Security

avatar
Created by
Julian Galico

Cards (31)

  • Facial recognition is currently being used by other major technology firms and is a key area of research
  • Facebook has a feature where it can automatically detect faces in images, compare it to other members, and suggest tags
  • This feature has to be deliberately enabled by the user following a privacy ruling by the European court, but it is a remarkably accurate tool
  • Facial recognition can also be used in conjunction with existing CCTV systems to help spot wanted criminals
  • Biometric technology
    • It has the potential to be much more secure than conventional passwords as it is very difficult to replicate the data
    • Your biometrics cannot be lost, stolen or forgotten, unlike conventional passwords
    • No one can social engineer your biometric information out of you, short of tricking you into logging in on their behalf
    • It can help speed up conventional queueing systems, such as school canteens or airport queues, by linking your biometrics to your data
  • Disadvantages of biometrics include a lack of reliability under some circumstances
  • Biometrics are not always 100% accurate, especially when the conditions where the metrics are read cannot be controlled
  • People change over time due to ageing, illness and injury
  • A lot of people have privacy concerns with regards to biometric data. They have a concern about how the data will be used and how it can be linked back to other aspects of their lives
  • Using facial recognition can detect which shops we go into in order to target advertising
  • Black hat hackers
    Will break into systems for their own purposes, such as financial gain, political motivation, to test their skills or just for fun
  • White hat hackers

    Will use their skills to break into a system to expose flaws and then advise on how they can be fixed. They will work directly for the company, or be hired by that company, to perform penetration testing
  • Grey hat hackers

    Are white hat hackers who are not directly hired by a company but perform penetration testing anyway to expose flaws. The hope is that they will be hired by the company, but they run the risk of being prosecuted under the Computer Misuse act
  • Penetration testing
    1. Reconnaissance
    2. Scanning
    3. Gaining access
    4. Maintaining access
    5. Clearing tracks
  • The goal of penetration testing is to find flaws in the security in order to exploit them or fix them, depending on who is doing the testing
  • Confidentiality means that only authorized users can view sensitive information
  • Symmetric encryption
    The process of decryption is simply the opposite of the process used to encrypt
  • Symmetric encryption algorithms
    • Quick to set up and easy to execute
    • Every encryption technique created before 1975 was essentially a symmetric technique
    • Very easy for modern computers to crack
  • Asymmetric encryption
    The encryption and decryption keys are different
  • Asymmetric encryption algorithms

    • Almost impossible for computers to crack
    • Nobody had thought of the concept, much less implemented it, until the 20th century
  • Asymmetric encryption requires the creation of a one-way mathematical function, a function that can only be reversed under a single circumstance
  • Whitfield Diffie invented the asymmetric key

    1975
  • Within two years of Diffie's discovery, three American mathematicians, Ron Rivest, Adi Shamir and Leonard Adelman, developed the RSA cipher
  • The RSA cipher went on to become the foundation of all modern encryption techniques
  • RSA cipher
    A type of asymmetric encryption algorithm
  • RSA cipher
    • Charlotte picks two large prime numbers, w and q
    • Charlotte multiplies w and q to get N
    • Charlotte picks another number, e, and publishes e and N as the public key
    • To encrypt a message, it is converted to a number M and then encrypted using the formula C=Me(MOD N)
    • The private key d is calculated by Charlotte using the formula exd 1(MOD(w-1)x (9-1))
    • To decrypt the message, Charlotte uses the formula M=Cd(MOD N)
    • The function can be personalised by choosing w and q, so only the person who knows these values can decrypt the message
  • Example values
    • w=17
    • q=11
    • N=187
    • e=7
    • d=23
  • Exponents in modular arithmetic are one-way functions, so it is incredibly difficult to work backwards to the original message unless you know the private key
  • Diffie released his asymmetric encryption algorithm for free on the internet, which meant that everyone in the world suddenly had access to incredibly strong, military-grade encryption
  • Many governments (not least Diffie's own American government) were deeply upset by Diffie's actions
  • Criteria for a good cipher (according to Claude Shannon)
    • The amount of secrecy should determine the amount of work needed to encrypt and decrypt
    • The cipher must work on all types of data
    • The algorithm should be simple to minimise implementation errors
    • If an error is introduced it should not impact the rest of the message
    • The size of the cipher text should be no larger than the original plain text