CSI 12 Tim
CSI 12 Tim
SECURITY AND
ETHICAL ISSUES
MON THU
Topic: AI
Topic: Security & Ethical
Week 09
Issues (cont.) Lab 2 (on CMS)
3
CONTENT
• Introduction
• Confidentiality
• Ethical Principles
• Privacy
• Hackers
4
Objectives
• Show how confidentiality can be achieved using symmetric-key and asymmetric-key cipher.
• Discuss other aspects of security: message integrity, message authentication, digital signature, entity authentication, and
key management.
• Distinguish between physical and intellectual property and list some types of intellectual property.
• Give the definition of a computer crime and discuss types of attacks, motivation for attacks, and how to protect against
attacks.
• Introduction
• Confidentiality
• Ethical Principles
• Privacy
• Hackers
6
INTRODUCTION
• We are living in the information age. We need to keep information about every
aspect of our lives. Thus, information is an asset that has a value like any other
asset. As an asset, information needs to be secured from attacks.
7
SECURITY GOALS
• Confidentiality
o The most common aspect of InfoSec – protect our confidential information
o Storage & Transmission of information
• Integrity
o Information needs to be changed constantly
o Integrity = changes need to be done only by authorized entities & through
authorized mechanisms
• Availability
o The information created and stored by an organization needs to be available to
authorized entities.
o Information is useless if it is unavailable – as harmful as a lack of the two above
8
ATTACKS
ITU-T defines some security services to achieve security goals and prevent attacks. Each
of these services is designed to prevent one or more attacks while maintaining security
goals. Two techniques are below:
Cryptography (general) Steganography (specific)
Although in the past cryptography referred The word steganography, with origins in
only to the encryption and decryption of Greek, means ‘covered writing’, in contrast
messages using secret keys. to cryptography, which means ‘secret
writing’..
11
CONTENT
• Introduction
• Confidentiality
• Ethical Principles
• Privacy
• Hackers
12
Cipher classification
Ciphers
Symmetric- Asymmetric
Hashing
key -key
Traditional Modern
Cipher classification 13
SYMMETRIC-KEY CIPHERS
A symmetric-key cipher uses the same key for both encryption and decryption,
and the key can be used for bidirectional communication, which is why it is called
symmetric.
• Symmetric-key encipherment uses a single key for both encryption and decryption.
Symmetric-key
Traditional Modern
q Substitution (Monoalphabetic, Polyalphabetic)
q Transposition
15
SYMMETRIC-KEY CIPHERS (cont.): Traditional symmetric-key
Mono-alphabetic
q Substitution
Poly-alphabetic
replaces one
Traditional
symbol w/ another
symmetric-
key ciphers
q Transposition
reorders symbols
16
SYMMETRIC-KEY CIPHERS (cont.): Traditional symmetric-key
• A substitution cipher replaces one symbol with another. If the symbols in the
plaintext are alphabetic characters, we replace one character with another.
o For example, we can replace letter A with letter D and letter T with letter Z.
If the symbols are digits (0 to 9), we can replace 3 with 7 and 2 with 6.
17
SYMMETRIC-KEY CIPHERS (cont.): Traditional symmetric-key
Example: Use the additive cipher with key = 15 to encrypt the message 'hello'
18
SYMMETRIC-KEY CIPHERS (cont.): Traditional symmetric-key
Example: autokey cipher with initial key value k1 = 12, msg = 'attack is today'
19
SYMMETRIC-KEY CIPHERS (cont.): Traditional symmetric-key
Mono-alphabetic
q Substitution
Poly-alphabetic
replaces one
Traditional
symbol w/ another
symmetric-
key ciphers
q Transposition
reorders symbols
20
SYMMETRIC-KEY CIPHERS (cont.): Traditional symmetric-key
1.1.2. Transposition
ciphers
A transposition cipher
does not substitute one
symbol for another;
instead it changes the
location of the symbols.
• Stream cipher: In a stream cipher, encryption and decryption are done one symbol (such
as a character or a bit) at a time. We have a plaintext stream, a ciphertext stream, and a
key stream. Call the plaintext stream P, the ciphertext stream C, and the key stream K:
• Block ciphers: In a block cipher, a group of plaintext symbols of size 𝑚 (𝑚 > 1) are
encrypted together, creating a group of ciphertext of the same size. In a block cipher, a
single key is used to encrypt the whole block even if the key is made of multiple values. In
a block cipher, a ciphertext block depends on the whole plaintext block.
22
SYMMETRIC-KEY CIPHERS (cont.): Modern symmetric-key
23
SYMMETRIC-KEY CIPHERS (cont.): Modern symmetric-key
Ciphers
Symmetric- Asymmetric
Hashing
key -key
Traditional Modern
Cipher classification 26
ASYMMETRIC-KEY CIPHERS
Symmetric-key Asymmetric-key
Based on sharing secrecy Based on personal secrecy
Symbols are permuted or substituted Numbers are manipulated
• One of the common public-key algorithms is the RSA cryptosystem, named for its
inventors (Rivest, Shamir, and Adleman).
and
ϕ = (𝑝 − 1)×(𝑞 − 1)
Such that
e×𝑑 mod ϕ = 1
• Introduction
• Confidentiality
• Ethical Principles
• Privacy
• Hackers
30
OTHER ASPECTS OF SECURITY
31
OTHER ASPECTS: MESSAGE INTEGRITY
Figure 12.8. Message & digest
• The message should be unchanged.
