GEN - 235 / CHP.

6 / NOTES

@ anyone access to our private data can use it manipulate our behavior

@ Privacy: The state or condition of being free from public attention to the degree that you
determine.
- almost everything about the individuals’ action are collected.
- all the data collected through > web surfing, purchases, user survey and questionnaires.
- after collecting the data, the data get aggregated by the data brokers.

Risks Associated with Private Data

@Three categories of risks:
- Individual inconveniences and identity theft:
• Used to direct ad marketing campaigns and to impersonate the victim for personal gain
- Associations with groups:
• Use of personal data to place individuals in groups based on similar interests
- Statistical inferences:
• More in-depth than groupings >> ‫بنا ًء ع األشياء اللي احط الها اليك‬

@ Risks Associated with Private Data..

Issue
The data is gathered and kept in secret.
The accuracy of the data cannot be verified.
Identity theft can impact the accuracy of data.
Unknown factors can impact overall ratings.
Informed consent is usually missing or is
misunderstood.
Data is being used for increasingly important
decisions.
Explanation
Users have no formal rights to find out what private
information is being gathered, who gathers it, or how it is
being used.
Because users do not have the right to correct or control
what personal information is gathered, its accuracy may be
suspect. In some cases, inaccurate or incomplete data may
lead to erroneous decisions made about individuals without
any verification.
Victims of identity theft will often have information added
to their profile that was the result of actions by the identity
thieves, and even this vulnerable group has no right to see
or correct the information.
Ratings are often created from combining thousands of
individual factors or data streams, including race, religion,
age, gender, household income, zip code, presence of
medical conditions, transactional purchase information
from retailers, and hundreds more data points about
individual consumers. How these different factors impact a
person’s overall rating is unknown.
Statements in a privacy policy such as “We may share your
information for marketing purposes with third parties” are
not clearly informed consent to freely allow the use of
personal data. Often users are not even asked for
permission to gather their information.
Private data is being used on an ever-increasing basis to
determine eligibility in significant life opportunities, such
as jobs, consumer credit, insurance, and identity
verification.

1
GEN - 235 / CHP.6 / NOTES

@ Protections may be implemented to reduce the risks associated with private data
– Cryptography
– Following best practices
– Organizations that collect private data have responsibilities

Cryptography:
* “Scrambling” data so that it cannot be read.
* The science of transforming information into a secure form so unauthorized persons cannot access
it.

Steganography:
- Hides the existence of data.
- May hide data in the file header fields, between sections of the metadata, or in the areas of the file
that contain the content.
- May use image, audio, or video files.

* Cryptography’s origins date back centuries

 One of most famous cryptographers - Julius Caesar
* Encryption
 Changing the original text into a secret message using cryptography
* Decryption
 Changing the secret message back to its original form

$ Cleartext data
 Data in an unencrypted form
$ Plaintext data
 Cleartext data that is to be encrypted
 Also the result of decryption
$ Plaintext data is input into a cryptographic algorithm
 Consists of procedures based on a mathematical formula used to encrypt and decrypt data

# Key
 A mathematical value entered into the algorithm to produce ciphertext
# Ciphertext
 Encrypted data
# In cryptography
 A unique mathematical key is input into encryption algorithm to “lock down” the data
 Creates ciphertext

+ Plaintext > apply encryption

algorithm with a key to get
a ciphertext.

2
 GEN - 235 / CHP.6 / NOTES

@ Cryptography can provide five basic protections:

– Confidentiality
– Integrity
– Availability
– Authentication
– Nonrepudiation

Characteristic Description Protection

Confidentiality Ensures that only authorized Encrypted information can only

parties can view the information be viewed by those who have
been provided the key.

Integrity Ensures that the information is Encrypted information cannot be

correct and no unauthorized changed except by authorized
person or malicious software has users who have the key.
altered that data

Availability Ensures that data is accessible to Authorized users are provided the
authorized users decryption key to access the
information.

Authentication Provides proof of the genuineness Proof that the sender was
of the user legitimate and not an imposter
can be obtained.

Nonrepudiation Proves that a user performed an Individuals are prevented from

action fraudulently denying that they
were involved in a transaction.

3
GEN - 235 / CHP.6 / NOTES

@ Three broad categories of cryptographic algorithms:

1. Hash algorithms
– Creates a unique “digital fingerprint” of a set of data
– Commonly called hashing
– Fingerprint is called a digest
– Is “one-way” in that its contents cannot be used to reveal the original set of data
– Used primarily for comparison
– Considered secure if it has these characteristics:
 Fixed size, unique, original, and secure

2. Symmetric cryptographic algorithms

 Use the same single key to encrypt and decrypt.
 Designed to encrypt and decrypt cipher text (unlike hashing).
 Also called private key cryptography (uses private key).
 Identical keys are used to encrypt and decrypt.

