Uploaded bymissstevenson01
PPTX, PDF308 views

Security pre

This document discusses security precautions and encryption. It begins by describing encryption as encoding data into another form using a key so that intercepted data is meaningless without decrypting. There are two main encryption methods: symmetric key using the same secret key for encryption and decryption, and asymmetric key using a public/private key pair. Digital certificates and signatures are also discussed as a way to prove digital identity and verify message authenticity. UK computer crime law, the Computer Misuse Act of 1998, is summarized as prohibiting unauthorized computer access, access with criminal intent, and unauthorized/reckless computer impairment.

Embed presentation

Download to read offline
Security Precautions
Learning Intentions By the end of this lesson learners will be able to: ❏ Describe what is meant by Encryption ❏ Discuss the purpose of Digital Certificates and Digital Signatures ❏ Describe the purpose of server side validation of form data
Encryption Encryption is when data is encoded into another form. This means that even if data is intercepted then the data is meaningless until it is deciphered using a key.
How encryption works Lets look at a basic cypher A Caesar(shift) cypher A B C D E F G H I Z A B C D E F G H I J So DAD would be CZC
The Key The key is the secret to encryption Encryption Key Decryption
Encryption There are two main methods to encrypt data Symmetric Key - Secret Key Asymmetric Key - Private key/public key
Symmetric Encryption Data Encryption Standard (DES) was created in 1977 Used a 56 bit key Approx. 72,000,000,000,000,000 combinations (256) Advanced Encryption Standard (AES) Used by the US government Offers 128,192 or 256 bit encryption 2256 combinations (1.15e+77) RSA (Ron Rivest, Adi Shamir and Leonard Adleman) 1024 - 2048 bit
21,024 = 179,769,313,486,231,590,772, 931,...,304,835,356,329,624,22 4,137,216 (309 digits)
22,048 = 32,317,006,071,311,007,300,7 14,...,193,555,853,611,059,596 ,230,656 (617 digits)
Encryption and Digital Rights Management CSS (Content Scramble System) encryption was used as the original Digital Rights Management system on DVD’s in 1996 Used a 40 bit cipher Compromised in 1999
Pros and Cons – Symmetric Encryption ✓ The key doesn’t have to be sent with the message ✓ The system is usually more straight forward/faster ✘ The key has to be installed with the receiver before transmission ✘ If the key is compromised both sent AND received messages can be decyphered For Against
Asymmetric Key Asymmetric Key or public key encryption is when there are two keys. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret and used to decrypt received mesages
Asymmetric Encryption Sender Recipient Plain Plain Ciphertext Encryption Decryption Public Key Private Key Think of the public key as a lock
Which key and when? The sender uses the public key to: Encrypt any messages to recipient The recipient uses the private key to: Decrypt any messages from sender
Pros and Cons – Asymmetric Encryption ✓ The Private key never needs to be distributed ✓ Can be used to implement digital signatures ✘ Is slower than symmetric encryption. ✘ It requires far more processing power to encrypt and decrypt the content of the message. For Against
How do you get the keys? To use asymmetric encryption then there has to be a way to distribute the public keys. And to verify the authenticity of the sender Digital Certificates are a useful tool for this.
Public Key Encryption & Malware Some malware (ransomware) such as CryptoLocker will encrypt the contents of infected machines It uses RSA encryption Will only decrypt the drive once payment has been made The key is held on a private server Further reading: https://traxarmstrong.com/free-tool-remove-cryptorbit-ransomware/#gsc.tab=0
Basic RSA Encryption Example To encrypt a message such as HELLO, we will first turn it into numbers Our public key is 33,3 This consists of two prime numbers H E L L O 8 5 12 12 15
RSA Encryption Example Our public key is 33,3 So we raise the number to the power of 3 Original H E L L O Original 8 5 12 12 15 ^3 512 125 1,728 1,728 3,375
RSA Encryption Example Our public key is 33,3 Then we will perform our number mod 33 (the remainder after dividing by 11) Original H E L L O Original 8 5 12 12 15 ^3 512 125 1,728 1,728 3,375 %33 17 26 12 12 9
RSA Decryption Example Our private key is 33,7 We will raise our number to the power of 7 Original H E L L O Original 8 5 12 12 15 Cipher 17 26 12 12 9 ^7 410338673 8031810176 35831808 35831808 4782969
RSA Decryption Example Our private key is 33,7 Then we will perform our number mod 33 (the remainder after dividing by 11) Original H E L L O Original 8 5 12 12 15 Cipher 8 26 12 12 9 ^7 410338673 8031810176 35831808 35831808 4782969 %33 8 5 12 12 15
WannaCry (2017) Ransomware Sample
How strong is the encryption? The Key size is the size in bits of the key used in the algorithm that encrypts the data Assume that a 40 bit key has been cracked May have been brute forced Then an example 128 bit key may only actually provide 88 bits of encryption
Cracking Encryption 512 bit keys were broken in 1999 Encryption has even been compromised by listening to the sound the CPU makes. It was conducted with one of the co-inventors of the RSA algorithm Further reading: https://www.extremetech.com/extreme/173108-researchers-crack-the-worlds- toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu
