Chapter 17 Shhh, It's a Secret: Privacy and Digital Security.

Slides:



Advertisements
Similar presentations
Automated Payment System. Benefits There is minimal training needed No expensive equipment necessary You can maintain your existing banking relationship.
Advertisements

Learning Objectives Explain the meaning of privacy; discuss the issues surrounding privacy of information List and explain the meaning of the OECD Fair.
Section 3.8: More Modular Arithmetic and Public-Key Cryptography
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
Netiquette Rules.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Electronic Transaction Security (E-Commerce)
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Privacy and Digital Security Shhh, It’s a Secret lawrence snyder c h a p.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
Chapter 17 (Lecture 14) Shhh, It's a Secret: Privacy and Digital Security.
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Computer and Ethics. Ethical Problems Proliferation of computers and their networks have created new ethical problems The ACM has issued a Code of Ethics.
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Internet safety By Lydia Snowden.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Lecture # 34 Privacy and Security. Passwords Spam Scams Viruses and Worms (Malware) Intellectual Property and Copyright Cookies Encryption Back-Ups.
Chapter 11 Security and Privacy: Computers and the Internet.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Learning Objectives Explain the meaning of privacy; discuss the issues surrounding privacy of information List and explain the meaning of the OECD Fair.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Cyber Crimes.
Test Your Tech The dangers of phishing include A. Sharp hooks and nightcrawlers. B. Credit-card fraud at a look-alike Web site that mimics your bank. C.
Shhh, It's a Secret: Privacy and Digital Security
Encryption Encryption encodes information to hide it from everyone else … maintaining your privacy.
Security Chapter 8 Objectives Societal impact of information and information technology –Explain the meaning of terms related to computer security and.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.
Spring Term 2011 Washington College Professor Suydam Week 13 Final Project Preparation & Privacy.
Staying Safe Online Aberdeen Grammar School. Things to do online Keep in touch with friends and family using , twitter and social networking sites.
E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.
E-commerce Vocabulary Terms By: Laura Kinchen. Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the.
Digital Citizenship Project.  The etiquette guidelines that govern behavior when communicating on the internet have become known as netiquette.
Privacy CSC385 Kutztown University Fall 2009 Oskars J. Rieksts.
Created by, Author Name, School Name—State FLUENCY WITH INFORMATION TECNOLOGY Skills, Concepts, and Capabilities.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Safeguarding Your Privacy Section 1.3. Safeguarding Your Privacy 1. What is Identity Theft? 2. Research a story on identity theft and be prepared to report.
Digital Citizenship Created By: Kelli Stinson June 2011.
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
The Internet. 2 So what is the internet? The internet is global network that connects most of the world’s personal computers. The World Wide Web is a.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
3.05 Protect Your Computer and Information Unit 3 Internet Basics.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Digital Citizenship By Lisa Brackett ED 505. Netiquette on Social Media Sites What is it? “Netiquette is the etiquette guidelines that govern behavior.
CSCI-235 Micro-Computers in Science Privacy & Security.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.
Privacy CSC385 Kutztown University Fall 2009 Oskars J. Rieksts.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Privacy and Digital Security Shhh, It’s a Secret lawrence snyder c h a p.
Digital Privacy and Intellectual Property Dr. Nazli Hardy Partially adapted from Fluency with Information Technology, Lawrence SnyderMillersville University:
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
DIGITAL FOOTPRINTS 11 TIPS FOR MONITORING YOUR DIGITAL FOOTPRINT AND 5 TIPS TO MAKE IT POSITIVE.
Learning Objectives Explain the meaning of privacy; discuss the issues surrounding privacy of information List and explain the meaning of the OECD Fair.
Unit 4 IT Security.
Chapter 13: Shhh, It's a Secret: Privacy and Digital Security
Chapter 12 & 13: Privacy, Security and Polite Society
Fluency with Information Technology Lawrence Snyder
Presentation transcript:

Chapter 17 Shhh, It's a Secret: Privacy and Digital Security

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Privacy: Whose Information Is It? What is privacy? Examine a transaction of buying Dating for Total Dummies –Information linking the purchase with the customer How can the information be used? –Book merchant collecting information is ordinary business practice –Book merchant sending advertisements to customer is ordinary business practice –What about merchant selling information to other businesses?

