The document discusses information security and protecting personal information. It defines information security as ensuring the confidentiality, integrity, and availability of information. Confidentiality means only authorized individuals can access information. Integrity means information has not been altered or destroyed. Availability means authorized individuals have access to information when needed without interruption. Security measures help protect against potential harm from others by restricting what others can do. However, security has weaknesses that can be exploited.

1. Information Security: General
Hook
They're watching you, personal
information.
Key details
The term information security is generally defined as ensuring the
confidentiality, integrity, and availability of information.
Ensuring the confidentiality・・・Confidentiality means ensuring that only
those who are authorized to access a piece of information have access to
it.
Integrity・・・Integrity means ensuring that information has not been
destroyed, altered or erased.
availability of information・・・Availability means ensuring that
persons authorized to access information have access to it when
necessary and without interruption.
Each of these three elements is referred to by the acronym CIA for information.
Security is protection from, or resilience against, potential harm(or other
unwanted coercive change) caused by others, by restraining the freedom of
others to act. Security measures is made for human and it is not perfect. So,
Security possess weakness.
More details
There are crimes in the world that threaten information security. there are crackers in the world who hack and rob
ordinary people of their personal information. Malicious actors steal or destroy our data (personal information, etc.) in
various ways. Hacking includes the following five typical attacks.
1. Zero-day attack
A zero-day attack is when a company attacks a newly discovered server vulnerability before it responds. If nothing is
done yet, the damage can also spread.
2, dictionary attack
Dictionary attacks are one of the means to identify other people's IDs and passwords. In addition to personal names,
words that are meaningful to people are selected in advance from the dictionary and collated.
3. Brute force attack
Brute force attacks, like dictionary attacks, are a means of finding IDs and passwords. As the name suggests, we
consider patterns from all angles and collate them in a brute force manner. Hackers use a combination of dictionary
attacks and brute force attacks to increase match rates.
4, shoulder hacking
Shoulder hacking is snooping, which involves looking over the user's shoulder into a computer screen to spy on
passwords and personal information. It's a fairly analog method, but other methods can be used, such as rummaging
through the trash can to find a piece of paper with a password written on it, or impersonating a policeman to ask for
the password. Collectively, these are called social engineering.
5. Watering hole attack
A drinking fountain attack is an attack that tampers with a website and switches it to a malicious site, infecting people
who visit it with a virus.
To protect ourselves from these attacks, we need to take measures ourselves. Specifically, passwords should be made
irregular, passwords should be lengthened, and the status of PCs and smartphones should be up-to-date. We believe
that strong passwords can reduce threats from dictionary attacks, brute force attacks, and shoulder hacking. Keeping
your PC or smartphone up to date will help protect you from viruses and hacker attacks because the weaknesses and
vulnerabilities of previous versions are likely to be improved. It is also important to use security features effectively.
Each system and computer has its own security features. It may not be set at the initial stage, so be sure to check it.
If your company handles personal or confidential information, you should also consider installing security software.
IPS and WAF can also prevent attacks on apps and platforms.
In this way, there are surprisingly many things that can be prevented by taking care of ourselves in information
security. By paying attention to these things, we can reduce the damage.