Unbreakable codes? There is a lot of research going on into Quantum cryptography Relies on physics and not maths Data is transmitted using light The main theory behind this is that when the light is intercepted then it is changed This uses Heisenberg's uncertainty principle Image CC BY-SA 3.0 BigRiz -en:Wikipedia
Identifying yourself In real life if you are proving your identity you can use multiple forms of ID Passport Drivers License How can prove the identity of senders of emails/providers of websites?
Proving your identity A digital certificate is the digital version of a passport or driving license They are issued by a central certification authority Many digital certificates conform to the X.509 standard. Can contain the following information ❏ Public Key ❏ Owners Name ❏ Expiration and Issuer
Digital Signatures A digital signature is a method of ensuring that a message is authentic (unaltered) 1. You obtain a message hash A mathematical summary of the contents of the message 2. You can encrypt this message hash with your private key 3. This ‘signature’ is attached to a message
Digital Signatures https://www.docusign.co.uk/how-it-works/electronic-signature/digital-signature/digital-signature-faq
How long to crack a digital certificate? https://www.digicert.com/TimeTravel/
Hashing In Feb 2017 - Google broke the SHA1 hashing system Further reading: https://security.googleblog.com/2017/02/announcing-first-sha1- collision.html The computations involved in this was:: ❏ Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total ❏ 6,500 years of CPU computation to complete the attack first phase ❏ 110 years of GPU computation to complete the second phase
Moving on from SHA1 MD5 (1992) produces 128 bit outputs SHA-0 (1993) produces 160 bit outputs SHA-1 (1995) produces 160 bit outputs SHA-2 (2001) produces 224-512 bit outputs Further reading: https://en.wikipedia.org/wiki/Secure_Hash_Algorithms http://borjournals.com/a/index.php/jecas/article/viewFile/1807/1127
At the other side 1. The recipient has to apply the same mathematical hash of the received message 2. The encrypted message hash is then decrypted 3. If both of the hashes match then the message is valid and authentic MD5 Hash Generator: http://www.md5.cz
The Computer Misuse Act - 1998
Computer Misuse Act This has 3 main sections 1. Unauthorised access to computer material. Basic Hacking. Getting access to a system without permission. 2. Unauthorised access with intent to commit or facilitate commission of further offences Helping to commit a crime. 3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc. Expert Hacking. Modification of data without permission, planting viruses, deletion or modification of other users files.
Section 1- Unauthorised access to computer material June 2015 - Norwich Teaching Assistant hacked into the school email system at Ormiston Victory Academy and used pupil's account to send email "There will be a bomb in school Monday". Guilty plea to one count of communicating false information and one count of unauthorised computer access. Sentence: 15 months imprisonment October 2015 Former Met Police detective used Police computer systems for 230 searches between 2009 and 2013 for private use. Sentence: 9 months in prison.
Section 2- Unauthorised access with intent For example, if you penetrated a bank's computer system intending to move £10,000 to another account, you would still be guilty of an offence under section 2. July 2015 Senior Internal Auditor at Morrisons supermarket accessed and uploaded confidential personal data of nearly 100,000 employees to newspaper and data sharing websites. Data breach cost the company more than £2m to rectify. Sentence: 8 years
Aiding a Crime Authorised US American Express credit analyst gained access to unauthorised credit card accounts and PINs. Accomplice Allison used forged Amex cards in London in ATM machines US$ 1M fraud.
Section 3 –Unauthorised or reckless acts A person is guilty of an offence if: he does any unauthorised act in relation to a computer Offences could be: ❏ to impair the operation of any computer; ❏ to prevent or hinder access to any program or data held in any computer ❏ to impair the operation of any such program or the reliability of any such data ❏ to enable any of the things mentioned in the above bullet points
Section 3 –Unauthorised or reckless acts Aug 2015 Revenge attacks by ex-Director on former network security company Esselar and its client Aviva over five months. 900 Aviva employees' phones hacked. Esselar Twitter account defaced. Esselar lost the Aviva contract. Pleaded guilty to four counts of unauthorised or reckless acts with intent to impair computer operation. Actions had "damaged confidence and reputations in a way that can be far-reaching and serious". Sentence: 18 months. Other cases can be found at: http://www.computerevidence.co.uk/Cases/CMA.htm
Subsections Unauthorised acts causing, or creating risk of, serious damage Such as damage to: ❏ human welfare ❏ environment of any place ❏ economy of any country ❏ national security of any country Making, supplying or obtaining articles for use in offence Such as creating software viruses etc.
Penalties Under The Act Gaining unauthorised access (or trying to): Up to 12 months and/or a £5,000 fine Above + intent to commit further offences: Up to 10 years and/or fine Causing unauthorised modifications: Up to 5 years and/or fine
Computer Misuse Act What if your phone’s voicemail was hacked? More cases: http://www.computerevidence.co.uk/Cases/CMA.htm