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Modern Devices and Privacy Modern devices make it possible to violate people's privacy without their knowledge In 1890, Brandeis wrote that individuals deserve "sufficient safeguards against improper circulation" of their images

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Controlling the Use of Information Spectrum of control spans four main possibilities: 1.No uses. Information should be deleted when the store is finished with it 2.Approval or Opt-in. Store can use it for other purposes with customer's approval 3.Objection or Opt-out. Store can use it for other purposes if customer does not object 4.No limits. Information can be used any way the store chooses 5.Fifth possibility is internal use—store can use information to continue conducting business with you

Copyright © 2006 Pearson Addison-Wesley. All rights reserved A Privacy Definition Privacy: The right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others Threats to Privacy: Government and business Voluntary Disclosure: We choose to reveal information in return for real benefits (doctor, credit card company)

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Fair Information Practices OECD (Organization of Economic Cooperation and Development) in 1980 developed the standard eight-point list of privacy principles. –Limited Collection Principle –Quality Principle –Purpose Principle –Use Limitation Principle –Security Principle –Openness Principle –Participation Principle –Accountability Principle

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Comparing Privacy Across the Atlantic U.S. has not adopted OECD principles China does not protect privacy European Union has European Data Protection Directive (OECD principles) EU Directive requires data on EU citizens to be protected at same standard even when it leaves their country

Copyright © 2006 Pearson Addison-Wesley. All rights reserved US Laws Protecting Privacy Privacy Act of 1974 covers interaction with government Interactions with business: –Electronic Communication Privacy Act of 1986 –Video Privacy Protection Act of 1988 –Telephone Consumer Protection Act of 1991 –Driver's Privacy Protection Act of 1994 These all deal with specific business sectors— not an omnibus solution

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Privacy Principles : European Union Two points of disagreement between FTC (US) and OECD (Europe): –Opt-in/Opt-out When can an organization use information it collects for one purpose, for a different purpose? Opt-out is US standard except for highly sensitive data; Opt-in is European standard –Compliance/Enforcement US has "voluntary compliance," EU has offices to control data

Copyright © 2006 Pearson Addison-Wesley. All rights reserved A Privacy Success Story Do-Not-Call List –Telemarketing industry's "self-policing" mechanism required individuals to write a letter or make an on-line payment to stop telemarketing calls –US government set up Do Not Call List. 80,000,000 households are on the list and telemarketing industry has largely collapsed

Copyright © 2006 Pearson Addison-Wesley. All rights reserved The Cookie Monster Cookie: Record containing seven fields of information that uniquely identify a customer's session on a website. Cookie is stored on customer's hard drive. Abuse: Third party cookie –Third party advertisers on web site enter client/server relationship with customer as page loads –Advertiser can set cookies, and can access cookies when user views other websites that advertiser uses

Copyright © 2006 Pearson Addison-Wesley. All rights reserved The Cookie Monster (Cont'd) Browser options: –Turn off cookies –Ask each time a server wants to set a cookie –Accept all cookies

Copyright © 2006 Pearson Addison-Wesley. All rights reserved

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Identity Theft Americans do not enjoy Security Principle Identity theft is the crime of posing as someone else for fraudulent purposes –Using information about person like credit card numbers, social security numbers

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Managing Your Privacy Purchase up-to-date virus checking software Adjust your cookie preferences to match your comfort level Read the privacy statement of any website you give information to Review protections against phishing scams

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Managing Your Privacy (cont'd) Patronize reputable companies for music, software, etc. Be skeptical Stay familiar with current assaults on privacy Lobby for US adoption of Fair Information Practices