P.S: Is faster than “Asymmetric”

4
GEN - 235 / CHP.6 / NOTES

3. Asymmetric cryptographic algorithms:

 Also, known as public key cryptography

 Uses two keys instead of one
• One is known as public key and one is known as private key
 Keys are mathematically related
• Public key is known to everyone and can be freely distributed
• Private key is known only to the individual to whom it belongs

@ Important principles regarding asymmetric cryptography:

– Key pairs
• Requires a pair of keys
– Public key
• Do not need to be protected
– Private key
• Should be kept confidential
– Both directions
• Keys can work in both directions (encryption and decryption)

5
 GEN - 235 / CHP.6 / NOTES

@ Digital signature
– An electronic verification of the sender
* A digital signature can:
– Verify the sender
– Prevent the sender from disowning the
message
– Prove the integrity of the message

@ Basis for a digital signature rests on the ability

of asymmetric keys to work in both directions.
@ Steps to send a digitally signed message are
illustrated in Figure 6-6 on the following slide.

@ Asymmetric cryptography practices:

Action Whose key Which key to Explanation

to use use
When an encrypted message is to be
Bob wants to send Alice an Alice’s key Public key sent, the recipient’s, and not the
encrypted message sender’s, key is used.

Alice wants to read an An encrypted message can be read

encrypted message sent by Bob Alice’s key Private key only by using the recipient’s private
key.
Public key to An encrypted message can be read
Bob wants to send a copy to Bob’s key encrypt only by the recipient’s private key.
himself of the encrypted Private key to Bob would need to encrypt it with his
message that he sent to Alice decrypt public key and then use his private key
to decrypt it.
Bob receives an encrypted The recipient’s private key is used to
reply message from Alice Bob’s key Private key decrypt received messages.

Bob wants Susan to read The message should be encrypted with

Alice’s reply message that he Susan’s key Public key Susan’s key for her to decrypt and
received read with her private key.

Bob wants to send Alice a Bob’s private key is used to encrypt

message with a digital Bob’s key Private key the hash.
signature
Because Bob’s public and private keys
Alice wants to see Bob’s digital Bob’s key Public key work in both directions, Alice can use
signature his public key to decrypt the hash.

6
GEN - 235 / CHP.6 / NOTES

Using Cryptography:
@ Encryption through Software , Three different methods :
1- Individual files
2- File system:
> Method used by OSs to store, retrieve, and organize files
3- Whole disk encryption

@ Hardware Encryption:
A) Cannot be exploited like software encryption
B) Cryptography can be embedded in hardware to provide a higher degree of security
– Example: encrypted hardware, based USB devices
P.S : here we aren’t using the software

# Resemble standard USB flash drives with exceptions:

 Will not connect to a computer until correct password has been provided
 All data copied to the drive is automatically encrypted
 External cases are designed to be tamper-resistant
 Administrators can remote control and track activity
 Compromised or stolen drives can be remotely disabled

@ Digital Certificates :
– Technology used to associate a user’s identity to a public key
– Has been “digitally signed” by a trusted third party
– Third party verifies the owner and public key
– Server digital certificates are often issued from a web server to a user’s client
computer
• Can ensure the authenticity of the web server
• Can ensure the authenticity of the cryptographic connection to the web server

Padlock icon and certificate

information

Server digital certificate handshake

7
GEN - 235 / CHP.6 / NOTES

@ Digital Certificates
* Extended Validation SSL Certificate (EV SSL)
I. An enhanced type of server digital certificate
II. Requires more extensive verification
III. Web browsers can visually indicate to users that they are connected to a website that
uses EV SSL
^ Displays the address bar shaded in green along with the site’s name
^ Displays in red if the site is known to be dangerous

@ Privacy Best Practices:

! Use encryption to protect sensitive documents that contain personal information
! Use strong passwords
! Shred financial documents that contain personal information
! Do not carry a Social Security number in a wallet
! Do not provide personal information over the phone
! Keep personal information in a secure location
! Be cautious about what information is posted on social networking sites
! Keep only the last three months of most recent financial statements
! Install antispyware software
! Use a popup blocker
! Control cookies through the web browser
! Use the private browsing option in your browser
! Review the privacy options of the web browser
• Turn on features that will provide the highest level of privacy without negatively
impacting browser
! Turn on Wi-Fi Protected Access 2 (WPA2) Personal on Wi-Fi networks
! Be cautious about granting permission to a website or app request to collect data
! Be sure a padlock and https appear at the beginning of a web address that asks for credit card
numbers or other personal information
! Use common sense

@ Summary:
S Privacy is defined as the state or condition of being free from public attention to the degree
you determine
S Cryptography is the science of transforming information into a secure form so that
unauthorized persons cannot access it
S Cryptography can provide confidentiality, integrity, availability, authenticity, and
nonrepudiation
S Hashing creates a unique digital fingerprint called a digest that represents the contents of
original material
S Cryptography can be applied through either software or hardware
• Hardware encryption cannot be exploited like software cryptography
S There are several best practices users should consider when attempting to protect their
personal information
S Organizations that collect user’s personal data have responsibilities and obligations