SlideShare a Scribd company logo

Security pre

Download as PPTX, PDF
M
missstevenson01

Security pre

Education
1 of 44
Security Precautions
Learning Intentions By the end of this lesson learners will be able to: ❏ Describe what is meant by Encryption ❏ Discuss the purpose of Digital Certificates and Digital Signatures ❏ Describe the purpose of server side validation of form data
Encryption Encryption is when data is encoded into another form. This means that even if data is intercepted then the data is meaningless until it is deciphered using a key.
How encryption works Lets look at a basic cypher A Caesar(shift) cypher A B C D E F G H I Z A B C D E F G H I J So DAD would be CZC
The Key The key is the secret to encryption Encryption Key Decryption
Encryption There are two main methods to encrypt data Symmetric Key - Secret Key Asymmetric Key - Private key/public key
Symmetric Encryption Data Encryption Standard (DES) was created in 1977 Used a 56 bit key Approx. 72,000,000,000,000,000 combinations (256) Advanced Encryption Standard (AES) Used by the US government Offers 128,192 or 256 bit encryption 2256 combinations (1.15e+77) RSA (Ron Rivest, Adi Shamir and Leonard Adleman) 1024 - 2048 bit
21,024 = 179,769,313,486,231,590,772, 931,...,304,835,356,329,624,22 4,137,216 (309 digits)
22,048 = 32,317,006,071,311,007,300,7 14,...,193,555,853,611,059,596 ,230,656 (617 digits)
Encryption and Digital Rights Management CSS (Content Scramble System) encryption was used as the original Digital Rights Management system on DVD’s in 1996 Used a 40 bit cipher Compromised in 1999
Pros and Cons – Symmetric Encryption ✓ The key doesn’t have to be sent with the message ✓ The system is usually more straight forward/faster ✘ The key has to be installed with the receiver before transmission ✘ If the key is compromised both sent AND received messages can be decyphered For Against
Asymmetric Key Asymmetric Key or public key encryption is when there are two keys. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret and used to decrypt received mesages
Asymmetric Encryption Sender Recipient Plain Plain Ciphertext Encryption Decryption Public Key Private Key Think of the public key as a lock
Which key and when? The sender uses the public key to: Encrypt any messages to recipient The recipient uses the private key to: Decrypt any messages from sender
Pros and Cons – Asymmetric Encryption ✓ The Private key never needs to be distributed ✓ Can be used to implement digital signatures ✘ Is slower than symmetric encryption. ✘ It requires far more processing power to encrypt and decrypt the content of the message. For Against
How do you get the keys? To use asymmetric encryption then there has to be a way to distribute the public keys. And to verify the authenticity of the sender Digital Certificates are a useful tool for this.
Public Key Encryption & Malware Some malware (ransomware) such as CryptoLocker will encrypt the contents of infected machines It uses RSA encryption Will only decrypt the drive once payment has been made The key is held on a private server Further reading: https://traxarmstrong.com/free-tool-remove-cryptorbit-ransomware/#gsc.tab=0
Basic RSA Encryption Example To encrypt a message such as HELLO, we will first turn it into numbers Our public key is 33,3 This consists of two prime numbers H E L L O 8 5 12 12 15
RSA Encryption Example Our public key is 33,3 So we raise the number to the power of 3 Original H E L L O Original 8 5 12 12 15 ^3 512 125 1,728 1,728 3,375
RSA Encryption Example Our public key is 33,3 Then we will perform our number mod 33 (the remainder after dividing by 11) Original H E L L O Original 8 5 12 12 15 ^3 512 125 1,728 1,728 3,375 %33 17 26 12 12 9
RSA Decryption Example Our private key is 33,7 We will raise our number to the power of 7 Original H E L L O Original 8 5 12 12 15 Cipher 17 26 12 12 9 ^7 410338673 8031810176 35831808 35831808 4782969
RSA Decryption Example Our private key is 33,7 Then we will perform our number mod 33 (the remainder after dividing by 11) Original H E L L O Original 8 5 12 12 15 Cipher 8 26 12 12 9 ^7 410338673 8031810176 35831808 35831808 4782969 %33 8 5 12 12 15
WannaCry (2017) Ransomware Sample
How strong is the encryption? The Key size is the size in bits of the key used in the algorithm that encrypts the data Assume that a 40 bit key has been cracked May have been brute forced Then an example 128 bit key may only actually provide 88 bits of encryption
Cracking Encryption 512 bit keys were broken in 1999 Encryption has even been compromised by listening to the sound the CPU makes. It was conducted with one of the co-inventors of the RSA algorithm Further reading: https://www.extremetech.com/extreme/173108-researchers-crack-the-worlds- toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu
Unbreakable codes? There is a lot of research going on into Quantum cryptography Relies on physics and not maths Data is transmitted using light The main theory behind this is that when the light is intercepted then it is changed This uses Heisenberg's uncertainty principle Image CC BY-SA 3.0 BigRiz -en:Wikipedia
