chapter 17 (lecture 14) shhh, it's
TRANSCRIPT
![Page 1: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/1.jpg)
Chapter 17(Lecture 14)
Shhh, It's a Secret:Privacy and Digital Security
![Page 2: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/2.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-2
Privacy: Whose Information Is It?
• What is privacy? Examine a transaction of buying Dating for Total Dummies– Information linking the purchase with the customer
• How can the information be used?– Book merchant collecting information is ordinary
business practice
– Book merchant sending advertisements to customer is ordinary business practice
– What about merchant selling information to other businesses?
![Page 3: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/3.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-3
Modern Devices and Privacy
• Modern devices make it possible to violate people's privacy without their knowledge
• In 1890, Brandeis wrote that individuals deserve "sufficient safeguards against improper circulation" of their images
![Page 4: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/4.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-4
Controlling the Use of Information
• Spectrum of control spans four main possibilities:
– No uses. Information should be deleted when the store is finished with it
– Approval or Opt-in. Store can use it for other purposes with customer's approval
– Objection or Opt-out. Store can use it for other purposes if customer does not object
– No limits. Information can be used any way the store chooses
– Fifth possibility is internal use—store can use information to continue conducting business with you
![Page 5: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/5.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-5
A Privacy Definition
• Privacy: The right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude, and their behavior to others
• Threats to Privacy: Government and business
• Voluntary Disclosure: We choose to reveal information in return for real benefits (doctor, credit card company)
![Page 6: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/6.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-6
Fair Information Practices
• OECD (Organization of Economic Cooperation and Development) in 1980 developed the standard eight-point list of privacy principles.– Limited Collection Principle– Quality Principle– Purpose Principle– Use Limitation Principle– Security Principle– Openness Principle– Participation Principle– Accountability Principle
![Page 7: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/7.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-7
Comparing Privacy Across the Atlantic
• U.S. has not adopted OECD principles
• China does not protect privacy
• European Union has European Data Protection Directive (OECD principles)
• EU Directive requires data on EU citizens to be protected at same standard even when it leaves their country
![Page 8: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/8.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-8
US Laws Protecting Privacy
• Privacy Act of 1974 covers interaction with government
• Interactions with business:– Electronic Communication Privacy Act of 1986
– Video Privacy Protection Act of 1988
– Telephone Consumer Protection Act of 1991
– Driver's Privacy Protection Act of 1994
• These all deal with specific business sectors—not an omnibus solution
![Page 9: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/9.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-9
Privacy Principles: European Union
• Two points of disagreement between FTC (US) and OECD (Europe):
– Opt-in/Opt-out• When can an organization use information it collects
for one purpose, for a different purpose?
• Opt-out is US standard except for highly sensitive data; Opt-in is European standard
– Compliance/Enforcement• US has "voluntary compliance," EU has offices to
control data
![Page 10: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/10.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-10
A Privacy Success Story
• Do-Not-Call List
– Telemarketing industry's "self-policing" mechanism required individuals to write a letter or make an on-line payment to stop telemarketing calls
– US government set up Do Not Call List. 80,000,000 households are on the list and telemarketing industry has largely collapsed
![Page 11: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/11.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-11
The Cookie Monster
• Cookie: Record containing seven fields of information that uniquely identify a customer's session on a website. Cookie is stored on customer's hard drive.
• Abuse: Third party cookie– Third party advertisers on web site enter
client/server relationship with customer as page loads
– Advertiser can set cookies, and can access cookies when user views other websites that advertiser uses
![Page 12: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/12.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-12
The Cookie Monster (Cont'd)
• Browser options:– Turn off cookies– Ask each time a server wants to set
a cookie– Accept all cookies
![Page 13: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/13.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-13
![Page 14: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/14.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-14
Identity Theft
• Americans do not enjoy Security Principle
• Identity theft is the crime of posing as someone else for fraudulent purposes
– Using information about person like credit card numbers, social security numbers
![Page 15: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/15.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-15
Managing Your Privacy
• Purchase up-to-date virus checking software
• Adjust your cookie preferences to match your comfort level
• Read the privacy statement of any website you give information to
• Review protections against phishing scams
![Page 16: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/16.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-16
Managing Your Privacy (cont'd)
• Patronize reputable companies for music, software, etc.
• Be skeptical
• Stay familiar with current assaults on privacy
• Lobby for US adoption of Fair Information Practices
![Page 17: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/17.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-17
Encryption And Decryption
• Encryption Terminology– Encryption: Transform representation so it is no
longer understandable
– Cryptosystem: A combination of encryption and decryption methods
– Cleartext or Plaintext: Information before encryption
– Cipher text: Information in encrypted form
– One-way cipher: Encryption system that cannot be easily reversed (used for passwords)
– Decryption: Reversing encryption process
![Page 18: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/18.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-18
![Page 19: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/19.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-19
Logical Operators
AND - The result of an AND operator will be true if and only if all
the inputs are true. - The result of an AND operator will be false if any one of
the inputs is false.OR - The result of an OR operator will be true if any one of the
inputs is true. - The result of an OR operator will be false if and only if all
of the inputs are false.NOT - The NOT operator negates the binary value of the input.
