INFO-I 101 Dimensions of Technology: Encryption
INFO-I 101 Dimensions of Technology: Encryption INFO-I101
Popular in Introduction to Informatics and Computing
Popular in Information technology
This 2 page Class Notes was uploaded by Mei Lin on Sunday March 6, 2016. The Class Notes belongs to INFO-I101 at Indiana University taught by Nina Onesti and Dan Richert in Spring 2016. Since its upload, it has received 12 views. For similar materials see Introduction to Informatics and Computing in Information technology at Indiana University.
Reviews for INFO-I 101 Dimensions of Technology: Encryption
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 03/06/16
Cyber-Security Lecture (by Matt Hottell) Monday, February 23:55 PM Security: CIA • Three Principles underline Information Security: ○ Confidentiality ○ Integrity ○ Availability • Confidentiality ○ Achieving this goal means that only appropriately authorized entities can get access to resources ○ Applies to communications as well as computer resources Techniques: □ Authentication (CAS) Consists of three parts: ◊ What we know: usernames and passwords, security questions ◊ What we have: tokens, keys, IDs ◊ What we are: DNA, retina scanners, fingerprint scanners Usually requires two of those three factors □ Encryption: "jumbling" something up so that it can't be read □ Access controls and classification levels Role based access controls --> students can't change grades online, but instructors can • Integrity ○ This goal is the prevention of unauthorized alteration of data, regardless of accidental or malicious intent ○ If a change occurs, we should be able to recognize that it has happened and hopefully have a backup Techniques □ Algorithmic validation (checksums, hashing) --> LOOK INTO THIS AFTER CLASS Checksums: takes in data, performs algorithm on it, and gives an output Hashing □ Access logs • Availability ○ Authorized users should be allowed to access resources when needed ○ To do this, we need to make sure that attacks or other scenarios are not preventing access Denial of service or server overload □ Denial of service: service resource gets taken offline because someone else has control over it, due to a virus, or something else. Can be up to 50,000 machines □ Server overload EX: Oncourse is really slow at beginning of year □ Most viruses slows down servers so it's too slow to service requests Hacking □ EX: the hacker group Anonymous Accidents/disasters/outages □ Cyberinfrastructure building at IU has bars on the windows and other features to protect from tornadoes and other natural disasters *IUPUI is IUB's backup and vice versa Managing Risk • Managing risk is the way we make decisions about each of the CIA principles • Risk = Threat * Vulnerability * Cost ○ Threat is the frequency of a particular adverse event happening Difficult to impact in order to lower risks ○ Vulnerability is the likelihood of a particular threat being effective against a particular organization i.e. a weakness that can be exploited Cost is the potential impact of a threat acting on a vulnerable organization Dimensions of Technology Page 1 ○ Cost is the potential impact of a threat acting on a vulnerable organization • Example Risk: Virus attack on a PC ○ The threat of a virus attack is approximately 88 per 1000 users per day ○ IU lowers this by requiring anti-virus applications on devices, and resets school computers to a saved previous version as a cheap way to remove viruses ○ New viruses are always being created (roughly 1000 per month) Cryptography • The classic problem in terms of computing is how do we send confidential data securely between two computers that have never communicated with each other before? ○ Buying a book from amazon ○ Getting bank account details Definitions • Plaintext: the message. EX: the bank account details you want to use to buy something online • Cipher text: the encrypted message • Encryption: process of converting plaintext into cipher text • Decryption: process of converting cipher text into plaintext Methods of Encryption • Transposition ○ "Jumbling" the message ○ EXAMPLE: rail fence cipher: one if by land two if by sea - plaintext O e f y a d w I b s a N I b l m t o f y e • Substitution ○ Replaced letters with some other symbol ○ EX: Julius Cesar Cipher ○ Deciphering substitution ciphers: 4.0x10^26 possible arrangements of the 26 letters At one arrangement per sec it would take a billion people the lifetime of the universe to check all possibilities Yet they are surprisingly easy to break □ Frequency Analysis Check frequency of symbols in the cipher text and compare them to "normal" frequency of letters in that language Issues: ◊ Some words can throw off the cipher • Symmetric Key Encryption ○ Knowledge of the same key provides the ability to both encode and decode ○ Traditional forms of encryption ○ Whit Diffie in 1975 Proposed the first asymmetric encryption scheme EX: Alice and Bob each have a private key that only they know and a public key that anyone can know □ The private key cannot be calculated using the public key □ Messages encrypted with Bob's public key can only be decrypted using his private key Also known as Public Key Encryption In 1997 --> LOOK UP THIS ON SLIDES • Cryptography today ○ Most devices and websites use the Public Key Encryption to transfer info Dimensions of Technology Page 2