2. Security: Encryption
Hook
Are your passwords well
Encrypted ?
“Do you protect your data?”
Key details
Encryption is a method to make the contents of data
invisible to others.
If the password is stored in the computer as a character string,
there is a danger that it can be easily stolen from the computer.
Therefore, Password data is normally stored in the computer in
an encrypted state.
An encryption mechanism uses data called a encryption key to
encrypt the original data. When encrypted with this mechanism,
the original data becomes completely different data.
Ex: 1234-5678 → 🔑(key) → 2x3i-Gwh9
Encrypted data is restored to original data using the encryption
key.
Ex: 2x3i-Gwh9 → 🔑(key) → 1234-5678
So, encryption key play a very important role in encryption.
More details
Kinds of encryption
1:Symmetric key cryptography
Symmetric key cryptography is a method in which encryption and decryption keys are common. In other words, the key used to encrypt it is also used to
decrypt it. The characteristic of symmetric key cryptography is that it has a high processing speed.
2:Public key cryptography
Public key cryptography is a method in which separate keys for encryption and decryption are prepared. The characteristic of public key cryptography is
that there is no need to prepare a different key for each person you interact with. Also, unlike symmetric key cryptography, there is no need to pass the
decryption key from the sender to the receiver, and there is no risk of it being stolen by a third party.
3:Hybrid cryptography
Hybrid cryptography is a encryption method that combines public and common keys. This is high strength because it compensates for the shortcomings
of each cipher. Hybrid cryptography have security of public key cryptography and processing speed of symmetric key encryption.
Benefits of encryption
1: Security measures
In recent years, many IT products have been moved to the cloud, making it possible to work on the go. As a result, there are more opportunities to carry
around PCs and tablets containing corporate information. However, on the other hand, if they are lost or stolen, there is an increased possibility that the
data inside will be read and misused. If information is leaked, the company's reputation may decline and compensation may have to be paid, and the
impact on the company is immeasurable. Encrypting data also reduces the risk of information being read by a third party in the unlikely event of such a
situation, which is a security measure.
2:You can manage the export of files and other items.
Some encryption software allows you to take out only encrypted files. By using such software, data containing important information is not taken out
here and there, and you can manage which files are being taken out. In addition to encryption, products that can track exported files and delete data
remotely even if data is leaked have appeared, making it possible to build a system that allows data to be taken out with peace of mind.
3: Capable of responding to unauthorized access attacks
Encryption is the process of encrypting the underlying data using various methods to transform it into information that does not make sense to a third
party. Therefore, even if unauthorized access is made from the outside, the risk of data being viewed or tampered with can be reduced unless it is
decrypted.
Example of using encryption
・e-mail ・wireless LAN ・electronic signature
・

3. Communication and security : RSA Cipher
Do you know
highly secure of RSA Cipher?
The system of RSA Cipher
RSA Cipher is algorithms that is one of the public key
cryptosystems whose security is based on the fact that it is
difficult to factorize a composite number with a large
number of digits into prime factors within a realistic time. It
is the first publicized method that can implement
encryption and digital signatures.
This system makes three person. Rivest , Shamir , Adleman.
Even though the computer, it has to spend more time doing
prime factorization process so the most merit of this
system is highly secure. It is a countermeasure against
threats such as "spoofing" and "eavesdropping" that
browses the transmitted and received data. However, it has
some demerit. For instance, encryption and decryption are
complicated and take a long processing time.
More information and process
・Cipher
Cipher is substitution of information with meaningless strings of characters or signs based
on certain procedures so that only certain people can read it.
・The public key cryptosystems
This system mainly use 2 types of key. The first one is public key and the other is private key.
A public key is a public key that anyone can easily obtain, but a private key is an important key
that has only one key. A public key is a public key that anyone can easily obtain, but a private
key is an important key that has only one key.
・Prime factorization
Prime factorization is the representation of a positive integer by the product of prime
numbers. Positive integer is for example 1 or 2 not -1 or -2 or 0. Prime number is a positive
integer having exactly two factors, i.e. 1 and the number itself. For instance 1 or 3 or 5
not 4 because it has 3 factors, 1 , 2 and 2 so it is a composite number.
・The process of RSA Cipher
1. The recipient creates a public key using the private key
2. The sender obtains the recipient's public key
3. The sender encrypts the plaintext (the sentence to be encrypted) using the public key
and sends it.
4. The recipient receives the ciphertext.
5. The recipient decrypts the ciphertext into plaintext with the private key

