dable format when it reaches Understand ethical issues related to data security @ Understand that it is their responsibility to safeguard the privacy of others. 2, Importance of data privacy Explain privacy concerns that arise through the mass collection of data e _ Analyze the personal privacy and security concerns that arise with any use of computational systems 3. Simple Encryption © Explain why encryption is an important need for everyday life on the Internet. © Crack a message encrypted with a Caesar cipher using a Caesar Cipher Widget @ Crack a message encrypted with random substitution using Frequency Analysis security flaws of substitution ciphers © Explain the weaknesses and 4, Encryption with Keys and passwords nip between cryptographic keys and passwords. @ Explain the relations! what makes a key difficult to “crack. © Explain in broad term: weak passwords using a tool that shows password ® Reason about strong strength. © Characteristics of good password 5. Cyber crime © Explain the characteristics of a phishing attack © Explain how a DoS (denial of service) attack4.7 Ethical Issues Related to Security| 4.11 Understanding Ethical Issues Related to Data Security The foundation of all security systems is formed on ethical principles If have data of others, it is our own ethical responsibility to keep it secure, Some of the data security issues are: * Confidentiality & Privacy © Fraud & Misuse ) © Patent * Copyright ° Trade secrets ¢ Sabotage ¢ Confidentiality & Privacy To keep the data of others as confidential is indeed taking care of others, For example, if a bank shares the information about my banking transactions with my business competitors then it can harm my business. Similarly, phone companies are supposed to keep the invoices and bills as confidential. Keeping privacy and confidentiality has become difficult in this era of computers and Internet Due to more usage of computers, a wide range of data is collected and stored. This data may be related to credit cards, organisational fund raising ; campaigns, opinion polls, shop at home Services, driving licenses, arrestbers to another company for marketing purpose, entiality of data. tF eans making illegal copies. It can be a book, software, movie, iis painting, house architecture or any other work protected by ett): P right law. Pera Open source software have no copyrights reservation. So, we can copy source code, modify it and can even sell it. software piracy is the illegal (eR copying. distribution, or ro det ey Cade veqedt se OA ved ysage of software. Some || 7 software companies _ sell software with a confidential text, called the key of that | provided to only those | 2 Tce ha people who buy that | cance) CH software. In this way illegal copies are stopped to be installed as shown in Figure 4.1 by using illegal means. This is called cracking the key Figure 4-1 Some people start searching for that key Types of software piracy include: ® Softlifting: Borrowing and installing a copy of a software application from a colleaguemew computers, 1 Duplicating and selling software having line piracy: Typically involves downloading illegal The software industry is Prepared to battle against software Pira courts are dealing with an increasing number of lawsuits concerning Protection of software. Fraud & Misuse Using computers over the Internet, some Unauthorized activities can take Place. Some Of these include theft of money by electronic means, theft of services, and theft of valuable data. Sometimes, we receive an email asking us to click on a link to change Our password. When we click on the link, a webpage opens asking us to sword. If we give our username and Password, Figure 4-2 give our username and pas: actually our password is stolen by Ne malicious user 5 by stating that we have won a grand to fool Likewise, some emails try prize e.g. a car or a house fer fee Pay a small amount as tran that prize. Actually, it is just a way People and get money from them Sometimes, some malicious user disguises himself as our friend and tries to get some confidential information. This is called thishingtreat 2 particular disease, some pharmaceutical companies can make medicines on the basis of your idea. Ethically, they must ea permission before making medicines using your idea. They should eee a certain amount upon sale of the medicine. For this purpose, you must get a patent. . copyright Law Copyright is different from a patent as copyright law says that some idea or product cannot be copied. The rights are reserved for copying. Usually, if a product is copyright protected then we see a symbol of copyright as shown in © eas Figure 4.4 For example, the book you are reading is copyright protected. So, making Figure 4-4 Copyright symb its photocopy 's