Keeping Secrets with Digital Technology

Information Assurance ProgramAnderson School of Management

Why Are We Here?

• 84% of you have learned safe practices for online activities in school or at home.

• We’re going to build upon your basic Internet “street smarts.”

• We’ll focus on some technologies that are used to protect private information:– Encryption: Digital code that stores information

securely– Passwords: How to hacker-proof your accounts

Cryptography

cipher: a method of encryption, including the algorithm, key(s), and other variables used to encode and decode a message

keyword: word or phrase used in conjunction with an algorithm to encrypt and decrypt messages – like a password!

encryption: conversion of plaintext to ciphertextdecryption: conversion of ciphertext to plaintext

cryptanalysis: the process of deciphering an encrypted message without knowing the algorithmsand keys used to perform the encryption.

plaintext: an original unencrypted message or a message that has been successfully decryptedciphertext or cryptogram: an encoded message resulting from encryption

code: the system or set of rules for converting words or phrases into a cryptogram

Background of Cryptography

The Old Testament Book of Jeremiah employs a reversed-alphabet cipher to encode sensitive words.

The ATBASH Cipher

Background of Cryptography

Julius Caesar made code by shifting the alphabet over by three letters and then substituting Greek letters for Roman.

Background of Cryptography

Thomas Jefferson used a 26-letter cipher wheel to encrypt/decrypt official correspondence while serving as ambassador to France.

Recipient would need own deviceto decode the message.

plaintext

ciphertext

Background of Cryptanalysis

The Enigma, a mechanical encryption machine with four rotary ciphers, was used by the Germans in WWII. Its code . was thought to be unbreakable.

The Allies built the giant“Bombe” machine to crack the Enigma cipher.

Cryptograms and Passwords

Lessons learned from cryptanalysis of the Enigma code drive home two practices we now observe in setting passwords:

– Change them regularly The Germans rotated their Enigma keys daily.

– Don’t write them down The Allies might never have broken the code if not for documentation they got from captured U-boats.

The Dictionary Cipher

The Dictionary Cipher

156, 25, 5

The Vigenère Cipher

The simple way to use the cipher is by choosing one row to use for encryption – like Julius Caesar did!

However, this method is not the most secure.

What is a weakness of the cryptogram produced by this method?

Repeating letters may tip off a cryptanalyst as to the method behind the code!

plaintext: A M A ND A

The Vigenère Cipher

The better way to use the cipher is to switch rows before encoding each letter.

This can be done in sequence orin the order determined by a keyword.

KEYWORD

plaintext:

Using multiple alphabets rotated in keyword order strengthens the code!

A M A ND A

Digital Encryption Activity

We’ve seen the advantage of using a polyalphabetic cipher for encryption.

Let’s see what happens when we use multiple keywords with the cipher…

Everyday Uses of Encryption

• Securing email transmissions• Securing web transactions

– Wherever you see a URL beginning “https:\\”

• Securing wireless networks• Securing individual files

What is the key to encryption and decryption of each of these? …a PASSWORD!

Passwords

• Passwords need to have two qualities:

1.

2.

Secure and difficult to crack.

Easy to remember

Passwords

• Cracking a Password– Brute Force

• Using Common Passwords

– Guessing• Using Known Passwords

“12345”“qwerty”“password”

Your Name: “amanda”Your Birthday: “1286”Your favorite TV Show: “spongebob

Passwords

• Creating a good password:– Dlkj509$13409oi$dslSDF90tq39u45^0qujnkja

98q^u09509340%nd8sq3450934oikljfna0q#095

• How are you going to remember that?

Passwords

• Some Tricks for making a good Password:– Make up an anagram:

• Mrs. Funnell’s class is my favorite part of the day. I can’t wait.

• M.F’cimfpotd.Icw.• M.F’c1m4p0td.Icw.

Passwords

• Don’t– Write down your password– Share your password– Create bad password hints

• Obvious hints: “My teacher’s name”• Starts with “M.F”

Facebook and Social NetworksThe first popular social networking websites took off in the early 2000s

Provide an online presence w/o need for a personal website

Encourage connecting with other users, establishing a online network that resembles real-life social circle

Allow users to share news, etc. with many friends at once vs. sharing one-on-one via email

Is Facebook For Me?

• At age 13, young people can register for Facebook accounts.

• 29% of your classmates are already active on Facebook.

• While Facebook is a fun way to stay connected with friends and family, it is also a source of leaks for private information.

• How will you protect your privacy if you join Facebook?

Facebook

• By default, your profile, photos, and posts can be viewed by everyone

• Contact information visible to “friends”

• Accept “friend” requests carefully

• “Friends of friends” are not under your control

• Use the “Preview My Profile” option

• “Checking in” places not a great idea

Facebook and Social Networking

Sharing Personal Information

Facebook and Social Networking

Click here to jump to Amanda’s profile for tour of what NOT

to show.

Recommend one thing on this profile that Mark should hide from public view.

Facebook and Social Networking

…and photos other people have taken of him.

Visitors to Mark’s Facebook page see both photos he has uploaded…

When and why might that be a problem?

Click here to jump to Amanda’s profile

for DOs and DON’Ts of photos to

share.

• 4/5 have been taught internet security

• 1/4 do things on the internet that their parents don’t know about

• 1/5 opened an email attachment from someone they don’t know

• 1/2 of you have talked with someone online that you’ve never met face to face or you talk about yourself online

• 9/10 of you have a cell phone or smartphone

• Almost all of you have a device that can be used to access wireless networks at home.