Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Slides:

Advertisements

Similar presentations

Part I: Making Good Online Choices

Advertisements

Social Networking Brian Oswald

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

Internet Security Passwords.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Chapter 11 Security and Privacy: Computers and the Internet.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

Lecture 16 Page 1 CS 136, Fall 2014 Privacy Computer Security Peter Reiher December 11, 2014.

Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,

ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.

Security, Social and Legal Issues Regarding Software and Internet.

Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

Encryption and Hacking By Steph Garrihy. What is Encryption? Encryption is when data is scrambled by software using a preset key so that anyone viewing.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 6 Page 1 CS 236, Spring 2008 Privacy and Anonymity CS 236 Advanced Computer Security Peter Reiher May 6, 2008.

Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.

Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.

Lecture 17 Page 1 CS 136, Fall 2013 Privacy CS 136 Computer Security Peter Reiher December 5, 2013.

Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.

Lecture 19 Page 1 CS 136, Spring 2009 Web Security and Privacy CS 136 Computer Security Peter Reiher June 4, 2009.

DoS Attacks Phishing Keylogging Computer Laws/Acts.

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

Lecture 8 Page 1 CS 236 Online Protecting Interprocess Communications Operating systems provide various kinds of interprocess communications –Messages.

Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 13 Page 1 CS 236 Online Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 19 Page 1 CS 236 Online Privacy Privacy vs. security? Data privacy issues Network privacy issues Some privacy solutions.

By: Jasmin Smith  ability to control what information one reveals about one’s self over the Internet.

Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?

Lecture 17 Page 1 CS 136, Spring 2014 Privacy CS 136 Computer Security Peter Reiher June 3, 2014.

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

Lecture 16 Page 1 CS 136, Spring 2016 Privacy Computer Security Peter Reiher May 26, 2016.

Lecture 7 Page 1 CS 236, Spring 2008 Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Privacy Computer Security Peter Reiher March 9, 2017

Outline The basic authentication problem

Outline Basic concepts in computer security

Hotspot Shield Protect Your Online Identity

Outline Properties of keys Key management Key servers Certificates.

Password Management Limit login attempts Encrypt your passwords

Societal Issues in Computing (COMP466)

What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.

Privacy CS 136 Computer Security Peter Reiher December 4, 2012

Web Security Lots of Internet traffic is related to the web

The Social Networking revolution

Privacy Privacy vs. security? Data privacy issues

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.

Presentation transcript:

Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Lecture 17 Page 2 CS 236 Online Privacy Data privacy issues Network privacy issues Some privacy solutions

Lecture 17 Page 3 CS 236 Online What Is Privacy? The ability to keep certain information secret Usually one’s own information But also information that is “in your custody” Includes ongoing information about what you’re doing

Lecture 17 Page 4 CS 236 Online Privacy and Computers Much sensitive information currently kept on computers –Which are increasingly networked Often stored in large databases –Huge repositories of privacy time bombs We don’t know where our information is

Lecture 17 Page 5 CS 236 Online Privacy and Our Network Operations Lots of stuff goes on over the Internet –Banking and other commerce –Health care –Romance and sex –Family issues –Personal identity information We used to regard this stuff as private –Is it private any more?

Lecture 17 Page 6 CS 236 Online Threat to Computer Privacy Cleartext transmission of data Poor security allows remote users to access our data Sites we visit save information on us –Multiple sites can combine information Governmental snooping Location privacy Insider threats in various places

Lecture 17 Page 7 CS 236 Online Some Specific Privacy Problems Poorly secured databases that are remotely accessible –Or are stored on hackable computers Data mining by companies we interact with Eavesdropping on network communications by governments Insiders improperly accessing information Cell phone/mobile computer-based location tracking

Lecture 17 Page 8 CS 236 Online Do Users Care About Privacy? Evidence suggests yes, but... Not necessarily in the way researchers think –E.g., data suggests teenagers aren’t worried about privacy from hackers –They worry about privacy from their parents One must consider the actual privacy goals of users in protecting privacy

Lecture 17 Page 9 CS 236 Online Data Privacy Issues My data is stored somewhere –Can I control who can use it/see it? Can I even know who’s got it? How do I protect a set of private data? –While still allowing some use? Will data mining divulge data “through the back door”?

Lecture 17 Page 10 CS 236 Online Privacy of Personal Data Who owns data about you? What if it’s really personal data? –Social security number, DoB, your DNA record? What if it’s data someone gathered about you? –Your Google history or shopping records –Does it matter how they got it?

Lecture 17 Page 11 CS 236 Online Protecting Data Sets If my company has (legitimately) a bunch of personal data, What can I/should I do to protect it? –Given that I probably also need to use it? If I fail, how do I know that? –And what remedies do I have?

Lecture 17 Page 12 CS 236 Online Options for Protecting Data Careful system design Limited access to the database –Networked or otherwise Full logging and careful auditing Store only encrypted data –But what about when it must be used? –Key issues –Steganography

Lecture 17 Page 13 CS 236 Online Data Mining and Privacy Data mining allows users to extract models from databases –Based on aggregated information Often data mining allowed when direct extraction isn’t Unless handled carefully, attackers can use mining to deduce record values

Lecture 17 Page 14 CS 236 Online An Example of the Problem Netflix released a large database of user rankings of films –Anonymized, but each user had one random identity Clever researchers correlated the database with IMDB rankings –Which weren’t anonymized –Allowed them to match IMDB names to Netflix random identities

Lecture 17 Page 15 CS 236 Online Insider Threats and Privacy Often insiders need access to private data –Under some circumstances But they might abuse that access How can we determine when they misbehave? What can we do?

Lecture 17 Page 16 CS 236 Online Local Examples Over 120 UCLA medical center employees improperly viewed celebrities’ medical records –Between Two accidental postings of private UCLA medical data in 2011 UCLA is far from the only offender

Lecture 17 Page 17 CS 236 Online Encryption and Privacy Properly encrypted data can only be read by those who have the key –In most cases –And assuming proper cryptography is hazardous So why isn’t keeping data encrypted the privacy solution?

Lecture 17 Page 18 CS 236 Online Problems With Data Encryption for Privacy Who’s got the key? How well have they protected the key? If I’m not storing my data, how sure am I that encryption was applied? How can the data be used when encrypted? –If I decrypt for use, what then?

Lecture 17 Page 19 CS 236 Online A Recent Case Yahoo lost 450,000 user IDs and passwords in July 2012 –The passwords weren’t encrypted –Much less salted Password file clearly wasn’t well protected, either Who else is storing your personal data unencrypted?