Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
Human Factors of XR: Using Human Factors to Design XR Systems
CTO Cybersecurity Forum 2013 Atefor Tsefor Conrad
1. BY ATEFOR TSEFOR Conrad, Regional Specialized Officer
PRIVACY AND SECURITY ON
THE INTERNET
CYBER SECURUTY FORUM YAOUNDE-CAMEROON
22-26 APRIL 2013
2. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
OUTLINE
• Introduction
• INTERPOL global complex
for innovation
• Threat assessment
• The Technology
• The Internet and Intranets
• Threats and Responses
• Conclusion
3. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
• Why be concerned about Privacy and Security on
the Internet?
• Internet is simply a way to communicate.
• It was not designed to protect the privacy of the
information transmitted over it.
• Personal computers were designed to meet the
needs of individual users.
• Designed to make information readily available, not
to protect it.
INTRODUCTION
4. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
INTERPOL GLOBAL COMPLEX FOR
INNOVATION
5. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
ROLE OF INTERPOL
• Use of I-24/7 and INTERPOL data bases
• International cooperation
• Technical assistance on request
• Criminal analysis on request
• Sharing of best practices
6. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
• Assess accurately potential threats.
• Invest the resources needed to develop responses
that neutralize them.
• Not all threats can or should be neutralized.
• Threats relating to personal computers and the
Internet include;
THREAT ASSESSMENT
7. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
• Unauthorized snooping,
• Interception of transmission over Internet as EMAIL,
• File tranfers, and www interactions,
• Impersonation (theft of identity).
THREAT ASSESSMENT
(Continuation)
8. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
• ENCRYPTION
• Mathematical process of « scrambling » messages
or files in a way that it can be reversed only with a
specific password.
• XOR function, bit in the key is matched with a bit in
the text.
• An important point about this algorithm:
- knowing the algorithm does not help to decode
the encrypted text.
THE TECHNOLOGY
9. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
THE TECHNOLOGY (continuation)
• Sufficiently long key that consist of random bits,
algorithm nearly unbreakable.
• Available algorithms can be divided into two kinds:
• Weak and
• strong
10. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
« SECRET KEY » ENCRYPTION
• « secret keys « are passwords that must be kept
secret.
• Same key is used to encrypt and decrypt messages.
• Advantage: can be relatively small but difficult to
crack.
• Disadvantage: Hard to share secret keys among all
who need to know.
11. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
« Public key-Private
key »Encryption
• « Public keys » and « Private keys » refer to pairs of
keys derived from prime number mathematics.
• Part of assymetric encryption.
• Messages encrypted with your public key can be
decrypted only with your corresponding private key.
• Messages encrypted with private key can be verified
by decrypting with public key.
12. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
« Public key-Private
key »Encryption(continuation)
• Advantage of assymetric encryption;
• - public key is not a secret
• - private key is secret (protected with secret
password)
• Disadvantages;
• - larger keys required for adequate security
• - must be certain of public keys you use
• - You must keep your private key private
13. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
DIGITAL SIGNATURES
• Variation on encrypting a message with your private
key.
• Mathematical summary of the message is created
and encrypted.
• Anyone with your public key can verify that you
signed the summary.
• Summary can be used to verify that the message
has not been altered since it was signed.
14. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
CERTIFICATES OF AUTHORITY
• Are messages signed digitally by an
independent third party.
• Verify that the person or organization that
sends you the certificate really is who
he/she/it says.
• They serve much like a human notary public.
• Accept certificates of authority only when you
trust them.
15. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
THE INTERNET AND INTRANETS
• Consist of large numbers of interconnected
computers.
• The Internet is international.
• Intranets are the same but connect only computers
in a given organization.
• Computers on an Intranet are not necessarily
connected to the Internet.
17. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
OPERATING SYSTEMS
• Software programs that allow users to do things
with their computer hardware.
• Single-user operating systems (windows 95,
Macintosh)
• Easy to use but offer little or no data security.
• Multi-user operating system (UNIX) offer
considerable security
18. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
FIREWALLS
• Firewall computers have two network cards and
two sets of IP addresses.
• Used to secure Intranets with protected computers
behind the firewall.
• Their IP addresses are secret from the Internet.
• Computers outside the firewall cannot send packets
to them and cannot « sniff » packets that they send.
20. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
NAME SERVERS
• Allow computers to have individual names.
• Names are organized into domains, sub domains,
and so forth.
• Importance of concept of name servers.
21. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
THREATS AND RESPONSES
• The UNIX variants are much resistant to attack by
virus and penetration by amateur crackers than
windows 95 or windows NT.
• « Social engineering » account information and
passwords.
• Separate computers used for Internet access from
computers containing vital information.
• At least 8 character passwords.
22. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
Continuation
• Java Applets and Active X controls.
• Commercial programs are available that
protect user computers against malicious
programs.
• « Virus » and « virus checkers »
• Download programs only from secure sites.
• Web browsers/ proxy servers
(www.anonymizer.com)
23. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
CONCLUSION
« The web is a relatively young community, a
neighborhood where few people lock their
doors. But this community is rapidly growing
into a city. Perhaps it’s time you thought
about installing some locks. »
24. PRESENTATION TITLE – CHANGE IN MASTER SLIDE
THANK YOU FOR YOUR KIND
ATTENTION
Contacts: c.atefor@interpol.int
Tel: +237 77412114
+237 22640266
+237 22060262