illegal. Similarly, software products are mostly copyright protected. It means that we cannot copy them, like, MS Windows, MS Office etc. Copyright can deal with misappropriation of data, computer programs documentation, or similar material. * Trade Secrets Trade secrets are usually the secrets that are playing an important role for the success of a company. They have a lot of value and usefulness for the Company. Keeping trade secrets important when more than one software companies develop Product but one of them takes lead. For example, there are many free email Setvices but few of them have significant competitive advantage over others. in the computer science field is very the samesystem while sitting remotely. One can send y ee software. A virus is a computer program written y intentions. It can change/destroy an information or sabotage a p data. 4.1.2 Safeguarding Privacy of Others Did you notice the boards On roads about cameras watching you as shown in Figure 4-5? The purpose of such notices is to alarm you about your privacy and keep you within certain rules and regulations. Similarly, speed cameras are announced before taking your picture or recording Figure 4-5 your video. These steps are just to safeguard your privacy. In the same way, when you give information to an organisation, it is the duty of that Organisation to safeguard your Privacy. Your information is stored in NADRA (National Database and Registration Authority) along with information of your other family members. So, {CCTV stands for Closed-Circuit Television, safeguarding this data is an ethical responsibility of NADRA. Most of the websites also declare their Privacy Dolicies (Figure 4-6), indicating what nformation they collect from you and your ‘Omputer, and with whom they will share it eople usually do not read these policies. Most sers mistakenly assume that their privacy is lly protected due to the privacy policy.es data. 4 guarding Priva Did you notice the boards on roads about cameras watching you as shown in Figure 4-5? The purpose of such notices is to alarm you about your privacy and keep you within certain rules and regulations Similarly, speed cameras are announced before taking your picture or recording your video. These steps are just to safeguard your privacy when you give information to an organisation, it is the duty of that Organisation to safeguard your privacy. Your information is stored in NADRA o ; Sabotage is a serious attack on a computer system. Some can attack the system while sitting remotely. One can send virus free software. A virus is a computer Program written with ne intentions. It can change/destroy an information or sabotage a Precioy Figure 4-5 In the same Way, (National Database and Registration 7 Fs \ Authority) along with information of your other family members. So, safeguarding this data is an ethical responsibility of NADRA. Most of the websites also declare their privacy policies (Figure 4-6), indicating — what information they collect from you and your computer, and with whom they will share it. People usually do not read these policies. Most users mistakenly assume that their privacy is fully protected due to the privacy policy. tands for Closed-Circuit Television, ae Figure 4-6website wants to inform you your privacy. rtance of Data Privacy <3 privacy Concerns that Arise Through the Mass Collection ’ of Data Srganizations are keeping our data due ‘that how far cae computerized systems in-place. There ye more people/organizations having A ation about you than you think. For o : Erol Figure 4-7 Ahospital may have your birth record, NADRA has your family information, Your school has your record, BISE (Board of Intermediate and Secondary Education), Passport office if you have a passport, + Email service providers if you have email accounts Online social networking websites etc. There are companies interested in a lot more than just your name, address and other basic your life. They want to know where you have ou wear, how often you have been sick, if you travelled, what type of clothe buy a product then do you buy something else with that product or not and much more. Ans tions help them in decision making, Example: If you buy t of potato crisps, then you Usually buy a drink a This information is useful for @shopping mall to increase its sale \troduces new offers on both potat Crisps ar I 9,8 piece of information can flow from one place to Mother without any intimation. It is due to mass Collection of data Figure 4-8the Personal Ri that Arise with any use of Com ith the advent of Internet, our computers are no longer stan In fact, now they are connected to millions of other computers i, Due to this connectivity, many security concerns also arises Pri to secure our data according to the