9. Computer Security and Issues
-
Upload
amandaorion -
Category
Documents
-
view
222 -
download
0
Transcript of 9. Computer Security and Issues
-
8/6/2019 9. Computer Security and Issues
1/27
1
Spring 2009
Lesson - 9
Computer Security andIssues That Affect Us All
CSE 101
-
8/6/2019 9. Computer Security and Issues
2/27
2
Computer Crime
Software Piracy
Protections from Piracy
-
8/6/2019 9. Computer Security and Issues
3/27
3
Computer Crime Software Piracy
Software piracy the illegal copying of software programs isthe biggest legal issue affecting the computer industry.
Piracy is of greatest concern to developers of commercialsoftware, or programs that must be purchased before using.
Piracy is less of a concern for shareware makers, whoseprograms must be registered but not always purchased.
Piracy is not a concern for freeware, which is software that canbe freely distributed by anyone.
-
8/6/2019 9. Computer Security and Issues
4/27
4
Computer Crime Protection From Piracy
Various forms of copy protection have been usedto discourage piracy, including:
Installation diskettes that record the number oftimes the software is installed.
Hardware locks, without which the program cannotfunction.
Passwords, serial numbers, or other codes requiredfor installation.
-
8/6/2019 9. Computer Security and Issues
5/27 5
Computer Viruses
Categories of Viruses
Preventing Infection
-
8/6/2019 9. Computer Security and Issues
6/27 6
Computer Viruses Categories of Viruses
Boot sector viruses Self-encrypting viruses
Cluster viruses Self-changing virusesFile-infecting viruses Stealth viruses
Worms Macro viruses
Bombs Joke programs
Trojan Horses Bimodal viruses
Polymorphic viruses Bipartite viruses
Self-garbling viruses Multipartite viruses
E-mail viruses Macro viruses
A virus is a parasitic program that infects anotherprogram (the host). Most viruses fall into the following
categories:
-
8/6/2019 9. Computer Security and Issues
7/27 7
Computer Viruses Preventing Infaction
Viruses are spread in several ways. The most common are:
Treat all disks as though they are infected.
Install an antivirus program and keep its virus definitions(database of virus information) up to date.
Run your antivirus program regularly.
Receiving an infected disk. Downloading an infected executable file from a
network or the Internet. Copying a document file that is infected with a
macro virus.
To avoid viruses, you should:
-
8/6/2019 9. Computer Security and Issues
8/27 8
Theft
Hardware and Software Theft
Data Theft
Protecting Networks
-
8/6/2019 9. Computer Security and Issues
9/27 9
Theft Hardware and Software Theft
As PCs become smaller and as more people uselaptop and handheld computers hardware theft isbecoming a growing problem.
Software theft is also a major problem for companies,
many of which must purchase large quantities ofexpensive software programs.
To combat hardware and software theft, many
companies are locking hardware to desks and securingsoftware in libraries, granting access to employees onlyas needed.
-
8/6/2019 9. Computer Security and Issues
10/2710
Theft Data Theft
Data theft can be far more serious than software or hardwarelosses, because data can be difficult or impossible to replace.
Hackers are a threat to sensitive corporate and governmentdata because they pride themselves on getting around securitymeasures.
Organizations can keep hackers at bay by protecting theirnetworks. This can be done by enforcing the use of user IDsand passwords.
Data can also be protected through encryption, making ituseless to anyone who does not have the encryption key.
-
8/6/2019 9. Computer Security and Issues
11/2711
Computer and The Environment
Planned Obsolescence
Use of Power
C t d th E i t Pl d
-
8/6/2019 9. Computer Security and Issues
12/2712
Computers and the Environment Planned
Obsolescence
Because hardware and software products becomeobsolete after a given time, older systems aredisposed of in large numbers.
Large-scale disposals add to the clogging of landfills
and pollution.
To reduce these problems, organizations candownload software from the Internet (reducing the
number of disks and manuals used). Hardware canbe recycled or donated to charities or schools.
-
8/6/2019 9. Computer Security and Issues
13/27
13
Computers and the Environment Use of Power
Many people leave their computers runningcontinuously, whether in use or not. This consumespower unnecessarily.
To solve this problem, you can use a "green PC,"
which automatically powers down the monitor andhard drive after a period of non-use.
Another way to conserve energy is to use hardware
that conforms to the EPA's "Energy Star" program,which sets standards for power consumption.
-
8/6/2019 9. Computer Security and Issues
14/27
14
Ergonomics and Health Issues
Ergonomics Defined
Repetitive Stress Injuries
Avoiding Repetitive Stress Injuries
Eyestrain
Electromagnetic Fields
-
8/6/2019 9. Computer Security and Issues
15/27
15
Privacy Issue
Junk Faxes and E-Mail
Beating Spammers at Their Own Game
Privacy Issues Facing Corporate Computer
Users
-
8/6/2019 9. Computer Security and Issues
16/27
16
Network Security
Classic properties of secure systems:
Confidentiality Encrypt message so only sender and receiver can understand it.
