Presentation transcript:

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Privacy and Digital Security Shhh, It’s a Secret lawrence snyder c h a p t e r 13

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-2 Privacy: Whose Information Is It? Business transactions expose personal information –Pay by check, credit, debit card –Buy mail order or web transaction –Using “preferred customer” card or number –Buying a product that required registration (warranty, service) Merchant gathers this information –Time, date, place of purchase –Buyer personal information –Price, product id numbers, products bought together

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-3 Privacy: Whose Information Is It? What is privacy? Examine a transaction of buying Dating for Total Dummies –Information linking the purchase with the customer How can the information be used? –Book merchant collecting information is ordinary business practice –Book merchant sending advertisements to customer is ordinary business practice –What about merchant selling information to other businesses?

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-4 Modern Devices and Privacy In the past, violations of privacy were more difficult without a person knowing of it Modern devices make it possible to violate people's privacy without their knowledge In 1890, Brandeis wrote that individuals deserve "sufficient safeguards against improper circulation" of their images

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-5 Controlling the Use of Information Spectrum of control spans four main possibilities: 1.No uses. Information should be deleted when the store is finished with it 2.Approval or Opt-in. Store can use it for other purposes with customer's approval 3.Objection or Opt-out. Store can use it for other purposes if customer does not object 4.No limits. Information can be used any way the store chooses 5.Fifth possibility is internal use —store can use information to continue conducting business with you

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-6 A Privacy Definition Privacy: The right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others Threats to Privacy: Government and business –Regime spying on citizens –Employee surveillance –Use/abuse of transaction information (or citizen records)

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-7 Information Disclosure Voluntary Disclosure: We choose to reveal information in return for real benefits –Tell doctors personal facts for health reasons –Allow credit card companies check records for the convenience of using the card –Allow employers to read , knowing that the computing services allow us to be employed and work efficiently –Give to the government personal records in exchange for benefits of citizenship

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-8 Fair Information Practices OECD (Organization of Economic Cooperation and Development) in 1980 developed the standard eight-point list of privacy principles. –Limited Collection Principle –Quality Principle –Purpose Principle –Use Limitation Principle –Security Principle –Openness Principle –Participation Principle –Accountability Principle

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-9 Fair Information Practices Limited Collection Principle: there are limits to what can be collected, and it must be done with the consent of the subject Quality Principle: personal data collected must be accurate, complete, and up-to- date, and relevant to the purposes for which it is being used Purpose Principle: these purposes should be clearly stated when data is collected, and uses limited to those purposes

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Fair Information Practices Use Limitation Principle: personal data should not be disclosed or used for purposes other than stated, except with the consent of the subject (or as allowed by law) Security Principle: personal data is to be protected by reasonable security measures against disclosure, unauthorized access, misuse, modification, or loss Openness Principle: There should be general openness of policies and practices about data collection, making it possible to know of its existence, kind, and purpose of use, as well as the identity and contact information for the data controller

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Fair Information Practices Participation Principle: an individual should be able to a)determine if the data controller has personal information about him/her b)Discover what the data is in a timely manner, in understandable form, and at reasonable cost If an inquiry is denied the individual should be allowed to find out why and be able to challenge the denial; the individual can also challenge the data itself and if successful, have the data erased, completed, or corrected Accountability Principle: the data controller should be accountable for complying with these principles

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Comparing Privacy Across the Atlantic U.S. has not adopted OECD principles China does not protect privacy European Union has European Data Protection Directive (OECD principles) EU Directive requires data on EU citizens to be protected at same standard even when it leaves their country

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley US Laws Protecting Privacy Privacy Act of 1974 covers interaction with government Interactions with business: –Electronic Communication Privacy Act of 1986 –Video Privacy Protection Act of 1988 –Telephone Consumer Protection Act of 1991 –Driver's Privacy Protection Act of 1994 –Health Insurance Privacy and Accountability Act of 1996 These all deal with specific business sectors—not an omnibus solution

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Privacy Principles: European Union Two points of disagreement between FTC (US) and OECD (Europe): –Opt-in/Opt-out When can an organization take information it collects for one purpose, and use it for a different purpose? Opt-out is US standard except for highly sensitive data; Opt-in is European standard –Compliance/Enforcement US has "voluntary compliance," EU has offices to control data