following three aspects, 1- Confidentiality: Tt means that we wai We do not want to share it with uninte: Integrity: It means that we want to ke: do not want that the website of our b: it actually is. nt to keep our data as Cor nded persons, 2: want. If data is not available when needex useless. All these aspects are important during the Processing, storage and transmission of data i in a computerized system Computation is a general term for any type of a information processing that can be fepresented mathematically. For example, your rade in 9th class will be computed according — to your marks in every subject. rout In everyone's life there is stunning growth of usage of computational This fact is behind raising concerns about privacy.tion with the Web surfer, called cookies. ™ sag cookies” companies are able to track purchases and gather personal can use this information t | ee ani ft ‘© target their marketing. It.can be ce @ jdered an invasion of their privacy. « , Bre simple Encryption is the process of “yption Encryption Decryption e ging data In such a way that Seca a encoding r by authorised person can read it Plaintext ar Ciphertexd] > | Plaintext | ns conversion of the | ] encoding mear fers to an unreadable format which eH 4 ciphertext. A secret code Figure 4-10 tion Process ) is required to read the own in Figure 4-10. A key is just like a password. ncient times when messages were carried by foot for miles, kings and would send to allies. This helped to protect the secrecy 0} they were stolen. 1oves from one location to A computer expert , is called hacker. Encryption h save data from hackers. oth eachwordin reverse | ohcs”. Another wayisto put. | Youcan devise a techniqu ou can write letters 0 order. For example, the text ny I nes “Lekily becomes'c’ and 'z' becomes’a’. So, in Rextletter in place o 4 own technique encryptthe fis Way, Tlike my school” becor ppm’. Using your own technique encryPEtne,) fy those names. RaMes Of cities in Pakistan and keyt L enc idee Me out like how you Mirror. For fun, write dj ditto them, —— Ube Your regular wr IN9 if you orwriteanoteto someone, lown different words, then reverse it and sen s aie 4.3.1 Import of Encryption for Everyday Life on the In t Encryption is one of the most important methods for Providing datas everyday life on the Internet, v. of personal ecurity. In ast amounts information are stored on INTERNET BANKING = multiple places, So, it is important to know how to keep data Private. Encryption is important because it allows you to secure data from illegal access Figure 4-11 Importance of encryption can be described in the following three points 1. Protection from Hackers Hackers don t just steal information; they can also alter the data to commit fraud. For example, in a bank transaction of online money transfer, they can fraud by changing the target account number 2. Encryption Protects Privacy Encryption is used to protect sensitive data, including personal information for | individuals. This helps to ensure privacy and minimising the opportunities for . surveillance by criminals Figure 4-12the amit they ‘on Protects Data across Devices si ae . {end mobile) devices are a big part of our lives, and transferring M fom aevice to device is a risky proposition, Encryption technology oe protect stored data across all devices, even during transfer, ' sional security measures like advanced authentication help deter wr utnorzed users. ion Cipher Methods ution Cipher methods are the methods of encryption in which the subst es of original text are replaced by some other characters, This Be ion is done by a fixed predefined system. In the following we discuss BE rionly used substitution ciphers. Wo’ 2.1 Caesar Cipher {was a Roman politician and military general who played a critical role 43. ces inthe rise of tl cexing messages to his soldiers and generals, This is the reason for calling he Roman Empire. Caesar used this method of encryption for ar Cipher. In this method, we replace each alphabet in the et. The replacing alphabet is some fixed number of paintext by segsto the ginal alphabet in the sequence of alphabets frample 1: A thr substitution to the right results in the following t! J English alphabet transformation of MNOPQRSTUVWXY NXYZABC Initial alphabets f Encryption alphabets: EFGHUKLMNOPQRST Wihin this substitutio r plaintext PAKISTAN would be encrypted info the ciphertext SDNLVW ). Sample 2: A five-charac it ght result the following Tarsiomation of the standard Englist i Initial alphabets: ABCDEF LMNOPQRSTUVWXYZ Encryption alphabets: GHUKLMNOPQR ABCDE Wi MN this substitution scheme, the plaintext PAKISTAN would be encrypted hertext UFPNXYFSActivity 4.3 Use a three-character Substitution the plaintext PAKISTAN i 4.3.2.2 Vigenere Cipher