4. Can you understand this meaning of number?
123.89.46.72
Explain about IP address
An IP address is an address for network communication.
For example, when Terminal A wants to communicate with Terminal B,
Terminal A adds the information [Source = IP address of Terminal A,
Destination = IP address of Terminal B].
Net work devices such as routers look at the IP address of the
destination, Terminal B, determine the communication path, and
eventually arrive at Terminal B.
More details
The IP address number consists of a "network part" and a "host part".
The network part indicates where the IP address belongs to, and the
host part identifies the computers in the network. The boundary
between the network part and the host part varies depending on the
type of IP address.
IP addresses are assigned to a host either dynamically as they join
the network, or persistently by configuration of the host hardware or
software. Persistent configuration is also known as using a static IP
address. In contrast, when a computer's IP address is assigned each
time it restarts, this is known as using a dynamic IP address.
IPv6 is a type of IP protocol with various improvements over IPv4.
The main difference between IPv4 and IPv6 is the number of IP addresses
that can be assigned; IPv6 uses a 128-digit binary representation of IP
addresses, allowing for virtually unlimited IP addresses.
first octet second octet 3rd octet 4th octet
binary 01111011 01011001 00101110 01001000
Decimal 123 89 46 72
IP address : 123.89.46.72

5. Quantum cryptography
Hook
Key details
More details
• Quantum cryptography is the science of using the
properties of quantum mechanics to perform
cryptographic tasks.
• Almost classical cryptography (non-quantum)
which we use now is ensured by computational
quantities.
• But, quantum cryptography is ensured by volume
of information.
• The most famous example is quantum key
distribution.
Do you know will become can’t use modern
cryptography ?
• Safety by computational quantities is use mathematical algorithm.
• Safety by volume of information is All Result of decryption by any key have
possibility that result is true things.
• The following picture is encrypted communication using quantum key distribution.
Place the key used in the encryption in the box. this box has quantum properties.
Thanks to this box, two communicating users to detected the presence of any third
party trying to gain knowledge of the key. When any third party sees the key in the box,
the box changes shape. So, two communicating users can detect any third party

6. Elliptic Curve Cryptography
Hook
Do you know how strong is
your password?
Key details
This cryptography is based on the difficulty to solve
The Elliptic Curve Discrete Logarithm
Problem(ECDLP). It was invented by VIctor S. Miller
and Neal Konlitz.
In 2004-2005, elliptic curve cryptography was widely
used.This is not the name of the specific method, this
is a generic name that uses an elliptic curve. Public-
key cryptography is often used. We can't find how to
solve the exponential time algorithm. So this
cryptography has the same level of safety until finding
the solution. In addition, This cryptography can be
processed more quickly than RSA cryptography and
can come true by using a short key. But if someone
finds the solution of the exponential time algorithm,
this algorithm loses its safety. And some elliptic curves
have already found the solution.
More details
Theory
・For current cryptography purpose, an elliptic curve is as a plane curve over a
finite field(rather than real number) which consists of the points satisfying the
equation.
𝑦2
= 𝑥3
+ 𝑎𝑥 + 𝑏
How to attack
・side channel attack
If you add the number of P+Q on the elliptic curve, the arithmetic process is
different between addition and multiplication. Therefore we have to need to
prepare the countermeasure for side channel
・using quantum computer attack
shor’s algorithm can be used to break elliptic curve cryptography by computing
discrete logarithms on a hypothetical quantum computer. It is estimate that a
quantum computer with 2330 qubits and 126 billion Toffori gates resources is
required to break elliptic curve cryptography with a modulus of 256 bits. On the
other hand, in order to break RSA encryption with 3072-bits keys, which is
equivalent to the security level recommended by the National Institute of
Standards and Technology, it takes 6146 qubits and 18.6 trillion Toffori gates is
needed. So for the quantum computer, elliptic curve cryptography is easier to
attack than RSA cryptography. But the current quantum computer cannot break.
This is because the resources required to break this cryptography are too large.
・Invalid curve attack
When ECC is used in virtual machines, an attacker may use an invalid attack to
get a complete PDH private key.