Identifying yourself In real life if you are proving your identity you can use multiple forms of ID Passport Drivers License How can prove the identity of senders of emails/providers of websites?
Proving your identity A digital certificate is the digital version of a passport or driving license They are issued by a central certification authority Many digital certificates conform to the X.509 standard. Can contain the following information ❏ Public Key ❏ Owners Name ❏ Expiration and Issuer
Digital Signatures A digital signature is a method of ensuring that a message is authentic (unaltered) 1. You obtain a message hash A mathematical summary of the contents of the message 2. You can encrypt this message hash with your private key 3. This ‘signature’ is attached to a message
Digital Signatures https://www.docusign.co.uk/how-it-works/electronic-signature/digital-signature/digital-signature-faq
How long to crack a digital certificate? https://www.digicert.com/TimeTravel/
Hashing In Feb 2017 - Google broke the SHA1 hashing system Further reading: https://security.googleblog.com/2017/02/announcing-first-sha1- collision.html The computations involved in this was:: ❏ Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total ❏ 6,500 years of CPU computation to complete the attack first phase ❏ 110 years of GPU computation to complete the second phase
Moving on from SHA1 MD5 (1992) produces 128 bit outputs SHA-0 (1993) produces 160 bit outputs SHA-1 (1995) produces 160 bit outputs SHA-2 (2001) produces 224-512 bit outputs Further reading: https://en.wikipedia.org/wiki/Secure_Hash_Algorithms http://borjournals.com/a/index.php/jecas/article/viewFile/1807/1127
At the other side 1. The recipient has to apply the same mathematical hash of the received message 2. The encrypted message hash is then decrypted 3. If both of the hashes match then the message is valid and authentic MD5 Hash Generator: http://www.md5.cz
The Computer Misuse Act - 1998
Computer Misuse Act This has 3 main sections 1. Unauthorised access to computer material. Basic Hacking. Getting access to a system without permission. 2. Unauthorised access with intent to commit or facilitate commission of further offences Helping to commit a crime. 3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc. Expert Hacking. Modification of data without permission, planting viruses, deletion or modification of other users files.
Section 1- Unauthorised access to computer material June 2015 - Norwich Teaching Assistant hacked into the school email system at Ormiston Victory Academy and used pupil's account to send email "There will be a bomb in school Monday". Guilty plea to one count of communicating false information and one count of unauthorised computer access. Sentence: 15 months imprisonment October 2015 Former Met Police detective used Police computer systems for 230 searches between 2009 and 2013 for private use. Sentence: 9 months in prison.
Section 2- Unauthorised access with intent For example, if you penetrated a bank's computer system intending to move £10,000 to another account, you would still be guilty of an offence under section 2. July 2015 Senior Internal Auditor at Morrisons supermarket accessed and uploaded confidential personal data of nearly 100,000 employees to newspaper and data sharing websites. Data breach cost the company more than £2m to rectify. Sentence: 8 years
Aiding a Crime Authorised US American Express credit analyst gained access to unauthorised credit card accounts and PINs. Accomplice Allison used forged Amex cards in London in ATM machines US$ 1M fraud.
Section 3 –Unauthorised or reckless acts A person is guilty of an offence if: he does any unauthorised act in relation to a computer Offences could be: ❏ to impair the operation of any computer; ❏ to prevent or hinder access to any program or data held in any computer ❏ to impair the operation of any such program or the reliability of any such data ❏ to enable any of the things mentioned in the above bullet points
Section 3 –Unauthorised or reckless acts Aug 2015 Revenge attacks by ex-Director on former network security company Esselar and its client Aviva over five months. 900 Aviva employees' phones hacked. Esselar Twitter account defaced. Esselar lost the Aviva contract. Pleaded guilty to four counts of unauthorised or reckless acts with intent to impair computer operation. Actions had "damaged confidence and reputations in a way that can be far-reaching and serious". Sentence: 18 months. Other cases can be found at: http://www.computerevidence.co.uk/Cases/CMA.htm
Subsections Unauthorised acts causing, or creating risk of, serious damage Such as damage to: ❏ human welfare ❏ environment of any place ❏ economy of any country ❏ national security of any country Making, supplying or obtaining articles for use in offence Such as creating software viruses etc.
Penalties Under The Act Gaining unauthorised access (or trying to): Up to 12 months and/or a £5,000 fine Above + intent to commit further offences: Up to 10 years and/or fine Causing unauthorised modifications: Up to 5 years and/or fine
Computer Misuse Act What if your phone’s voicemail was hacked? More cases: http://www.computerevidence.co.uk/Cases/CMA.htm