More Related Content

PDF
How encryption works
byRaxTonProduction
 
PPT
Information Security
byPresentaionslive.blogspot.com
 
PPTX
Unit 7 : Network Security
byChandan Gupta Bhagat
 
PPT
Cryptography
byamiable_indian
 
PDF
International Journal of Engineering Research and Development (IJERD)
byIJERD Editor
 
PPT
IS Security Presentation
byRenjith K P
 
PDF
CGI White Paper - Key Incryption Mechanism
byAmit Singh
 
PPT
Introduction to Digital signatures
byRohit Bhat
 
How encryption works
byRaxTonProduction
 
Information Security
byPresentaionslive.blogspot.com
 
Unit 7 : Network Security
byChandan Gupta Bhagat
 
Cryptography
byamiable_indian
 
International Journal of Engineering Research and Development (IJERD)
byIJERD Editor
 
IS Security Presentation
byRenjith K P
 
CGI White Paper - Key Incryption Mechanism
byAmit Singh
 
Introduction to Digital signatures
byRohit Bhat
 

What's hot

PPTX
Cryptography and Encryptions,Network Security,Caesar Cipher
byGopal Sakarkar
 
PPTX
Basic concept of pki
byPrabhat Goel
 
PPTX
Digital certificates
byBuddhika Karunanayaka
 
PPTX
Cryptographic tools
byCAS
 
PDF
Network security & cryptography full notes
bygangadhar9989166446
 
PPTX
Unit 1 Introducation
byTushar Rajput
 
PPTX
Public key Cryptography & RSA
byAmit Debnath
 
PDF
Encryption and Key Distribution Methods
byGulcin Yildirim Jelinek
 
DOCX
network security
byBishalWosti1
 
PPSX
Web security for e-commerce
byNishant Pahad
 
PPTX
Key distribution code.ppt
byPrabhat Kumar
 
PDF
Ijtra150171
byInternational Journal of Technical Research & Application
 
PPT
Digital signature
byAJAL A J
 
DOCX
Cryptography
byVishalya Dulam
 
PPT
Public Key Cryptography
byanusachu .
 