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Encryption And Decryption Encryption Terminology –Encryption: Transform representation so it is no longer understandable –Cryptosystem: A combination of encryption and decryption methods –Cleartext or Plaintext: Information before encryption –Cipher text: Information in encrypted form –One-way cipher: Encryption system that cannot be easily reversed (used for passwords) –Decryption: Reversing encryption process

Copyright © 2006 Pearson Addison-Wesley. All rights reserved

Copyright © 2006 Pearson Addison-Wesley. All rights reserved XOR: An Encryption Operation Exclusive OR: Interesting way to apply a key to cleartext Combines two bits by rule: If the bits are the same, the result is 0; if the bits are different, the result is 1 XOR is its own inverse

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Encrypting a Message Two students writing messages to each other decide to encrypt them Key is They use XOR encryption First write down ASCII representation of the letters in pairs XOR each resulting 16-bit sequence with their key If any bit sequence is XORed with another bit sequence and the result is XORed again with the same key, the result is the original bit sequence It makes no difference if the key is on the left or right

Copyright © 2006 Pearson Addison-Wesley. All rights reserved

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Breaking the Code Longer text is easier to decode –Notice what bit sequences show up frequently –Knowledge of most frequent letters in the cleartext language Smarter byte-for-byte substitutions –Group more than two bytes –Be sure not to exchange the key over unsecured connection

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Public Key Cryptosystems People who want to receive information securely publish a key that senders should use to encrypt messages Key is chosen so only receiver can decode

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Code Cracker's Problem How is it secure when the key is published? All that was sent was the remainder So how can the receiver decrypt?

Copyright © 2006 Pearson Addison-Wesley. All rights reserved RSA Public Key Cryptosystem Relies on prime numbers Any number can be factored into primes in only one way Choosing a Key: –Key has special properties Must be the product of two different prime numbers, p and q p and q must be about 64 or 65 digits long to produce a 129-digit public key p and q must also be 2 greater than a multiple of 3

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Encrypting a Message Divide cleartext into blocks, cube the blocks, divide them by the public key, and transmit the remainders from the divisions

Copyright © 2006 Pearson Addison-Wesley. All rights reserved The Decryption Method Compute the quantity If the cipher text numbers C are each raised to the s power, C s, and divided by the key K R, the remainders are the cleartext For quotient c: –C s = K R * c + T

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Summarizing the RSA System Three steps: –Publishing –Encrypting –Decrypting As long as p, q, and s are kept secret, code can't be cracked –If the key is large enough, factoring to find p and q can't be done in any reasonable amount of time even by software

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Strong Encryption Techniques A communicating party can use the technology to protect their communication so no one else can read it, period Government agencies would like this technology kept out of the hands of "bad guys" What if cryptography software vendors had to give government a way to break such codes?

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Strong Encryption Techniques Trapdoor Technique: –Way to bypass security while software is encrypting the cleartext. Send cleartext to law- enforcement officials when cipher text is sent. Key escrow: –Require software to register key with a third party, who holds it in confidence. If there is a need to break the code, the third party provides the key. These two schemes could be abused

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Redundancy Is Very, Very, Very Good Precautions against data disasters include backups and system redundancy (having a hot spare up and running)

Copyright © 2006 Pearson Addison-Wesley. All rights reserved A Fault Recovery Program for Business Keep a full copy of everything written on the system as of some date and time—full backup Create partial backups—copies of changes since last full backup After disaster, start by installing the last full backup copy Re-create state of system by making changes stored in partial backups, in order All data since last backup (full or partial) will be lost

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Backing Up a Personal Computer How and What to Back Up –You can buy automatic backup software that writes to zip drive or writeable CD –For manual backups, you do not have to backup data that Can be re-created from some permanent source, like software Was saved before but has not changed You don’t care about

Copyright © 2006 Pearson Addison-Wesley. All rights reserved Recovering Deleted Information Backups also protect from accidental deletions Can save evidence of crime or other inappropriate behavior Remember that two copies of are produced when sender hits send—one in sent mail file and one somewhere else, which the sender probably can't delete

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.