Recommended

How encryption works
How encryption worksHow encryption works
How encryption worksRaxTonProduction
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
Information Security
Information SecurityInformation Security
Information SecurityPresentaionslive.blogspot.com
 
Unit 7 : Network Security
Unit 7 : Network SecurityUnit 7 : Network Security
Unit 7 : Network SecurityChandan Gupta Bhagat
 
Cryptography
CryptographyCryptography
Cryptographyamiable_indian
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
IS Security Presentation
IS Security PresentationIS Security Presentation
IS Security PresentationRenjith K P
 
CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismAmit Singh
 

Recommended

How encryption works
How encryption worksHow encryption works
How encryption worksRaxTonProduction
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
Information Security
Information SecurityInformation Security
Information SecurityPresentaionslive.blogspot.com
 
Unit 7 : Network Security
Unit 7 : Network SecurityUnit 7 : Network Security
Unit 7 : Network SecurityChandan Gupta Bhagat
 
Cryptography
CryptographyCryptography
Cryptographyamiable_indian
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
IS Security Presentation
IS Security PresentationIS Security Presentation
IS Security PresentationRenjith K P
 
CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismAmit Singh
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherCryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherGopal Sakarkar
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pkiPrabhat Goel
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesBuddhika Karunanayaka
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic toolsCAS
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
Unit 1 Introducation
Unit 1 IntroducationUnit 1 Introducation
Unit 1 IntroducationTushar Rajput
 
Public key Cryptography & RSA
Public key Cryptography & RSAPublic key Cryptography & RSA
Public key Cryptography & RSAAmit Debnath
 
Encryption and Key Distribution Methods
Encryption and Key Distribution MethodsEncryption and Key Distribution Methods
Encryption and Key Distribution MethodsGulcin Yildirim Jelinek
 
network security
network securitynetwork security
network securityBishalWosti1
 
Web security for e-commerce
Web security for e-commerceWeb security for e-commerce
Web security for e-commerceNishant Pahad
 
Key distribution code.ppt
Key distribution code.pptKey distribution code.ppt
Key distribution code.pptPrabhat Kumar
 
Ijtra150171
Ijtra150171Ijtra150171
Ijtra150171International Journal of Technical Research & Application
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Cryptography
CryptographyCryptography
CryptographyVishalya Dulam
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
Network Security
Network SecurityNetwork Security
Network SecurityRamasubbu .P
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)rosu555
 
chapter 7.pptx
chapter 7.pptxchapter 7.pptx
chapter 7.pptxMelkamtseganewTigabi1
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastechAbdulafeez Fasasi
 
cryptography
cryptographycryptography
cryptographyBalaji Ravi
 

More Related Content

What's hot

Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherCryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherGopal Sakarkar
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pkiPrabhat Goel
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic toolsCAS
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
Unit 1 Introducation
Unit 1 IntroducationUnit 1 Introducation
Unit 1 IntroducationTushar Rajput
 
Public key Cryptography & RSA
Public key Cryptography & RSAPublic key Cryptography & RSA
Public key Cryptography & RSAAmit Debnath
 
Web security for e-commerce
Web security for e-commerceWeb security for e-commerce
Web security for e-commerceNishant Pahad
 
Key distribution code.ppt
Key distribution code.pptKey distribution code.ppt
Key distribution code.pptPrabhat Kumar
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)rosu555
 

What's hot (19)

Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherCryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar Cipher
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pki
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 
Unit 1 Introducation
Unit 1 IntroducationUnit 1 Introducation
Unit 1 Introducation
 