![Page 20: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/20.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-20
Truth Table
Truth Table - Truth table is a tabular form with the binary outputs for all
possible combinations of binary inputs. - To write the table more concisely, we represent true as
“1” and false as “0”.Example
p q p AND q p OR q NOT p NOT q
0 0 0 0 1 1
0 1 0 1 1 0
1 0 0 1 0 1
1 1 1 1 0 0
![Page 21: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/21.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-21
XOR: An Encryption Operation
• Exclusive OR: Interesting way to apply a key to cleartext
• Combines two bits by rule: If the bits are the same, the result is 0; if the bits are different, the result is 1
• XOR is its own inverse
![Page 22: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/22.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-22
Exclusive OR (XOR)-Gate
XOR output is true if the two input are not equalXOR-gate
yy
p
q
p
q
XOR Operation: y = p ⊕ q = p′.q + p. q′
p q p′ q′ p′.q p. q′ p′.q + p. q′ y = p ⊕ qy = p XOR q
0 0 1 1 0 0 0 00 1 1 0 1 0 1 11 0 0 1 0 1 1 11 1 0 0 0 0 0 0
![Page 23: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/23.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-23
Encrypting a Message
• Two students writing messages to each other decide to encrypt them
• Key is 0001 0111 0010 1101
• They use XOR encryption
• First write down ASCII representation of the letters in pairs
• XOR each resulting 16-bit sequence with their key
• If any bit sequence is XORed with another bit sequence and the result is XORed again with the same key, the result is the original bit sequence
• It makes no difference if the key is on the left or right
![Page 24: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/24.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-24
![Page 25: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/25.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-25
Breaking the Code
• Longer text is easier to decode
– Notice what bit sequences show up frequently
– Knowledge of most frequent letters in the cleartext language
• Smarter byte-for-byte substitutions
– Group more than two bytes
– Be sure not to exchange the key over unsecured connection
![Page 26: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/26.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-26
Public Key Cryptosystems
• People who want to receive information securely publish a key that senders should use to encrypt messages
• Key is chosen so only receiver can decode
![Page 27: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/27.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-27
Code Cracker's Problem
• How is it secure when the key is published?
• All that was sent was the remainder
• So how can the receiver decrypt?
![Page 28: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/28.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-28
RSA Public Key Cryptosystem
• Relies on prime numbers
• Any number can be factored into primes in only one way
• Choosing a Key:
– Key has special properties• Must be the product of two different prime numbers,
p and q
• p and q must be about 64 or 65 digits long to produce a 129-digit public key
• p and q must also be 2 greater than a multiple of 3
![Page 29: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/29.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-29
Encrypting a Message
• Divide cleartext into blocks, cube the blocks, divide them by the public key, and transmit the remainders from the divisions
![Page 30: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/30.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-30
The Decryption Method
• Compute the quantity
• If the cipher text numbers C are each raised to the s power, Cs, and divided by the key KR, the remainders are the cleartext
• For quotient c:
– Cs = KR * c + T
![Page 31: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/31.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-31
Summarizing the RSA System
• Three steps:– Publishing
– Encrypting
– Decrypting
• As long as p, q, and s are kept secret, code can't be cracked– If the key is large enough, factoring to find p and q
can't be done in any reasonable amount of time even by software
![Page 32: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/32.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-32
Strong Encryption Techniques
• A communicating party can use the technology to protect their communication so no one else can read it, period
• Government agencies would like this technology kept out of the hands of "bad guys"
• What if cryptography software vendors had to give government a way to break such codes?
![Page 33: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/33.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-33
Strong Encryption Techniques
• Trapdoor Technique:– Way to bypass security while software is
encrypting the cleartext. Send cleartext to law-enforcement officials when cipher text is sent.
• Key escrow:– Require software to register key with a third party,
who holds it in confidence. If there is a need to break the code, the third party provides the key.
• These two schemes could be abused
![Page 34: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/34.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-34
Redundancy Is Very, Very, Very Good
• Precautions against data disasters include backups and system redundancy (having a hot spare up and running)
![Page 35: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/35.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-35
A Fault Recovery Program for Business
• Keep a full copy of everything written on the system as of some date and time—full backup
• Create partial backups—copies of changes since last full backup
• After disaster, start by installing the last full backup copy
• Re-create state of system by making changes stored in partial backups, in order
• All data since last backup (full or partial) will be lost
![Page 36: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/36.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-36
Backing Up a Personal Computer
• How and What to Back Up
– You can buy automatic backup software that writes to zip drive or writeable CD
– For manual backups, you do not have to backup data that
• Can be re-created from some permanent source, like software
• Was saved before but has not changed
• You don’t care about
![Page 37: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/37.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-37
Recovering Deleted Information
• Backups also protect from accidental deletions
• Can save evidence of crime or other inappropriate behavior
• Remember that two copies of email are produced when sender hits send—one in sent mail file and one somewhere else, which the sender probably can't delete
![Page 38: Chapter 17 (Lecture 14) Shhh, It's](https://reader033.vdocuments.mx/reader033/viewer/2022052606/58ec07c51a28abfc158b46fd/html5/thumbnails/38.jpg)
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 17-38
Encrypting and Decrypting
• Original Message: 1 5• ASCII Code: 00110001 00110101• XOR Key: 00010111 00101101• Encrypting Result: 00100110 00011000• Transfer Message: 00100110 00011000• Received Massage: 00100110 00011000• XOR Key: 00010111 00101101• Decrypting Result: 00110001 00110101• Retrieved Message: 1 5