PPT
Network Security
byRamasubbu .P
 
ODP
Network Security
byhj43us
 
DOC
Social Engg. Assignment it17 final (1)
byrosu555
 
Cryptography and Encryptions,Network Security,Caesar Cipher
byGopal Sakarkar
 
Basic concept of pki
byPrabhat Goel
 
Digital certificates
byBuddhika Karunanayaka
 
Cryptographic tools
byCAS
 
Network security & cryptography full notes
bygangadhar9989166446
 
Unit 1 Introducation
byTushar Rajput
 
Public key Cryptography & RSA
byAmit Debnath
 
Encryption and Key Distribution Methods
byGulcin Yildirim Jelinek
 
network security
byBishalWosti1
 
Web security for e-commerce
byNishant Pahad
 
Key distribution code.ppt
byPrabhat Kumar
 
Ijtra150171
byInternational Journal of Technical Research & Application
 
Digital signature
byAJAL A J
 
Cryptography
byVishalya Dulam
 
Public Key Cryptography
byanusachu .
 
Network Security
byRamasubbu .P
 
Network Security
byhj43us
 
Social Engg. Assignment it17 final (1)
byrosu555
 

Similar to Security pre

PPT
Cryptography Lecture by Sam Bowne
bySecurityTube.Net
 
PPT
Ch12 Cryptography it-slideshares.blogspot.com
byphanleson
 
PPT
Network Security and Cryptography
byAdam Reagan
 
PPT
Cryptography - A Brief History
byprasenjeetd
 
PPTX
Introduction to Network Security presentation
bykrishkiran2408
 
PPTX
Security
bySaqib Shehzad
 
PPTX
Encryption by fastech
byAbdulafeez Fasasi
 
DOC
DOCS ON NETWORK SECURITY
byTuhin_Das
 
PPT
crypto slide for students, check out the good article
bysuperman85hackerone
 
PPT
Op Sy 03 Ch 61a
by Google
 
PPT
Chapter 15 - Security
byWayne Jones Jnr
 
PDF
CNIT 123 12: Cryptography
bySam Bowne
 
PDF
Chapter 8 cryptography lanjutan
bynewbie2019
 
PPTX
Security - ch3.pptx
byHabtamuHaileMichael2
 
PPTX
Security.pptx
byjohn6938
 
PPT
Rothke Info Security Canada 2007 Final
byBen Rothke
 
PPTX
Computer Introduction (Data Encryption)-Lecture05
byDr. Mazin Mohamed alkathiri
 
