COMP522

Privacy & Security

  • Privacy is the ability of a person to control the availability of information about and exposure of him- or herself. It is related to being able to function in society anonymously. (Wikipedia)

  • Security is a condition that results from establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.

  • HNDL: Harvest Now | Decrypt Later

What can hackers do with my information?

  • Sell your data to other hackers
  • Identify thief

Cryptography & steganography

  • Ubfirnarion hiding: steganography & digital watermarking, Steganalysis & Cryptanalysis
  • Cryptography for secrecym for signing, etc;
  • Symmetric key and asymmetric key protocols;
  • Applications, e.g encryption,.
  • Cryptographic protocols

Identification, authentication, authorisation

  • Identification: associating an identity with a subject.

Authentication

Authentication: establishing the validity of something, such as an identity.

  • Authentication is the process of verifying the identity of a user, device or other entity in a computer system, often as a prerequisite to allowing access to resources in the system.

  • Authentication is used for the purpose of performing trusted communications between parties for computing and telecommunications applications.

  • Authentication techniques

    • Passwords what you know
      • Problems:
        • short memorable password can be guessed or searched by attacker
        • long and random password is difficult to remember
    • Tokens what you have
      • Physical token (identity token, security token) is physical device which perform or help authentication
      • Problems:
        • The token doesnt really “prove” who an owner of the token is- any body who has possession of the token can gain access
        • If the token is lost, the owner can not have an ccess, despite his/her identity has not changed
        • Some tokens may be easily copied or forged
    • Biometrics who you are

  • Authorisation: associating rights or capabilities with a subject.

Multi-factor authentication techniques

To increase security in some applications tokens are combined with other means of identification, such a passwords (PINs).

Biometrics-based techniques

A biometric is a feature measured from the human body that is distinguishing enough to be used for user authentication