Vigenere cipher is another Substitution cipher, Vigenere Cipher table for substit: Vigenere Cipher Table: to the left for encrypti into ciphertext. which uses a table i known a Uting the letters of plaintext, The table is shown in Table 4-1. The table cor Frows and 26 columns, where the ite Tow contains the original alphab bet is shifted by one letter to the Asists of ets ftom 4 Z.In each subsequent row the alphal columns are labeled by alphabets fr om A ~Z, and all the rows are als alphabets from A —z. ABcoD JK L MN RsStuy afaje 2 Tt Twn R[s[t]u 8 [By k fel Ml NTo [s|t[ulv che [t[ mM N[olP Tlulviw pip) MINT olPlQ UIV | wi x © ee N[oletolr v{ wix/y F [iE G loleTatris Wz [pletrlsit xly[zTa 4-2 Qlris|tlu y\|zlale neat R/s|tlulv Z{A|BIC 1 fs |tiulv|w Alplclp ue Tul v[wix ale ole ett ful vpwlx Ly] clolelr Left xlyizl Dl el Fie M ¥{zIA EEL Ge 7 LANE [F 41 Ale | GiH{ Tb Hi [a [Kk pea aes i{K[i[M K{ tI MN L | MIN} O [m[ NO N| O]P. oP} Q POUR m c[ DI] girs ¢ posses) eralje 4-1) and in that column, we find a letter that is in front of the row respective letter of the key. We continue this process until all the text is Example: Let's assume that we want to encrypt “PAKISTAN” with the help of “substitution key “ZINDABAD”. We find 'P’ (first letter of plaintext) in column Jabels and ‘2’ (first letter of substitution key) in row labels. We can observe that the row and the column meet at letter ‘O' as marked with yellow colour in Table 4-1. So, the letter ‘P’ is converted to ‘0’. Similarly, we find the letter ‘A’ in “folumn labels which is the first column (marked with green colour) in Table 4- 1. and we find the letter T’ in the row labels. Row and the column meet at the Jeter T’. So, ‘A’ is replaced with T’ In this way the word “PAKISTAN” is converted to cypher text “OIXLSUAQ" as shown in Table 4-2. pam Kes[ecd s T A N Z 1 [_N D Ale A D Poe x L Ss u_ | K Q Table 4-2 Important Note: If the key has less number of letters, then we repeat the letters of that key from beginning. For example, to encrypt the text "PAKISTAN" having 8 letters with the key "BEAUTY" having 6 letters, we repeat the letters of the key to make them equal in length to the given plaintext. So, the key becomes “BEAUTYBE” having same number of letters and this key is Galled interim ciphertext. Activity 4.4 Prepare a chart for the sports you likes the most. In the chart, write names of your favourite #¥etsin plaintext as well asin ciphertext. You can use some key of your own choice.‘ode.ora/s/vigenere/stage/1/puzzle/1 ‘is called Vigenere Cipher Encryption Widget. It shows ani encryption and dectypti the “Encrypt” button and then click on + Both the buttons are marked with red circl decrypt a ciphertext to see the Original me: to see the animation of encrypt les in Figure 4-13, Similarh 'Y, We can ssage. ‘ Shiai alate me i Enter your text message (140 Chavs) 7 |F_ONUY_THis MessAce.cOULD.8&-a secret ] : | ci : = ” ur secret key e [Mvsecretkey east Decrypt |/C el 1 | >t [boi ERaIypTion speed Slow f Fast Result : ky : (rzsece: Plaint text ea = * . {IF.ONLY THis MESSAGE COULD a6 secRET ] Bre) je | Finished! ] © | Figure 4-13 vigenere cipher widget | e Practical to Decrypt a message — To decrypt a message, we find the letters of key in tal f : i text. table and then in that row we locate the letter of encrypted ” : hat letter : ding for tl i i ke the column hea letter is found we ta we find Fe e, AQ" with "ZINDABAD" we letter. For example, to decrypt "OIXLSUAQ’ wit! key "ZI et jare: ence is the teacher ofall things. ay be - q a Men freely believe that which they desire Baa encrypted with Random Substitution using Frequariey Analysis Messages encrypted with the Caesar cipher are very easy to crack. What if instead of shifting the whole alphabet, we map every letter of the alphabet to arandom different letter of the alphabet? This is called a random substitution cipher. Original Message fi Letter Frequencies reg Standard Engtsh ll nesage [S27 “patikj avert poiuy Zxcv rnb Il kkk im Jsdfikj qwercpoiuy zxcv mnb Ill kkk jm sdk qnert poluy zxcv rnb Il kkk jj m “xij qwert poiuy Zev mnt kkk jj m sat ij quert poiuy zxcv mnb ill kkk jj m ‘sth lkjquert poiuy 2xcv rnb Ill kkk jj m sof iki qwert poiuy 2xev mab Ill kk jj m sdf lj quert poiuy zxcv mnb Ill kkk jj) m | asdf kj qwert poiuy 2xcv mnb Ill Kkk jj m | (PTS (STEP EIS ACI ATR(ELMENT PPT a aE i eS Shift the substitution left or right Gee | [<0 '> lene Figure 4-14 Random Substitution using Frequency. Analysis Widget We can visit the website: Mips//studio.code.org/s/frequency_analysis/stage/1/puzzle/1 to view th Midget for this purpose. It’s screenshot is shown in Figure 4-14.you'll be interacting letter used in the English language? May be the most common letter in your encrypted text may but may be not! You'll have to