Public key Cryptography & RSA
Public key Cryptography & RSAPublic key Cryptography & RSA
Public key Cryptography & RSA
 
Encryption and Key Distribution Methods
Encryption and Key Distribution MethodsEncryption and Key Distribution Methods
Encryption and Key Distribution Methods
 
network security
network securitynetwork security
network security
 
Web security for e-commerce
Web security for e-commerceWeb security for e-commerce
Web security for e-commerce
 
Key distribution code.ppt
Key distribution code.pptKey distribution code.ppt
Key distribution code.ppt
 
Ijtra150171
Ijtra150171Ijtra150171
Ijtra150171
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Cryptography
CryptographyCryptography
Cryptography
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)
 

Similar to Security pre

A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfYasmine Anino
 
cryptography
cryptographycryptography
cryptographyswatihans
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Saif Kassim
 
Security.pptx
Security.pptxSecurity.pptx
Security.pptxjohn6938
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityEditor IJCATR
 
Cscu module 04 data encryption
Cscu module 04 data encryptionCscu module 04 data encryption
Cscu module 04 data encryptionSejahtera Affif
 
DES- Data Encryption Standard
DES- Data Encryption StandardDES- Data Encryption Standard
DES- Data Encryption StandardIRJET Journal
 

Similar to Security pre (20)

chapter 7.pptx
chapter 7.pptxchapter 7.pptx
chapter 7.pptx
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 
cryptography
cryptographycryptography
cryptography
 
A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdf
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
 
s117
s117s117
s117
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
 
cryptography
cryptographycryptography
cryptography
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
 
Security.pptx
Security.pptxSecurity.pptx
Security.pptx
 
Data encryption
Data encryptionData encryption
Data encryption
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 
Week12
Week12Week12
Week12
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
 
Cryptointro
CryptointroCryptointro
Cryptointro
 
Cryptography
CryptographyCryptography
Cryptography
 
Cscu module 04 data encryption
Cscu module 04 data encryptionCscu module 04 data encryption
Cscu module 04 data encryption
 
DES- Data Encryption Standard
DES- Data Encryption StandardDES- Data Encryption Standard
DES- Data Encryption Standard
 

More from missstevenson01

Lesson 3 - Coding with Minecraft - Variables.pptx
Lesson 3 - Coding with Minecraft - Variables.pptxLesson 3 - Coding with Minecraft - Variables.pptx
Lesson 3 - Coding with Minecraft - Variables.pptxmissstevenson01
 
Lesson 2 - Coding with Minecraft - Events.pptx
Lesson 2 - Coding with Minecraft - Events.pptxLesson 2 - Coding with Minecraft - Events.pptx
Lesson 2 - Coding with Minecraft - Events.pptxmissstevenson01
 
Lesson 1 - Coding with Minecraft -Introduction.pptx
Lesson 1 - Coding with Minecraft -Introduction.pptxLesson 1 - Coding with Minecraft -Introduction.pptx
Lesson 1 - Coding with Minecraft -Introduction.pptxmissstevenson01
 
Lesson2 - Coding with Minecraft - Events.pptx
Lesson2 - Coding with Minecraft - Events.pptxLesson2 - Coding with Minecraft - Events.pptx
Lesson2 - Coding with Minecraft - Events.pptxmissstevenson01
 
Ethical hacking trojans, worms and spyware
Ethical hacking trojans, worms and spywareEthical hacking trojans, worms and spyware
Ethical hacking trojans, worms and spywaremissstevenson01
 
Ethical hacking anti virus
Ethical hacking anti virusEthical hacking anti virus
Ethical hacking anti virusmissstevenson01
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingmissstevenson01
 
S1 internet safety-chattingonline
S1 internet safety-chattingonlineS1 internet safety-chattingonline
S1 internet safety-chattingonlinemissstevenson01
 
Video Games and Copyright laws
Video Games and Copyright lawsVideo Games and Copyright laws
Video Games and Copyright lawsmissstevenson01
 

More from missstevenson01 (20)

S3 environment
S3 environmentS3 environment
S3 environment
 
The Processor.pptx
The Processor.pptxThe Processor.pptx
The Processor.pptx
 
How Computers Work
How Computers WorkHow Computers Work
How Computers Work
 
Lesson 3 - Coding with Minecraft - Variables.pptx
Lesson 3 - Coding with Minecraft - Variables.pptxLesson 3 - Coding with Minecraft - Variables.pptx
Lesson 3 - Coding with Minecraft - Variables.pptx
 