PPTX
Security - ch3.pptx
byGebrehanaAlemaw
 
PPT
Crypt
byMir Majid
 
PPTX
20 security
byabiy2004
 
Cryptography Lecture by Sam Bowne
bySecurityTube.Net
 
Ch12 Cryptography it-slideshares.blogspot.com
byphanleson
 
Network Security and Cryptography
byAdam Reagan
 
Cryptography - A Brief History
byprasenjeetd
 
Introduction to Network Security presentation
bykrishkiran2408
 
Security
bySaqib Shehzad
 
Encryption by fastech
byAbdulafeez Fasasi
 
DOCS ON NETWORK SECURITY
byTuhin_Das
 
crypto slide for students, check out the good article
bysuperman85hackerone
 
Op Sy 03 Ch 61a
by Google
 
Chapter 15 - Security
byWayne Jones Jnr
 
CNIT 123 12: Cryptography
bySam Bowne
 
Chapter 8 cryptography lanjutan
bynewbie2019
 
Security - ch3.pptx
byHabtamuHaileMichael2
 
Security.pptx
byjohn6938
 
Rothke Info Security Canada 2007 Final
byBen Rothke
 
Computer Introduction (Data Encryption)-Lecture05
byDr. Mazin Mohamed alkathiri
 
Security - ch3.pptx
byGebrehanaAlemaw
 
Crypt
byMir Majid
 
20 security
byabiy2004
 

More from missstevenson01

PPTX
S3 environment
bymissstevenson01
 
PPTX
The Processor.pptx
bymissstevenson01
 
PPTX
How Computers Work
bymissstevenson01
 
PPTX
Lesson 3 - Coding with Minecraft - Variables.pptx
bymissstevenson01
 
PPTX
Lesson 2 - Coding with Minecraft - Events.pptx
bymissstevenson01
 
PPTX
Lesson 1 - Coding with Minecraft -Introduction.pptx
bymissstevenson01
 
PPTX
Lesson2 - Coding with Minecraft - Events.pptx
bymissstevenson01
 
PPTX
Ethical hacking trojans, worms and spyware
bymissstevenson01
 
PPTX
Ethical hacking anti virus
bymissstevenson01
 
PPTX
Ethical hacking introduction to ethical hacking
bymissstevenson01
 
PPTX
S1 internet safety-chattingonline
bymissstevenson01
 
PPTX
S3 wireframe diagrams
bymissstevenson01
 
PPTX
Sql
bymissstevenson01
 
PPTX
Alien database
bymissstevenson01
 
PPTX
Video Games and Copyright laws
bymissstevenson01
 
PPTX
Games Design Document
bymissstevenson01
 
PPTX
Video game proposal
bymissstevenson01
 
PPTX
Evaluation
bymissstevenson01
 
PPTX
H evaluation
bymissstevenson01
 
PPTX
H testing and debugging
bymissstevenson01
 
S3 environment
bymissstevenson01
 
The Processor.pptx
bymissstevenson01
 
How Computers Work
bymissstevenson01
 
Lesson 3 - Coding with Minecraft - Variables.pptx
bymissstevenson01
 
Lesson 2 - Coding with Minecraft - Events.pptx
bymissstevenson01
 
Lesson 1 - Coding with Minecraft -Introduction.pptx
bymissstevenson01
 
Lesson2 - Coding with Minecraft - Events.pptx
bymissstevenson01
 
Ethical hacking trojans, worms and spyware
bymissstevenson01
 
Ethical hacking anti virus
bymissstevenson01
 
Ethical hacking introduction to ethical hacking
bymissstevenson01
 
S1 internet safety-chattingonline
bymissstevenson01
 
S3 wireframe diagrams
bymissstevenson01
 
Sql
bymissstevenson01
 
Alien database
bymissstevenson01
 
Video Games and Copyright laws
bymissstevenson01
 
Games Design Document
bymissstevenson01
 
Video game proposal
bymissstevenson01
 
Evaluation
bymissstevenson01
 
H evaluation
bymissstevenson01
 
H testing and debugging
bymissstevenson01
 

Recently uploaded

PDF
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
PPTX
MEMORY &FORGETTING. Shilpa Hotakar.Psychology pptx
bySHILPA HOTAKAR
 
PPTX
How to perform product search based on a custom field from the Website Shop p...
byCeline George
 
PDF
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
PDF
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PPTX
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
PPTX
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
PDF
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
PDF
Artificial Intelligence in Research and Academic Writing, Workshop on Researc...
byProf. Vinod Kumar Kanvaria
 
PPTX
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
PDF
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
PPTX
Math 8 Quarter 4 Week 4-SECONDARY DATA.pptx
byshahanieabbat3
 
PPTX
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
PDF
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
PDF
java full stack programming and interview questions
byrajuashokit
 
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
MEMORY &FORGETTING. Shilpa Hotakar.Psychology pptx
bySHILPA HOTAKAR
 
