CSCI-235 Micro-Computers in Science Privacy & Security

CSCI-235Micro-Computers in Science

Privacy & Security

• Simplified Communications Model - Diagram

• EncryptionEncryption is the coding and scrambling process by which a message is made unreadable except by the intended recipientEncryption is needed for electronic commerce

• Encryption BasicsA readable message is called plaintext

An encryption algorithm is a formula used to make plaintext unreadable

The coded message is called ciphertext

I LOVE YOU

V YBIR LBH

Symmetric key encryption are encryption techniques that use the same key to encrypt and decrypt a messageStrong encryption refers to encryption methods that are used by banks and military agencies and are nearly impossible to break

• Basic Terminologyplaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintextcryptography - study of encryption principles/methodscryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing keycryptology - the field of both cryptography and cryptanalysis

• Symmetric Cipher Model

• Two requirements for secure use of symmetric encryptiona strong encryption algorithma secret key known only to sender / receiverY = EK(X)X = DK(Y)

• Assume encryption algorithm is known• Implies a secure channel to distribute key

• Classical Substitution CiphersWhere letters of plaintext are replaced by other letters or by numbers or symbols

• Caesar CipherEarliest known substitution cipherBy Julius Caesar First attested use in military affairsReplaces each letter by k-th letter onExample ( what is k ? ):meet me after the toga partyPHHW PH DIWHU WKH WRJD SDUWB

Can define transformation (with k = 3) as:a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25

Then have Caesar cipher as:Y = EK(X) = (X + k) mod 26

X = DK(Y) = (Y – k) mod 26

EXAMPLE: Encrypt “howdy” using key k = 5

• Cryptanalysis of Caesar CipherOnly have 26 possible ciphers

• A maps to A,B,..Z

Could simply try each in turn A brute force search Given ciphertext, just try all shifts of letters

• Privacy in CyberspacePrivacy refers to an individual’s ability to restrict the collection, use, and sale of confidential personal information

The Internet is eroding privacy through the selling of information collected through Web sites

Few laws regulate selling personal information

• CookiesCookies are small text files that are written to an individual’s hard drive whenever a Web site is visitedFile is sent back to the server each time you visit that site

• Stores preferences, allowing Web site to be customized• Stores passwords, allowing you to visit multiple pages within

the site without logging in to each one• Tracks surfing habits, targeting you for specific types of

advertisements

Legitimate purposes of cookies include recording information for future use. Example: retail sites using “shopping carts”Questionable practices include banner ad companies tracking a user’s browsing actions and placing banner ads on Web sites based on those actions

• HackerSomeone who attempts to gain access to computer systems illegallyHacker noun (see Raymond, 1991)

• A person who enjoys learning the details of computer systems and how to stretch their capabilities – as opposed to the most users of computers, who prefer to learn only the minimum amount necessary

• One who programs enthusiastically or who enjoys programming rather than just theorizing about programming

• First Network Hack (Telephone)John Draper (AKA Cap’n Crunch)1970’s

• Free long distance calls using a whistle found in a cereal box

Whistle emits the same frequency as AT&T long lines to indicate a line was ready to route a new call (2600 Hz)

Flaw:• AT&T took cost cutting measures• The signaling and voice used the same circuit• This flaw made the system vulnerable to anybody that can

generate 2600 Hz

Solution:• Now signaling takes place on a separate path from the one

you talk on