Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © Center for Systems Security and Information Assurance Lesson Four Data Privacy and Encryption.

Published bySydney Osborne Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © Center for Systems Security and Information Assurance Lesson Four Data Privacy and Encryption."— Presentation transcript:

1 Copyright © Center for Systems Security and Information Assurance Lesson Four Data Privacy and Encryption

2 Copyright © Center for Systems Security and Information Assurance Lesson Objectives Define the term cryptology and discuss the types and applications of cryptology. Identify the components of a cryptography systems. Identify and discuss common approaches to cryptography. Compare and contrast symmetric and asymmetric encryption. Define the term digital signature and explain its function. Define the term Public-Key Infrastructure and explains it uses. List the most common secure applications and explain there function.

3 Copyright © Center for Systems Security and Information Assurance Protecting Your Personal Information Every day you share personal information about yourself with others It is so routine that you may not even realize you are doing it  write a check at the grocery store,  charge tickets to a ball game,  rent a car,  mail your tax returns,  buy a gift online,  call home on your cell phone,  schedule a doctors appointment  or apply for a credit card.

4 Copyright © Center for Systems Security and Information Assurance Protecting Your Personal Information Each transaction requires you to share personal information:  your bank and credit card account numbers  your income  your Social Security number (SSN)  or your name  address and phone numbers

5 Copyright © Center for Systems Security and Information Assurance What happened with my personal information?  Its important to find out what happens to the personal information you and your children provide to companies, marketers and government agencies.  These organizations may use your information simply to process your order; to tell you about products, services, or promotions; or to share with others.

6 Copyright © Center for Systems Security and Information Assurance Identity Theft – Fastest Growing Crime  Identity thieves, who want your information to commit fraud  Identity theft is the fastest-growing white-collar crime in America  Occurs when someone steals your personal identifying information to  open new charge accounts,  order merchandise  or borrow money  Consumers targeted by identity thieves usually don’t know they’ve been victimized.

7 Copyright © Center for Systems Security and Information Assurance FTC Tips to Avoid Identity Theft  Before you reveal any personally identifying information, find out how it will be used and whether it will be shared with others  Read the privacy policy on any website directed to you or your children  Minimize the identification information and the number of cards you carry to what you’ll actually need

8 Copyright © Center for Systems Security and Information Assurance FTC Tips to Avoid Identity Theft  Don’t put all your identifying information in one holder in your purse, briefcase, wallet or backpack  Keep items with personal information in a safe place  Protect yourself against dumpster diving  Use a secure browser when shopping online to guard  Employ encryption when transferring sensitive or confidential data

9 Copyright © Center for Systems Security and Information Assurance Cryptography The art and science of keeping information secure from unintended audiences, of encrypting it Cryptanalysis The art and science of breaking encoded data Cryptology The branch of mathematics encompassing both cryptography and cryptanalysis Cryptography Plays a crucial role in the transfer of confidential information across local networks and the Internet

10 Copyright © Center for Systems Security and Information Assurance Cryptography Components Encryption Algorithm A set of mathematically expressed processes for encrypting information Ciphertext Encrypted text Plaintext What you have before encryption, and ciphertext is the encrypted result Key Information used to change the operations performed in crypto-equipment for the purpose of encrypting or decrypting electronic signals.

11 Copyright © Center for Systems Security and Information Assurance Cryptography

12 Copyright © Center for Systems Security and Information Assurance Applying Cryptography Encrypts data residing on storage devices or traveling through communication channels to ensure that any illegal access is not successful Secures the process of authenticating different parties attempting any function on the system Presents a party wishing be granted certain functionality on the system a way to prove that they indeed who they say they are Ensures that credentials are only used by their rightful owner

13 Copyright © Center for Systems Security and Information Assurance Principles of Modern Cryptography Emphasis that security should not depend on the secrecy of the encryption method (or algorithm), only the secrecy of the keys Revelation of the secret keys must not occur when plaintext and ciphertext are compared, and no person should have knowledge of the key Execution of today's algorithms are by computers or specialized hardware devices, and in most cases are implemented in computer software

14 Copyright © Center for Systems Security and Information Assurance Symmetric Encryption The message can be encrypted and decrypted using the same key Symmetric encryption is faster compared to asymmetric encryption Both the sender and the recipient must have an access to (same) encryption key (a disadvantage) Secure distribution of the (encryption) key between the parties is required The most commonly used symmetric encryption method is Data Encryption Standard

15 Copyright © Center for Systems Security and Information Assurance Symmetric Encryption

16 Copyright © Center for Systems Security and Information Assurance Asymmetric Encryption Based on the usage of key pairs Exchangeable keys The recipient's private key is only in the recipient's possession, no third party is able to decrypt the message encrypted with the recipient's public key Management of keys is a big advantage Time-consuming Referred to as public key encryption.

17 Copyright © Center for Systems Security and Information Assurance Asymmetric Encryption

18 Copyright © Center for Systems Security and Information Assurance Digitals Signatures Extra data is appended to a message which identifies and authenticates the sender and message data using public- key encryption  The sender uses a one-way hash function to generate a hash-code of about 32 bits from the message data  The sender then encrypts the hash-code with his private key  The receiver re-computes the hash-code from the data and decrypts the received hash with the sender's public key  If the two hash-codes are equal, the receiver can be sure that data has not been corrupted and that it came from the given sender

19 Copyright © Center for Systems Security and Information Assurance Digitals Signatures

20 Copyright © Center for Systems Security and Information Assurance RSA A public key cipher which can be used both for encrypting messages and making digital signatures The company RSA Data Security Inc. takes its name from this algorithm, and has acquired the rights to the patents which cover it

21 Copyright © Center for Systems Security and Information Assurance Public-key Infrastructure ( PKI) Combine software, encryption technologies, and services to enable enterprises to protect the security of their communications and business transactions on the Internet Integrate digital certificates, public-key cryptography, and certificate authorities into a total, enterprise-wide network security architecture

22 Copyright © Center for Systems Security and Information Assurance Virtual Private Network (VPNs) Connect a group of two or more computer systems to a private network with limited public-network access, that communicates securely over a public network, such as the internet Include encryption, authentication of remote users or hosts, and mechanisms for hiding or masking information about private network topology from potential attackers on the public network

23 Copyright © Center for Systems Security and Information Assurance Secure Application Protocols Secure/MIME (S/MIME) A version of the MIME protocol that supports encryption of messages. S/MIME is based on RSA's public-key encryption technology Secure Electronic Transaction (SET) A standard that will enable secure credit card transactions on the Internet Secure Shell (SSH) A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another

24 Copyright © Center for Systems Security and Information Assurance Secure Application Protocols SHTTP An extension to the HTTP protocol to support sending data securely over the World Wide Web IP Security (IPSec) A set of protocols developed by the IETF to support secure exchange of packets at the IP layer

25 Copyright © Center for Systems Security and Information Assurance Exercise 4.1 Using PGP

26 Copyright © Center for Systems Security and Information Assurance Exercise 4.2 Using Token Generator

27 Copyright © Center for Systems Security and Information Assurance Exercise 4.3 VPN Demonstration

28 Copyright © Center for Systems Security and Information Assurance Exercise 4.4 Using SHTTP

29 Copyright © Center for Systems Security and Information Assurance Exercise 4.5 Viewing a Digital Certificate

30 Copyright © Center for Systems Security and Information Assurance Exercise 4.6 Protecting Word Documents

Download ppt "Copyright © Center for Systems Security and Information Assurance Lesson Four Data Privacy and Encryption."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Similar presentations

Ads by Google