Authentication Both sender and receiver need to verify the identity of the other party in
a communication: are you really who you claim to be?
Authorization Does a party with a verified identity have permission to access (r/w/x/
) information? Gets into access control policies.
-
8/6/2019 9. Computer Security and Issues
17/27
17
Classic properties of secure systems: (cont.)
Integrity During a communication, can both sender and receiver detect whether a
message has been altered?
Non-Repudiation Originator of a communication cant deny later that the communication
never took place Availability
Guaranteeing access to legitimate users. Prevention of Denial-of-Service (DOS) attacks.
-
8/6/2019 9. Computer Security and Issues
18/27
18
Cryptography
Encryption algorithm also called a cipher Cryptography has evolved so that modern
encryption and decryption use secret keys Only have to protect the keys! => Key distribution
problem Cryptographic algorithms can be openly published
Encryption Decryptionplaintext ciphertext plaintext
Encryption Decryptionplaintext ciphertext plaintext
Key KA Key KB
-
8/6/2019 9. Computer Security and Issues
19/27
19
Cryptography
Cryptography throughout history: Julius Caesar cipher: replaced each character by a
character cyclically shifted to the left.Weakness? Easy to attack by looking at frequency of characters
Mary Queen of Scots: put todeath for treason after QueenElizabeths Is spymaster crackedher encryption code
WWII: Allies break GermanEnigma code and Japanese navalcode Enigma code machine (right)
-
8/6/2019 9. Computer Security and Issues
20/27
20
Cryptography
Cryptanalysis Type of attacks:
Brute force: try every key
Ciphertext-only attack: Attacker knows ciphertext of several messages encrypted with same
key (but doesnt know plaintext).
Possible to recover plaintext (also possible to deduce key) by looking at
frequency of ciphertext letters Known-plaintext attack:
Attacker observes pairs of plaintext/ciphertext encrypted with samekey.
Possible to deduce key and/or devise algorithm to decrypt ciphertext.
C t h
-
8/6/2019 9. Computer Security and Issues
21/27
21
Cryptography
Cryptanalysis Type of attacks:
Chosen-plaintext attack: Attacker can choose the plaintext and look at the paired ciphertext.
Attacker has more control than known-plaintext attack and may be ableto gain more info about key
Adaptive Chosen-Plaintext attack:
Attacker chooses a series of plaintexts, basing the next plaintext on theresult of previous encryption
Differential cryptanalysis very powerful attacking tool
But DES is resistant to it
Cryptanalysis attacks often exploit the redundancy of
natural language Lossless compression before encryption removes redundancy
P i i l f C f i d Diff i
-
8/6/2019 9. Computer Security and Issues
22/27
22
Principle of Confusion and Diffusion
Terms courtesy of Claude Shannon, father ofInformation Theory Confusion = Substitution
a -> b
Caesar cipher Diffusion = Transposition or Permutation abcd -> dacb DES
Encryption Decryptionplaintext ciphertext plaintext
Key KA Key KB
P i i l f C f i d Diff i
-
8/6/2019 9. Computer Security and Issues
23/27
23
Principle of Confusion and Diffusion
Modern substitution ciphers take in N bits andsubstitute N bits using lookup table: called S-Boxes
Confusion : a classical Substitution Cipher
Cryptographers often think in terms of the plaintextalphabet as being the alphabet used to write the originalmessage, and the cipher text alphabet as being the lettersthat are substituted in place of the plain letters. A cipher isthe name given to any form of cryptographic substitution, in
which each letter is replaced by another letter or symbol.
C Ci h
-
8/6/2019 9. Computer Security and Issues
24/27
24
Caesar Cipher
According to Suetonius, Caesar simply replaced each letter in a message withthe letter that is three places further down the alphabet.
As shown below, it is clear to see that the cipher text alphabet has beenshifted by three places. Hence this form of substitution is often called theCaesar Shift Cipher.
Courtesy:
Andreas
Steffen
Pi Ci h
-
8/6/2019 9. Computer Security and Issues
25/27
25
Pigpen Cipher
Plain Text : I Love Computer Science
Cipher text :
The Pigpen Cipher was used by Freemasons in the 18th Century to keep theirrecords private. The cipher does not substitute one letter for another; rather
it substitutes each letter for a symbol. The alphabet is written in the gridsshown, and then each letter is enciphered by replacing it with a symbol thatcorresponds to the portion of the pigpen grid that contains the letter. Forexample:
Principle of Confusion and Diffusion
-
8/6/2019 9. Computer Security and Issues
26/27
26
Principle of Confusion and Diffusion
Diffusion : a classical Transposition cipher
modern Transposition ciphers take in N bits andpermute using lookup table : called P-Boxes
Courtesy:
Andreas
Steffen
-
8/6/2019 9. Computer Security and Issues
27/27