do a bit of substitution makes sense Ps to the letter p, guess and check to see if that In cryptanalysis frequency analysis is the study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers 4.3.5 W ws of Substitution Ciphers @ The simplest of all substitution ciphers are those in which the cipher alphabet is merely a cyclical shift of the plaintext alphabet. The explanation for this weakr s is that the frequency distributions of symbols in the been plaintext and in the ciphertext are identical, only the symbols having relabelled i is that the e Another major problem with simple substitution ciphers & ers are ma t all frequencies of letters are not masked a Som acticpted Message. So, with res ee rn ery, a "key" is not synonymous with rd". It is also possible that a Password can ne used as a key. THE basic difference between Finis these two is that a password is generated, read, meee re 4 ee, for a human ube while a key is used by the software or a ee usa gaat key and the cryptographic algorithm. We can write a program that can access a website and give it a password, It can be used to hi password if the program keeps trying different password for long time. Moreover, a prot : se add unnecessary data by filling 2 form again and again. To ee void this situation only humans are allowed to use a system instead of 2 computer program. So, a picture is shown on a website whenever there is a form and you are asked to read that image and filla field. The image contains text in irregular formwhich is readable for human but not easily fora machine or f Some server computers store key on our computers when we access them y first time. For later use, the same key is used on our behalf but without any f action from our side 44.2 Characteristics of a Good Password A good password should be difficult to guess or crack. It helps to prevent ; unauthorized people from accessing files, programs, and other resources. A good password © isat hast ‘eight characters long | ¢ doesn't contain your user name, real name, kid’s name or company name @ doesn't contain a complete word ® is significantly different from previous passwords ® contains uppercase letters, lowercase letters, numbers, and symbols"would take a computer about 5 SECONDS to crack you password The Internet is an amazing tool for communication, allowing users to connect instantly over great distances Unfortunately, the same communication is also @ great tool for criminals. A crime in which computer network or devices are used is called a cybercrime. For example: ¢ Identity Theft One common form of cybercrime is identity theft. Hackers may use fake emails to trap someone to give passwords and account information. ¢ Transaction Fraud Simple financial fraud is another common crime in the online arena. A scammer may offer an item for sale through an auction site with no intention of delivering once he/she receives payment. Alternatively, a criminal might purchase an item for sale using a stolen credit card. It is also possible FOR SALE -PESRP‘to buy something from own credit card but then reporting the card This is a transactional fraud if the cardholder claims chargeback. Advance Fee Fraud sometimes the hackers congratulate you upon winning a big prize and ask you pay a small amount in advance, so that the prize can be dispatched. This is a common type of cybercrime. The lure of easy wealth has found many victims of these frauds. Hacking Another cybercrime is the practice of hacking, illegally accessing someone else's computer. This happens mostly download some file from —S execute it without knowing in your Figure 4-17 sa e e 1 else to your computer without yor ‘on a n. Tt to gather information a person ¢ ON ay z know } > of software VICES ie . acy already discusse se it ae in Secti National Response 7 mcr aan a INR3C) is a law ent Bh) SCT Rare com ro crim cone | Pakistan dedi . } Working under ) CYBER SCOL rrr ee) } Agency) and Oa CetPhishing is the fraudulent attempt by Sending “emails to obtain sensitive information such as usernames, password and credit card details, © Characteristics of Phishing Emails ‘ @. “Someone tried to Open your account Change your Password Immediately’ b. Official Data Breach Notification ¢. Packet Delivery at your Home Address - d. IT Reminder: Your Password Expires in Less Than 24 Hours hi e. Change of Password Required Immediately an f, Revised Vacation & Sick Time Policy {00 | May g. Email Account Updates ig 2. It sometimes contains messages that sound attractive rather than but threatening e.g. promising the recipients a prize or a reward. foog 3. It normally uses forged sender's address. For example} ten yen al admin@facebook.com, info@gmail.com etc, You can also OP i NOT FOR SALE - PESRP‘the address bar of the web browser. It usually takes contents such as logos, images from the actual website __ to make the fraudulent email look like a genuine email. me “qt may contain a form for the recipient to fill in personal/financial information and let recipient submit it. This information is submitted to a different database. « Characteristics of a Phishing Website ae, 1, It looks like original due to same contents such as images, texts, logos, he colour scheme etc. 2. It may contain actual links to web contents of the legitimate website such as contact us, privacy or disclaimer to trick the visitors. 