How to perform product search based on a custom field from the Website Shop p...
byCeline George
 
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
Artificial Intelligence in Research and Academic Writing, Workshop on Researc...
byProf. Vinod Kumar Kanvaria
 
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
Math 8 Quarter 4 Week 4-SECONDARY DATA.pptx
byshahanieabbat3
 
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
java full stack programming and interview questions
byrajuashokit
 

Security pre

  • 1.
  • 2.
    Learning Intentions By theend of this lesson learners will be able to: ❏ Describe what is meant by Encryption ❏ Discuss the purpose of Digital Certificates and Digital Signatures ❏ Describe the purpose of server side validation of form data
  • 3.
    Encryption Encryption is whendata is encoded into another form. This means that even if data is intercepted then the data is meaningless until it is deciphered using a key.
  • 4.
    How encryption works Letslook at a basic cypher A Caesar(shift) cypher A B C D E F G H I Z A B C D E F G H I J So DAD would be CZC
  • 5.
    The Key The keyis the secret to encryption Encryption Key Decryption
  • 6.
    Encryption There are twomain methods to encrypt data Symmetric Key - Secret Key Asymmetric Key - Private key/public key
  • 7.
    Symmetric Encryption Data EncryptionStandard (DES) was created in 1977 Used a 56 bit key Approx. 72,000,000,000,000,000 combinations (256) Advanced Encryption Standard (AES) Used by the US government Offers 128,192 or 256 bit encryption 2256 combinations (1.15e+77) RSA (Ron Rivest, Adi Shamir and Leonard Adleman) 1024 - 2048 bit
  • 8.
  • 9.
  • 10.
    Encryption and DigitalRights Management CSS (Content Scramble System) encryption was used as the original Digital Rights Management system on DVD’s in 1996 Used a 40 bit cipher Compromised in 1999
  • 11.
    Pros and Cons– Symmetric Encryption ✓ The key doesn’t have to be sent with the message ✓ The system is usually more straight forward/faster ✘ The key has to be installed with the receiver before transmission ✘ If the key is compromised both sent AND received messages can be decyphered For Against
  • 12.
    Asymmetric Key Asymmetric Keyor public key encryption is when there are two keys. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret and used to decrypt received mesages
  • 13.
    Asymmetric Encryption Sender Recipient PlainPlain Ciphertext Encryption Decryption Public Key Private Key Think of the public key as a lock
  • 14.
    Which key andwhen? The sender uses the public key to: Encrypt any messages to recipient The recipient uses the private key to: Decrypt any messages from sender
  • 15.
    Pros and Cons– Asymmetric Encryption ✓ The Private key never needs to be distributed ✓ Can be used to implement digital signatures ✘ Is slower than symmetric encryption. ✘ It requires far more processing power to encrypt and decrypt the content of the message. For Against
  • 16.
    How do youget the keys? To use asymmetric encryption then there has to be a way to distribute the public keys. And to verify the authenticity of the sender Digital Certificates are a useful tool for this.
  • 17.
    Public Key Encryption& Malware Some malware (ransomware) such as CryptoLocker will encrypt the contents of infected machines It uses RSA encryption Will only decrypt the drive once payment has been made The key is held on a private server Further reading: https://traxarmstrong.com/free-tool-remove-cryptorbit-ransomware/#gsc.tab=0
  • 18.
    Basic RSA EncryptionExample To encrypt a message such as HELLO, we will first turn it into numbers Our public key is 33,3 This consists of two prime numbers H E L L O 8 5 12 12 15
  • 19.
    RSA Encryption Example Ourpublic key is 33,3 So we raise the number to the power of 3 Original H E L L O Original 8 5 12 12 15 ^3 512 125 1,728 1,728 3,375
  • 20.
    RSA Encryption Example Ourpublic key is 33,3 Then we will perform our number mod 33 (the remainder after dividing by 11) Original H E L L O Original 8 5 12 12 15 ^3 512 125 1,728 1,728 3,375 %33 17 26 12 12 9
  • 21.
    RSA Decryption Example Ourprivate key is 33,7 We will raise our number to the power of 7 Original H E L L O Original 8 5 12 12 15 Cipher 17 26 12 12 9 ^7 410338673 8031810176 35831808 35831808 4782969
  • 22.
    RSA Decryption Example Ourprivate key is 33,7 Then we will perform our number mod 33 (the remainder after dividing by 11) Original H E L L O Original 8 5 12 12 15 Cipher 8 26 12 12 9 ^7 410338673 8031810176 35831808 35831808 4782969 %33 8 5 12 12 15
  • 23.
  • 24.
    How strong isthe encryption? The Key size is the size in bits of the key used in the algorithm that encrypts the data Assume that a 40 bit key has been cracked May have been brute forced Then an example 128 bit key may only actually provide 88 bits of encryption
  • 25.
    Cracking Encryption 512 bitkeys were broken in 1999 Encryption has even been compromised by listening to the sound the CPU makes. It was conducted with one of the co-inventors of the RSA algorithm Further reading: https://www.extremetech.com/extreme/173108-researchers-crack-the-worlds- toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu
  • 26.
    Unbreakable codes? There isa lot of research going on into Quantum cryptography Relies on physics and not maths Data is transmitted using light The main theory behind this is that when the light is intercepted then it is changed This uses Heisenberg's uncertainty principle Image CC BY-SA 3.0 BigRiz -en:Wikipedia
