Protection of Data (Cambridge (CIE) IGCSE ICT)

Protection of Data

How can data be kept securely?

• Data can be held securely by storing it in an encrypted format and ensuring authentication is being used

• This goes a long way to ensuring that only trusted sources can access the data

• There are a number of ways to store data securely, these include:

  • Biometrics

  • Digital certificate

  • Secure socket layer (SSL)

  • Encryption

  • Firewall

  • Two-factor authentication

  • Usernames & passwords

Biometrics

What are biometrics?

• Biometrics are a way of authenticating a user by using their unique human characteristics

• Some of the ways biometrics can be used are:

  • Fingerprint scans

  • Retina scans

  • Facial recognition

What are the benefits of using biometrics?

• Biometric data is unique to the person and can not be copied, meaning that the data is always with the person

• Passwords can be easily copied, forgotten, guessed or cracked

• It is difficult to copy or forge biometric data

• Biometrics eliminates the possibility of attacks such as shoulder surfing and key-logging software

• Biometrics of a high degree of accuracy as there is no known way to copy a person's retina pattern for example

What are the drawbacks of using biometrics?

• Collecting biometric data can be intrusive, for example, scanning eyes

• Scans be not be recognised, an example of could be fingerprint scans with dirty hands

• Retina and iris recognition is very expensive to install

• Low light can provide an issue for facial recognition as well as hats and glasses

• people may be uncomfortable having their most unique characteristics being stored in a database

Digital certificate

What is a digital certificate?

• A digital certificate is a digital file used to prove who stores the public key

• The public key works alongside a private key to encrypt and decrypt the data so that all content is secure

• Digital certificates are given by trusted companies to ensure they are real and safe

What is included in a digital certificate?

• Digital certificates contain a lot of information, some of this includes:

  • Public key: The key associated with the holder

  • Subject information: Details about the holder

  • Issuer information: This identifies the certificate authority (CA)

  • Validity period: The start and end date for the certificate to remain valid

  • Serial number: A unique number to identify the certificate

  • Signature algorithm: The algorithm used by the CA to sign the certificate

  • Digital signature: The CA's signature to prove the certificate was issued by them

Secure Socket Layer (SSL)

What is SSL?

• Secure Socket Layer (SSL) is a security protocol which is used to encrypt data transmitted over the internet

• This helps to prevent eavesdropping and other forms of interception

• SSL is widely used to protect online transactions, such as those involving credit card information or other sensitive data

• It works by sending a digital certificate to the user’s browser

• This contains the public key which can be used for authentication

• Once the certificate is authenticated, the transaction will begin

Encryption

What is encryption?

• Encryption is a method of converting plain text into ciphered text to be stored

• Encryption uses complex mathematical algorithms to scramble the text

• Asymmetric encryption, also known as private key, public key encryption is often used for web pages and other communication

What form of attack would this prevent?

• Encryption plays a role in all forms of attack on a network

• It is important to note that it does not prevent the attacks from occurring but it does stop the attacker from gaining access to the information

Firewall

What is a firewall?

• A firewall is a barrier between a network and the internet

• A firewall prevents unwanted traffic from entering a network by filtering requests to ensure they are legitimate

• It can be both hardware and software and they are often used together to provide stronger security to a network

  • Hardware firewalls will protect the whole network and prevent unauthorised traffic

  • software firewalls will protect the individual devices on the network, monitoring the data going to and from each computer

What form of attack would this prevent?

• Hackers

• Malware

• Unauthorised Access to a Network

• DOS/DDOS attacks

Two-factor authentication

What is two-factor authentication (2FA)?

• 2FA is a security measure that requires users to provide two separate forms of identification to verify their identity

• The purpose of 2FA is to add an extra layer of security beyond just a username and password

• It usually involves a combination of something the user knows (password), something the user has such as a smartphone using SMS or an authenticator application

• The two stages of two-factor authentications are:

  1. the user enters a username and password / pin number

  2. The user enters a 1 time unique pin number sent to their mobile device

Username & Password

What are passwords?

• Passwords are a digital lock to prevent unauthorised access to an account

• They are often stored as an encrypted/ciphered text entry in a database, ensuring that even with unauthorised access to a database, a hacker would not be able to gain access to the individual passwords of users

• Strong passwords and regular password changes are important to maintain security

• To maintain a strong password, it is recommended to use a combination of uppercase and lowercase letters, numbers, and special characters

What form of attack would this prevent?

• Data Interception and Theft

• Physical Security Issues

• SQL Injection

What are the advantages and disadvantages of using passwords?