Lesson 2 - Coding with Minecraft - Events.pptx
Lesson 2 - Coding with Minecraft - Events.pptxLesson 2 - Coding with Minecraft - Events.pptx
Lesson 2 - Coding with Minecraft - Events.pptx
 
Lesson 1 - Coding with Minecraft -Introduction.pptx
Lesson 1 - Coding with Minecraft -Introduction.pptxLesson 1 - Coding with Minecraft -Introduction.pptx
Lesson 1 - Coding with Minecraft -Introduction.pptx
 
Lesson2 - Coding with Minecraft - Events.pptx
Lesson2 - Coding with Minecraft - Events.pptxLesson2 - Coding with Minecraft - Events.pptx
Lesson2 - Coding with Minecraft - Events.pptx
 
Ethical hacking trojans, worms and spyware
Ethical hacking trojans, worms and spywareEthical hacking trojans, worms and spyware
Ethical hacking trojans, worms and spyware
 
Ethical hacking anti virus
Ethical hacking anti virusEthical hacking anti virus
Ethical hacking anti virus
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hacking
 
S1 internet safety-chattingonline
S1 internet safety-chattingonlineS1 internet safety-chattingonline
S1 internet safety-chattingonline
 
S3 wireframe diagrams
S3 wireframe diagramsS3 wireframe diagrams
S3 wireframe diagrams
 
Sql
SqlSql
Sql
 
Alien database
Alien databaseAlien database
Alien database
 
Video Games and Copyright laws
Video Games and Copyright lawsVideo Games and Copyright laws
Video Games and Copyright laws
 
Games Design Document
Games Design DocumentGames Design Document
Games Design Document
 
Video game proposal
Video game proposalVideo game proposal
Video game proposal
 
Evaluation
EvaluationEvaluation
Evaluation
 
H evaluation
H evaluationH evaluation
H evaluation
 
H testing and debugging
H testing and debuggingH testing and debugging
H testing and debugging
 

Recently uploaded

Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 

Recently uploaded (20)

Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 

Security pre

  • 2. Learning Intentions By the end of this lesson learners will be able to: ❏ Describe what is meant by Encryption ❏ Discuss the purpose of Digital Certificates and Digital Signatures ❏ Describe the purpose of server side validation of form data
  • 3. Encryption Encryption is when data is encoded into another form. This means that even if data is intercepted then the data is meaningless until it is deciphered using a key.
  • 4. How encryption works Lets look at a basic cypher A Caesar(shift) cypher A B C D E F G H I Z A B C D E F G H I J So DAD would be CZC
  • 5. The Key The key is the secret to encryption Encryption Key Decryption
  • 6. Encryption There are two main methods to encrypt data Symmetric Key - Secret Key Asymmetric Key - Private key/public key
  • 7. Symmetric Encryption Data Encryption Standard (DES) was created in 1977 Used a 56 bit key Approx. 72,000,000,000,000,000 combinations (256) Advanced Encryption Standard (AES) Used by the US government Offers 128,192 or 256 bit encryption 2256 combinations (1.15e+77) RSA (Ron Rivest, Adi Shamir and Leonard Adleman) 1024 - 2048 bit
  • 10. Encryption and Digital Rights Management CSS (Content Scramble System) encryption was used as the original Digital Rights Management system on DVD’s in 1996 Used a 40 bit cipher Compromised in 1999
  • 11. Pros and Cons – Symmetric Encryption ✓ The key doesn’t have to be sent with the message ✓ The system is usually more straight forward/faster ✘ The key has to be installed with the receiver before transmission ✘ If the key is compromised both sent AND received messages can be decyphered For Against
  • 12. Asymmetric Key Asymmetric Key or public key encryption is when there are two keys. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret and used to decrypt received mesages
  • 13. Asymmetric Encryption Sender Recipient Plain Plain Ciphertext Encryption Decryption Public Key Private Key Think of the public key as a lock
  • 14. Which key and when? The sender uses the public key to: Encrypt any messages to recipient The recipient uses the private key to: Decrypt any messages from sender
  • 15. Pros and Cons – Asymmetric Encryption ✓ The Private key never needs to be distributed ✓ Can be used to implement digital signatures ✘ Is slower than symmetric encryption. ✘ It requires far more processing power to encrypt and decrypt the content of the message. For Against
  • 16. How do you get the keys? To use asymmetric encryption then there has to be a way to distribute the public keys. And to verify the authenticity of the sender Digital Certificates are a useful tool for this.
  • 17. Public Key Encryption & Malware Some malware (ransomware) such as CryptoLocker will encrypt the contents of infected machines It uses RSA encryption Will only decrypt the drive once payment has been made The key is held on a private server Further reading: https://traxarmstrong.com/free-tool-remove-cryptorbit-ransomware/#gsc.tab=0
  • 18. Basic RSA Encryption Example To encrypt a message such as HELLO, we will first turn it into numbers Our public key is 33,3 This consists of two prime numbers H E L L O 8 5 12 12 15
  • 19. RSA Encryption Example Our public key is 33,3 So we raise the number to the power of 3 Original H E L L O Original 8 5 12 12 15 ^3 512 125 1,728 1,728 3,375
  • 20. RSA Encryption Example Our public key is 33,3 Then we will perform our number mod 33 (the remainder after dividing by 11) Original H E L L O Original 8 5 12 12 15 ^3 512 125 1,728 1,728 3,375 %33 17 26 12 12 9
  • 21. RSA Decryption Example Our private key is 33,7 We will raise our number to the power of 7 Original H E L L O Original 8 5 12 12 15 Cipher 17 26 12 12 9 ^7 410338673 8031810176 35831808 35831808 4782969
  • 22. RSA Decryption Example Our private key is 33,7 Then we will perform our number mod 33 (the remainder after dividing by 11) Original H E L L O Original 8 5 12 12 15 Cipher 8 26 12 12 9 ^7 410338673 8031810176 35831808 35831808 4782969 %33 8 5 12 12 15
  • 24. How strong is the encryption? The Key size is the size in bits of the key used in the algorithm that encrypts the data Assume that a 40 bit key has been cracked May have been brute forced Then an example 128 bit key may only actually provide 88 bits of encryption
  • 25. Cracking Encryption 512 bit keys were broken in 1999 Encryption has even been compromised by listening to the sound the CPU makes. It was conducted with one of the co-inventors of the RSA algorithm Further reading: https://www.extremetech.com/extreme/173108-researchers-crack-the-worlds- toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu
  • 26. Unbreakable codes? There is a lot of research going on into Quantum cryptography Relies on physics and not maths Data is transmitted using light The main theory behind this is that when the light is intercepted then it is changed This uses Heisenberg's uncertainty principle Image CC BY-SA 3.0 BigRiz -en:Wikipedia
  • 27. Identifying yourself In real life if you are proving your identity you can use multiple forms of ID Passport Drivers License How can prove the identity of senders of emails/providers of websites?
  • 28. Proving your identity A digital certificate is the digital version of a passport or driving license They are issued by a central certification authority Many digital certificates conform to the X.509 standard. Can contain the following information ❏ Public Key ❏ Owners Name ❏ Expiration and Issuer
  • 29. Digital Signatures A digital signature is a method of ensuring that a message is authentic (unaltered) 1. You obtain a message hash A mathematical summary of the contents of the message 2. You can encrypt this message hash with your private key 3. This ‘signature’ is attached to a message
  • 31. How long to crack a digital certificate? https://www.digicert.com/TimeTravel/
  • 32. Hashing In Feb 2017 - Google broke the SHA1 hashing system Further reading: https://security.googleblog.com/2017/02/announcing-first-sha1- collision.html The computations involved in this was:: ❏ Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total ❏ 6,500 years of CPU computation to complete the attack first phase ❏ 110 years of GPU computation to complete the second phase
  • 33. Moving on from SHA1 MD5 (1992) produces 128 bit outputs SHA-0 (1993) produces 160 bit outputs SHA-1 (1995) produces 160 bit outputs SHA-2 (2001) produces 224-512 bit outputs Further reading: https://en.wikipedia.org/wiki/Secure_Hash_Algorithms http://borjournals.com/a/index.php/jecas/article/viewFile/1807/1127
  • 34. At the other side 1. The recipient has to apply the same mathematical hash of the received message 2. The encrypted message hash is then decrypted 3. If both of the hashes match then the message is valid and authentic MD5 Hash Generator: http://www.md5.cz
  • 35. The Computer Misuse Act - 1998
  • 36. Computer Misuse Act This has 3 main sections 1. Unauthorised access to computer material. Basic Hacking. Getting access to a system without permission. 2. Unauthorised access with intent to commit or facilitate commission of further offences Helping to commit a crime. 3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc. Expert Hacking. Modification of data without permission, planting viruses, deletion or modification of other users files.
  • 37. Section 1- Unauthorised access to computer material June 2015 - Norwich Teaching Assistant hacked into the school email system at Ormiston Victory Academy and used pupil's account to send email "There will be a bomb in school Monday". Guilty plea to one count of communicating false information and one count of unauthorised computer access. Sentence: 15 months imprisonment October 2015 Former Met Police detective used Police computer systems for 230 searches between 2009 and 2013 for private use. Sentence: 9 months in prison.
  • 38. Section 2- Unauthorised access with intent For example, if you penetrated a bank's computer system intending to move £10,000 to another account, you would still be guilty of an offence under section 2. July 2015 Senior Internal Auditor at Morrisons supermarket accessed and uploaded confidential personal data of nearly 100,000 employees to newspaper and data sharing websites. Data breach cost the company more than £2m to rectify. Sentence: 8 years
  • 39. Aiding a Crime Authorised US American Express credit analyst gained access to unauthorised credit card accounts and PINs. Accomplice Allison used forged Amex cards in London in ATM machines US$ 1M fraud.
  • 40. Section 3 –Unauthorised or reckless acts A person is guilty of an offence if: he does any unauthorised act in relation to a computer Offences could be: ❏ to impair the operation of any computer; ❏ to prevent or hinder access to any program or data held in any computer ❏ to impair the operation of any such program or the reliability of any such data ❏ to enable any of the things mentioned in the above bullet points
  • 41. Section 3 –Unauthorised or reckless acts Aug 2015 Revenge attacks by ex-Director on former network security company Esselar and its client Aviva over five months. 900 Aviva employees' phones hacked. Esselar Twitter account defaced. Esselar lost the Aviva contract. Pleaded guilty to four counts of unauthorised or reckless acts with intent to impair computer operation. Actions had "damaged confidence and reputations in a way that can be far-reaching and serious". Sentence: 18 months. Other cases can be found at: http://www.computerevidence.co.uk/Cases/CMA.htm
  • 42. Subsections Unauthorised acts causing, or creating risk of, serious damage Such as damage to: ❏ human welfare ❏ environment of any place ❏ economy of any country ❏ national security of any country Making, supplying or obtaining articles for use in offence Such as creating software viruses etc.
  • 43. Penalties Under The Act Gaining unauthorised access (or trying to): Up to 12 months and/or a £5,000 fine Above + intent to commit further offences: Up to 10 years and/or fine Causing unauthorised modifications: Up to 5 years and/or fine
  • 44. Computer Misuse Act What if your phone’s voicemail was hacked? More cases: http://www.computerevidence.co.uk/Cases/CMA.htm