  • 27.
    Identifying yourself In reallife if you are proving your identity you can use multiple forms of ID Passport Drivers License How can prove the identity of senders of emails/providers of websites?
  • 28.
    Proving your identity Adigital certificate is the digital version of a passport or driving license They are issued by a central certification authority Many digital certificates conform to the X.509 standard. Can contain the following information ❏ Public Key ❏ Owners Name ❏ Expiration and Issuer
  • 29.
    Digital Signatures A digitalsignature is a method of ensuring that a message is authentic (unaltered) 1. You obtain a message hash A mathematical summary of the contents of the message 2. You can encrypt this message hash with your private key 3. This ‘signature’ is attached to a message
  • 30.
  • 31.
    How long tocrack a digital certificate? https://www.digicert.com/TimeTravel/
  • 32.
    Hashing In Feb 2017- Google broke the SHA1 hashing system Further reading: https://security.googleblog.com/2017/02/announcing-first-sha1- collision.html The computations involved in this was:: ❏ Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total ❏ 6,500 years of CPU computation to complete the attack first phase ❏ 110 years of GPU computation to complete the second phase
  • 33.
    Moving on fromSHA1 MD5 (1992) produces 128 bit outputs SHA-0 (1993) produces 160 bit outputs SHA-1 (1995) produces 160 bit outputs SHA-2 (2001) produces 224-512 bit outputs Further reading: https://en.wikipedia.org/wiki/Secure_Hash_Algorithms http://borjournals.com/a/index.php/jecas/article/viewFile/1807/1127
  • 34.
    At the otherside 1. The recipient has to apply the same mathematical hash of the received message 2. The encrypted message hash is then decrypted 3. If both of the hashes match then the message is valid and authentic MD5 Hash Generator: http://www.md5.cz
  • 35.
  • 36.
    Computer Misuse Act Thishas 3 main sections 1. Unauthorised access to computer material. Basic Hacking. Getting access to a system without permission. 2. Unauthorised access with intent to commit or facilitate commission of further offences Helping to commit a crime. 3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc. Expert Hacking. Modification of data without permission, planting viruses, deletion or modification of other users files.
  • 37.
    Section 1- Unauthorisedaccess to computer material June 2015 - Norwich Teaching Assistant hacked into the school email system at Ormiston Victory Academy and used pupil's account to send email "There will be a bomb in school Monday". Guilty plea to one count of communicating false information and one count of unauthorised computer access. Sentence: 15 months imprisonment October 2015 Former Met Police detective used Police computer systems for 230 searches between 2009 and 2013 for private use. Sentence: 9 months in prison.
  • 38.
    Section 2- Unauthorisedaccess with intent For example, if you penetrated a bank's computer system intending to move £10,000 to another account, you would still be guilty of an offence under section 2. July 2015 Senior Internal Auditor at Morrisons supermarket accessed and uploaded confidential personal data of nearly 100,000 employees to newspaper and data sharing websites. Data breach cost the company more than £2m to rectify. Sentence: 8 years
  • 39.
    Aiding a Crime AuthorisedUS American Express credit analyst gained access to unauthorised credit card accounts and PINs. Accomplice Allison used forged Amex cards in London in ATM machines US$ 1M fraud.
  • 40.
    Section 3 –Unauthorisedor reckless acts A person is guilty of an offence if: he does any unauthorised act in relation to a computer Offences could be: ❏ to impair the operation of any computer; ❏ to prevent or hinder access to any program or data held in any computer ❏ to impair the operation of any such program or the reliability of any such data ❏ to enable any of the things mentioned in the above bullet points
  • 41.
    Section 3 –Unauthorisedor reckless acts Aug 2015 Revenge attacks by ex-Director on former network security company Esselar and its client Aviva over five months. 900 Aviva employees' phones hacked. Esselar Twitter account defaced. Esselar lost the Aviva contract. Pleaded guilty to four counts of unauthorised or reckless acts with intent to impair computer operation. Actions had "damaged confidence and reputations in a way that can be far-reaching and serious". Sentence: 18 months. Other cases can be found at: http://www.computerevidence.co.uk/Cases/CMA.htm
  • 42.
    Subsections Unauthorised acts causing,or creating risk of, serious damage Such as damage to: ❏ human welfare ❏ environment of any place ❏ economy of any country ❏ national security of any country Making, supplying or obtaining articles for use in offence Such as creating software viruses etc.
  • 43.
    Penalties Under TheAct Gaining unauthorised access (or trying to): Up to 12 months and/or a £5,000 fine Above + intent to commit further offences: Up to 10 years and/or fine Causing unauthorised modifications: Up to 5 years and/or fine
  • 44.
    Computer Misuse Act Whatif your phone’s voicemail was hacked? More cases: http://www.computerevidence.co.uk/Cases/CMA.htm

