1 / 30

Protecting Privacy with Cryptography

Learn about the importance of privacy in the digital age and how cryptography can protect your personal information from unauthorized access and misuse.

patriciaperez
Télécharger la présentation

Protecting Privacy with Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CITA 165 Section 7 Security and Society, Privacy, and Ethics

  2. Credibility of Information • Plagiarism • Fair use • Creative Commons

  3. Manage Your Online Presence • Netiquette • Keep messages short • Avoid sarcasm • Proofread messages • Avoid all caps • Avoid acronyms • Avoid sending a flame—a message that expresses an opinion without holding back any emotion and that may be seen as being confrontational

  4. Recognize the App Culture • Desktop applications • Apps • Mobile apps • Web apps

  5. Privacy • The state or condition of being free from public attention to the degree that you determine • Today, data is collected on almost all actions and transactions that individuals perform • Collected through Web surfing, purchases, user surveys and questionnaires, and other sources • Data is then aggregated by data brokers

  6. Risks Associated with Private Data • Risks fall into three categories: • Individual inconveniences and identity theft • Used to direct ad marketing campaigns and to impersonate the victim for personal gain • Associations with groups • Use of personal data to place individuals in groups based on similar interests • Statistical inferences • More in-depth than groupings

  7. Privacy Protections • Protections may be implemented to reduce the risks associated with private data • Cryptography • Following best practices • Organizations that collect private data have responsibilities

  8. Cryptography / Steganography • Cryptography • “Scrambling” data so that it cannot be read • The science of transforming information into a secure form so unauthorized persons cannot access it • Steganography • Hides the existence of data • May hide data in the file header fields, between sections of the metadata, or in the areas of the file that contain the content • May use image, audio, or video files

  9. Cryptography • Encryption • Changing the original text into a secret message using cryptography • Decryption • Changing the secret message back to its original form

  10. Cryptography • Key • A mathematical value entered into the algorithm to produce ciphertext • Ciphertext • Encrypted data • In cryptography • A unique mathematical key is input into encryption algorithm to “lock down” the data • Creates ciphertext

  11. Cryptography

  12. Cryptography • Cryptography can provide five basic protections: • Confidentiality • Integrity • Availability • Authentication • Nonrepudiation

  13. Cryptography

  14. Cryptography • Three broad categories of cryptographic algorithms: • Hash algorithms • Symmetric cryptographic algorithms • Asymmetric cryptographic algorithms

  15. Hash Algorithms • Creates a unique “digital fingerprint” of a set of data • Commonly called hashing • Fingerprint is called a digest • Is “one-way” in that its contents cannot be used to reveal the original set of data • Used primarily for comparison

  16. Hash Algorithms

  17. Symmetric Cryptographic Algorithms • Use the same single key to encrypt and decrypt • Designed to encrypt and decrypt ciphertext (unlike hashing) • Also called private key cryptography (uses private key) • Identical keys are used to encrypt and decrypt

  18. Symmetric Cryptographic Algorithms

  19. Asymmetric Cryptographic Algorithms • Also known as public key cryptography • Uses two keys instead of one • One is known as public key and one is known as private key • Keys are mathematically related • Public key is known to everyone and can be freely distributed • Private key is known only to the individual to whom it belongs

  20. Asymmetric Cryptographic Algorithms

  21. Asymmetric Cryptographic Algorithms • Important principles regarding asymmetric cryptography: • Key pairs • Requires a pair of keys • Public key • Do not need to be protected • Private key • Should be kept confidential • Both directions • Keys can work in both directions (encryption and decryption)

  22. Digital Signature • An electronic verification of the sender • A digital signature can: • Verify the sender • Prevent the sender from disowning the message • Prove the integrity of the message • Basis for a digital signature rests on the ability of asymmetric keys to work in both directions

  23. Digital Signature

  24. Using Cryptography • Encryption through Software • Three different methods • Individual files • File system • Method used by OSs to store, retrieve, and organize files • Whole disk encryption

  25. Using Cryptography • Hardware Encryption • Cannot be exploited like software encryption • Cryptography can be embedded in hardware to provide a higher degree of security • Example: encrypted hardware, based USB devices

  26. Using Cryptography • Hardware Encryption • Resemble standard USB flash drives with exceptions: • Will not connect to a computer until correct password has been provided • All data copied to the drive is automatically encrypted • External cases are designed to be tamper-resistant • Administrators can remote control and track activity • Compromised or stolen drives can be remotely disabled

  27. Using Cryptography • Digital Certificates • Technology used to associate a user’s identity to a public key • Has been “digitally signed” by a trusted third party • Third party verifies the owner and public key • Server digital certificates are often issued from a web server to a user’s client computer • Can ensure the authenticity of the web server • Can ensure the authenticity of the cryptographic connection to the web server

  28. Using Cryptography

  29. Using Cryptography • Digital Certificates • Extended Validation SSL Certificate (EV SSL) • An enhanced type of server digital certificate • Requires more extensive verification • Web browsers can visually indicate to users that they are connected to a website that uses EV SSL • Displays the address bar shaded in green along with the site’s name • Displays in red if the site is known to be dangerous

  30. Privacy Best Practices • Use encryption to protect sensitive documents that contain personal information • Use strong passwords • Shred financial documents that contain personal information • Do not carry a Social Security number in a wallet • Do not provide personal information over the phone • Keep personal information in a secure location • Be cautious about what information is posted on social networking sites

More Related