3. It may use similar name as that of the actual website 4. It may use forms to collect visitors’ information where these forms are similar to those in the legitimate website. 45.1 DoS (Denial of Sérvice) Attack Incomputing, a denial-of-service attack (DoS attack) is a cyber-attack to make @ machine or network resource unavailable. It means a service is denied. For &xample, if you want to visit a website but someone else is already sending | too Many requests to the same website using computer programs, then you t May not be able to access that website. This type of attack is shown in Figure #19 It is just like a robot is sending many requests in small amount of time, for a user, either the service becomes very slow or it is denied. So, by ing the targeted machine or resource with superfluous requests is an Pt to overload the system. It may also cause shutting down a machine or rk,Compromiser Compromber Compromiser Internet Targeted Server(s) Figure 4-19 Dog Attack A such a 20S attackers often target web servers of high-profile oe Be a anking, commerce, and media companies, or 9a or ssol : It in the ganizations. Though DoS attacks do not typically resu ane great ela gnificant information or other assets, they can cost the vic meand money.we need to be careful by sending data over the internet. Every organization to whom the data is entrusted, it is their resp6nsibility . regarding confidentiality and privacy of the data. Piracy means making illegal and unauthorized copies of the software without owner's permission sofflifting is called borrowing and installing a copy of a software application from a colleague. Client-server overuse is installing more copies of the software than you have licenses for. Hard-disk loading means installing and selling unauthorized. copies of software on refurbished or new computers Counterfeiting is called duplicating and selling copyrighted programs. . Using computer for the purpose of some unauthorized activities is called fraud or misuse Promises made b re developer is known as warranty or liability attain its t be misuse and the owne Patent can protect an full rights: ¢ Toprotect value and The computer can information will be s: * Encoding means « ciphertext. Key is needed ply trade nis way sensitive 1 ormat which is called * Passwords are used for authent ® Acrime in which computer network © Illegally accessing someone else's computer is calle ® Denial-of-Service attack (DoS attack) is a cyber ybercrime attack to make a machine or Network resource unavailable for a u = , aleea ‘the correct option. Which of the following doesn’t includes the types of ph piracy? @ Softtifiting (i) Liability Gi) Client server overuse (iii) Online Piracy Which of the following is not a cybercrime? @ Hacking (ii) Phishing crime ii) Identity Theft (iv) Decryption Which of the not the characteristics of Phishing emails? (i) Official data breach Notification (i) Email account update (ii) TT reminder (iv) Similar domain of actual website Ing website? (i) Similar domain of actual website (ii) Using of forms to collect visitors (ii) Actual link to web content (iv) Email account updates 20d password?. 10) Is eight characters long (ii) Doesn't contains username ‘ase letters (iii) Contains uppe (iv) Password is your name only Fill in the blanks: D lled Making illegal copies of software is ca ‘ a aot is a general term for any type of information proces that can be represented mathematically.- is a cyber attack to make machine or | > ae ~ unavailable for a user. ec Answer the following questions. Define cypher text. Why do we need an installation key whereas a software can be protected with a password? . _ Define Denial of Service. 4 Give a reason to add captcha on websites, is What is Patent, and why do we need to register it? 5 iS od Teacher will divide a class in groups and each group has maximum 4 students. Student will make a key having maximum 5 letters and write 4 words in cypher text with respect to that key. Fach encrypted text has at most 10 letters. Teacher will collect these papers from students and divide them randomly to groups and they will be asked to decrypt. The winner will be the group which decrypts the text first.