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley A Privacy Success Story Do-Not-Call List –Telemarketing industry's "self-policing" mechanism required individuals to write a letter or pay an on-line fee to stop telemarketing calls –US government set up Do-Not-Call List. Over 175,000,000 households are on the list and telemarketing industry has largely collapsed

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley The Cookie Monster Cookie: Record containing seven fields of information that uniquely identify a customer's session on a website. Cookie is stored on customer's hard drive. –First field is the server that sent the cookie, the last field is the unique id of the web browsing session FALSE / FALSE CFTOKEN Cookies are used to create an extended session out of the many small client/server interactions involved in Web browsing… –The server can ask for the cookie when you visit the page, and see you are the same user from page to page

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-17

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley The Cookie Monster (cont'd) Abuse: Third-party cookie –Third party advertisers on web site enter client/server relationship with customer as page loads –Advertiser can set cookies, and can access cookies when user views other websites that advertiser uses Browser options: –Turn off cookies, accept none –Ask user each time a server wants to set a cookie –Accept all cookies

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Identity Theft Americans do not enjoy the Security Principle –Those who hold private information are obliged to maintain its privacy against unauthorized access and other hazards Identity theft is the crime of posing as someone else for fraudulent purposes –Using information about person like credit card numbers, social security numbers

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Managing Your Privacy Purchase up-to-date anti-virus/anti-spyware software Adjust your cookie preferences to match your comfort level Read the privacy statement of any website you give information to Review protections against phishing scams

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Managing Your Privacy (cont'd) Patronize reputable companies for music, software, etc. Be skeptical Stay familiar with current assaults on privacy Lobby for US adoption of Fair Information Practices

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Encryption And Decryption Encryption Terminology – Encryption : Transform representation so it is no longer understandable – Cryptosystem : A combination of encryption and decryption methods – Cleartext or Plaintext : Information before encryption – Cipher text : Information in encrypted form – One-way cipher : Encryption system that cannot be easily reversed (used for passwords) – Decryption : Reversing encryption process

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-23

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley XOR: An Encryption Operation Exclusive OR: Interesting way to apply a key to cleartext Combines two bits by rule: If the bits are the same, the result is 0; if the bits are different, the result is 1 XOR is its own inverse (to decrypt back to original text)

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Encrypting a Message Two students writing messages to each other decide to encrypt them Key is They use XOR encryption First write down ASCII representation of the letters in pairs XOR each resulting 16-bit sequence with their key If any bit sequence is XORed with another bit sequence and the result is XORed again with the same key, the result is the original bit sequence It makes no difference if the key is on the left or right

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 17-26

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Breaking the Code Longer text is easier to decode –Notice what bit sequences show up frequently –Knowledge of most frequent letters in the cleartext language in English most common letters are e, t, a, o, … Smarter byte-for-byte substitutions –Group more than two bytes –Be sure not to exchange the key over unsecured connection

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Public Key Cryptosystems People who want to securely receive information publish a key that senders should use to encrypt messages Key is chosen so only the intended receiver can decode

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Code Cracker's Problem How can it be secure when the key is published? All that is sent is the remainder –Bits left over from dividing manipulated data by the key So how can the receiver decrypt?

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley RSA Public Key Cryptosystem Relies on prime numbers Any number can be factored into primes in only one way Choosing a Key (special properties) –Must be product of two unique primes, p and q K R = pq –p and q must be about 64 or 65 digits long to produce a 129-digit public key –p and q must also be 2 greater than a multiple of 3

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Encrypting a Message Divide cleartext into blocks of bits Treat the blocks as binary numbers and cube each block Divide each block by the public key, and keep the remainders Transmit the remainders as the message

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Simple Example (encryption) We will use 6-bit blocks for simplicity Send ****$0.02 as an encrypted message p=5, q=11, Kr = pq = 55 ASCII ASCII grouped in 6-bit blocks Interpret each block as a number T = 10, 34, 40, 42, 10, 34, 16, 48, 11, 35, 0, 50

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Cube each number 1000, 39304, 64000, 74088, 1000, 39304, 4096, , 1331, 42875, 0, Divide each number by the key Kr=55, get remainder 1000 = 55 * = 55 * = 55 * = 55 * = 55 * = 55 * = 55 * = 55 * = 55 * = 55 * = 55 * = 55 * The remainders are used as the cipher text (the message we transmit) C = 10, 34, 35, 3, 10, 34, 26, 42, 11, 30, 0, 40 Simple Example (encryption)