• Message & message digest: A
cryptographic hash function creates a
compressed image of the message,
called a digest.
• A digital signature needs a public-key system. The signer signs with her private key; the
verifier verifies with the signer’s public key.
• A cryptosystem uses the private and public keys of the receiver; a digital signature
uses the private and public keys of the sender.
• A digital signature can directly provide message authentication, message integrity, and
non-repudiation (with the help of a trusted third party).
• Verification Categories:
o Something known: password, PIN, secret key
o Something possessed: passport, driver’s license, credit card, ID card
o Something inherent: conventional signatures, fingerprints, voice, facial
characteristics, retinal pattern, and handwriting
36
OTHER ASPECTS: KEY MANAGEMENT
37
OTHER ASPECTS: KEY MANAGEMENT
Symmetric-key distribution:
• A session symmetric key between two
parties is used only once.
Public-key distribution:
• In public-key cryptography, everyone has
access to everyone’s public key; public
keys are available to the public.
a. Traffic analysis
b. Denial of service
c. Masquerading
d. Snooping
39
Question
a. Replaying
b. Denial of service
c. Modification
d. Snooping
40
Question
41
Question
42
Question
a. Asymmetric-key
b. Public-key
c. Open-key
d. Symmetric-key
43
Question
44
Question
45
Question
46
Question
47
Question
48
Question
49
CONTENT
• Introduction
• Confidentiality
• Ethical Principles
• Privacy
• Hackers
51
ETHICAL PRINCIPLES
• One of the ways to evaluate our responsibility towards the rest of the world when
using a computer is to base our decisions on ethics.
• Ethics is a very complex subject that would take several books to describe in detail. In
this chapter, we discuss only three principles that can be related to our goal.
Moral Rules
Ethical
Principles Utilization
Social Contract
• The second theory of ethics is related to the consequences of the act. An act is
ethical if it results in consequences which are useful for society.
The second principle of ethics says that an act is ethical if it brings about a good result.
54
SOCIAL CONTRACT
• Introduction
• Confidentiality
• Ethical Principles
• Hackers
56
PRIVACY: Introduction
• Data privacy is the concept of giving consumers control over how their
personal data is accessed, used, or shared. This personal data includes your
name, location, birthday, bank account information, and online activity.
57
PRIVACY: Introduction
58
PRIVACY: Why Data Privacy is important?
59
PRIACY: Non-Disclosure Agreement
• Essentially, an NDA is a legally binding contract between parties that requires them to
keep certain information confidential.
• Introduction
• Confidentiality
• Ethical Principles
• Hackers
61
HACKERS: Introduction
• The word hacker today has a different meaning than when it was used in the past.
Previously, a hacker was a person with a lot of knowledge who could improve a
system and increase its capability.
• Today, a hacker is someone who gains unauthorized access to a computer
belonging to someone else in order to copy secret information.
• Black Hat Hacker. Basically, these are the "bad guys". They are the types of hackers who break
into computer networks with purely negative motives such as monetary gain or reputation.
• White Hat Hacker. As opposed to the black hat, these are the "good guys". They are ethical
hackers who create algorithms to break existing internet networks to solve the loopholes in
them.
• Grey Hat Hacker. Basically, these are hackers who exploit the internet systems only to make
public, certain vast datasets of information that would be of benefit to everyone.
• Blue Hat Hacker. In one word, this is the amateur. Usually, their techniques are deployed out
of ill motives such as revenge attacks.
• Red Hat Hacker. The objective of a red hat hacker is to find black hat hackers, intercept and
destroy their schemes.
• Green Hat Hacker. This is the set of individuals who simply want to observe and learn about
the world of hacking. It comprises those who join learning communities to watch videos and
tutorials about hacking.
63
COMMON TYPES OF HACKING
• Hacking for financial gain. Lone black hat hackers as well as hacking collectives are typically
thieves. Their cybercrimes are targeted at either directly stealing money, enabling later theft
via data hijacking, or selling the acquired data to other cybercriminals.
• Corporate espionage. With so many industries as cutthroat as they are, it’s unsurprising that
companies are often willing to get dirty to triumph over the competition. Corporate (or
industrial) espionage is the commercial application of hacking, malware, phishing, and other
unsavory spying techniques to obtain privileged insider information from a business
competitor — aka information hacking.
• State-sponsored hacking. The potential rewards from security hacking can be so great, even
governments want to get in on the party. Countries across the world are constantly playing
games of cat-and-mouse cyber warfare with one another. Everyone knows that everyone
else is doing it, and everyone acts surprised and offended when they get caught.
64