Editor's Notes

  1. R v Bow Street Magistrates Court and Allison ex parte Government of USA House of Lords 05/08/1999 The Times 7 September 1999; [1999] 4 All E R 1; [1999] 3 WLR 620; [1999] Masons CLR 380 [1998] 3 WLR 1156; [1998] Masons CLR 234; The Times 2 June 1998. [1999] C&L Oct/Nov, 21 Computer Misuse Act 1990, ss 1, 2, 15, 17(5) Unauthorised access - Authority - Meaning of "control access" in s 17(5) - Extradition – Conspiracy Authorised US American Express credit analyst gained access to unauthorised credit card accounts and PINs. Accomplice Allison used forged Amex cards in London in ATM US$ 1M fraud. Held - unauthorised access applies to the use of a computer to obtain unauthorised access to data. "Hacking" held to refer to all forms of unauthorised access whether by insiders or outsiders. Comments of House of Lords in R v Bignell on meaning of "control access" in Computer Misuse Act 1990 s.17 (5) distinguished. Habeas corpus denied.
  2. http://www.theregister.co.uk/2012/07/02/ebanking_fraudsters_jailed/ Pavel Cyganok was jailed for five years. Ilja Zakrevski for four years.
  3. http://www.theregister.co.uk/2012/07/02/ebanking_fraudsters_jailed/ Pavel Cyganok was jailed for five years. Ilja Zakrevski for four years.