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley The Decryption Method Compute the quantity s = (1/3)(2(p-1)(q-1) + 1) If the cipher text numbers C are each raised to the s power, C s, and divided by the key K R, the remainders are the original cleartext That is, for some quotient c that we don't care about: –C s = K R * c + T (applied to a block)

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Simple Example (decryption) Compute s for our p and q s = (1/3)(2(p-1)(q-1) + 1) = (1/3)(2(5-1)(11-1) + 1) = 27 Cipher text was 10, 34, 35, 3, 10, 34, 26, 42, 11, 30, 0, 40 Take the fourth block, let C = 3 Compute C s = C 27 3^27 = 7,625,597,484,987 Divide this number by the key (55) 3^27 = 55 * 138,647,226, Remainder is what we want… 4 th cipher text block decrypts to 42 (which matches the original plaintext)

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Summarizing the RSA System Three steps: – Publishing : pick p, q that are prime (and 2 larger than a multiple of 3), define key K as p*q; compute s; keep p, q, and s secret, and publish key K – Encrypting : sender uses the public key K to convert plain text to cipher text, transmit the cipher text – Decrypting: receiver uses the secret s (from p, q) to recreate the plain text

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Cracking the Code Decryption requires key K and secret value s Since K is public, you can break the code if you can manage to guess s If you know p and q you can compute s; you can guess the correct p, q if you can factor key K If the key is large enough, factoring to find p and q can't be done in any reasonable amount of time even by supercomputers and cleaver software

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Strong Encryption Techniques RSA is an example of strong encryption A communicating party can use this technology to protect their communication so no one else can read it, period Government agencies would like this technology kept out of the hands of "bad guys" What if cryptography software vendors had to give government a way to break such codes?

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Strong Encryption Techniques Trapdoor Technique: –Way to bypass security while software is encrypting the cleartext. Send cleartext to law- enforcement officials when cipher text is sent. Key escrow: –Require software to register key with a third party, who holds it in confidence. If there is a need to break the code, the third party provides the key. These two schemes could be abused

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Redundancy Is Very, Very, Very Good Data disasters: lightning strikes, floods, earthquake, accidents, aging equipment, virus damage, crime Precautions include file backups and system redundancy (having a hot spare up and running) Backups must be stored in separate location for best protection

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley A Fault Recovery Program for Business Keep a full copy of everything written on the system as of some date and time—full backup Create partial backups—copies of changes since last full backup After disaster, start by installing the last full backup copy Re-create state of system by making changes stored in partial backups, in order All data since last backup (full or partial) will be lost

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Backing Up a Personal Computer How and What to Back Up –You can buy automatic backup software that writes to CD, DVD, network drive, etc. –For manual backups, don’t have to backup data that Can be re-created from some permanent source, like software Was saved before but has not changed You don’t care about –Network backup companies, take information off your PC over the internet and store it on their servers

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Recovering Deleted Information Backups also protect from accidental deletions Can save evidence of crime or other inappropriate behavior Remember that two copies of are produced when sender hits send—one in sent mail file and one somewhere else, which the sender probably can't delete

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Summary Revealing personal information can be beneficial, so the people and organizations that receive the information must keep it private Guidelines for keeping data private have been created by several organizations, including the Organization for Economic Cooperation and Development Guidelines often conflict with the interests of business and government, so some countries have not adopted Much information collected on citizens in the US is not protected by OECD standards due to laws that apply only to specific business sectors or practices

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Much information collected on citizens in the US is not protected by OECD standards due to laws that apply only to specific business sectors or practices There have been long-running negotiations between the EU and the US regarding privacy standards; the dispute’s 2 main sticking points are Opt-in/Opt-out and compliance enforcement The “3 rd party cookie” loophole allows companies to gather information; identity theft is an unresolved problem; the best way to manage privacy in the information age is to have OECD-grade privacy laws Summary

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Public key cryptography (PKC) is a straightforward idea built on familiar concepts Computer scientists have not yet proved the RSA scheme to be invincible, but it can be “made more secure” simply by increasing the size of the key; this greatly increases the problem of finding key prime factors Strong encryption methods worry defense and law enforcement officials; balancing those concerns with the interests of law-abiding citizens has not been resolved File back up is essential; it ensures that your files will survive for a long time even if you don’t want them to Summary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.