Editor's Notes

  • #40 R v Bow Street Magistrates Court and Allison ex parte Government of USA House of Lords 05/08/1999 The Times 7 September 1999; [1999] 4 All E R 1; [1999] 3 WLR 620; [1999] Masons CLR 380 [1998] 3 WLR 1156; [1998] Masons CLR 234; The Times 2 June 1998. [1999] C&L Oct/Nov, 21 Computer Misuse Act 1990, ss 1, 2, 15, 17(5) Unauthorised access - Authority - Meaning of "control access" in s 17(5) - Extradition – Conspiracy Authorised US American Express credit analyst gained access to unauthorised credit card accounts and PINs. Accomplice Allison used forged Amex cards in London in ATM US$ 1M fraud. Held - unauthorised access applies to the use of a computer to obtain unauthorised access to data. "Hacking" held to refer to all forms of unauthorised access whether by insiders or outsiders. Comments of House of Lords in R v Bignell on meaning of "control access" in Computer Misuse Act 1990 s.17 (5) distinguished. Habeas corpus denied.
  • #41 http://www.theregister.co.uk/2012/07/02/ebanking_fraudsters_jailed/ Pavel Cyganok was jailed for five years. Ilja Zakrevski for four years.
  • #42 http://www.theregister.co.uk/2012/07/02/ebanking_fraudsters_jailed/ Pavel Cyganok was jailed for five years. Ilja Zakrevski for four years.