Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
6 / NOTES
@ anyone access to our private data can use it manipulate our behavior
@ Privacy: The state or condition of being free from public attention to the degree that you
determine.
- almost everything about the individuals’ action are collected.
- all the data collected through > web surfing, purchases, user survey and questionnaires.
- after collecting the data, the data get aggregated by the data brokers.
1
GEN - 235 / CHP.6 / NOTES
@ Protections may be implemented to reduce the risks associated with private data
– Cryptography
– Following best practices
– Organizations that collect private data have responsibilities
Cryptography:
* “Scrambling” data so that it cannot be read.
* The science of transforming information into a secure form so unauthorized persons cannot access
it.
Steganography:
- Hides the existence of data.
- May hide data in the file header fields, between sections of the metadata, or in the areas of the file
that contain the content.
- May use image, audio, or video files.
$ Cleartext data
Data in an unencrypted form
$ Plaintext data
Cleartext data that is to be encrypted
Also the result of decryption
$ Plaintext data is input into a cryptographic algorithm
Consists of procedures based on a mathematical formula used to encrypt and decrypt data
# Key
A mathematical value entered into the algorithm to produce ciphertext
# Ciphertext
Encrypted data
# In cryptography
A unique mathematical key is input into encryption algorithm to “lock down” the data
Creates ciphertext
2
GEN - 235 / CHP.6 / NOTES
Availability Ensures that data is accessible to Authorized users are provided the
authorized users decryption key to access the
information.
Authentication Provides proof of the genuineness Proof that the sender was
of the user legitimate and not an imposter
can be obtained.
3
GEN - 235 / CHP.6 / NOTES
1. Hash algorithms
– Creates a unique “digital fingerprint” of a set of data
– Commonly called hashing
– Fingerprint is called a digest
– Is “one-way” in that its contents cannot be used to reveal the original set of data
– Used primarily for comparison
– Considered secure if it has these characteristics:
Fixed size, unique, original, and secure
4
GEN - 235 / CHP.6 / NOTES
5
GEN - 235 / CHP.6 / NOTES
@ Digital signature
– An electronic verification of the sender
* A digital signature can:
– Verify the sender
– Prevent the sender from disowning the
message
– Prove the integrity of the message
6
GEN - 235 / CHP.6 / NOTES
Using Cryptography:
@ Encryption through Software , Three different methods :
1- Individual files
2- File system:
> Method used by OSs to store, retrieve, and organize files
3- Whole disk encryption
@ Hardware Encryption:
A) Cannot be exploited like software encryption
B) Cryptography can be embedded in hardware to provide a higher degree of security
– Example: encrypted hardware, based USB devices
P.S : here we aren’t using the software
@ Digital Certificates :
– Technology used to associate a user’s identity to a public key
– Has been “digitally signed” by a trusted third party
– Third party verifies the owner and public key
– Server digital certificates are often issued from a web server to a user’s client
computer
• Can ensure the authenticity of the web server
• Can ensure the authenticity of the cryptographic connection to the web server
7
GEN - 235 / CHP.6 / NOTES
@ Digital Certificates
* Extended Validation SSL Certificate (EV SSL)
I. An enhanced type of server digital certificate
II. Requires more extensive verification
III. Web browsers can visually indicate to users that they are connected to a website that
uses EV SSL
^ Displays the address bar shaded in green along with the site’s name
^ Displays in red if the site is known to be dangerous
@ Summary:
S Privacy is defined as the state or condition of being free from public attention to the degree
you determine
S Cryptography is the science of transforming information into a secure form so that
unauthorized persons cannot access it
S Cryptography can provide confidentiality, integrity, availability, authenticity, and
nonrepudiation
S Hashing creates a unique digital fingerprint called a digest that represents the contents of
original material
S Cryptography can be applied through either software or hardware
• Hardware encryption cannot be exploited like software cryptography
S There are several best practices users should consider when attempting to protect their
personal information
S Organizations that collect user’s personal data have responsibilities and obligations