1. Security and Ethical Challenges
Contributors: Kim Wandersee, Les Pang
Computer Security
Computer Security Goals
Computer security must be viewed in a holistic manner and
provide an end-to-end protection
as data moves through its lifecycle. Data originates from a user
or sensor, passes over a
network to reach a computing system that hosts software. This
computer system has software
and processes the data and stores in in a storage device. That
data is backed up on a device
and finally archived. The elements that handle the data need to
be secure. Computer security
pertains to all the means to protect the confidentiality, integrity,
availability, authenticity,
utility, and possession of data throughout its lifecycle.
Confidentiality: A security principle that
works to ensure that data is not disclosed to
unauthorized persons.
Integrity: A security principle that makes sure
that information and systems are not

2. modified maliciously or accidentally.
Availability: A security principle that assures
reliable and timely access to data and
resources by authorized individuals.
Authenticity: A security principle that the
data, transactions, communications or
documents are genuine, valid, and not
fraudulent.
Utility: A security principle that addresses
that the information is usable for its intended
purpose. .
Possession: A security principle that works to
ensure that data remains under the control of
the authorized individuals.
Figure 1. Parkerian Hexad (PH) security model.
The Parerian Hexad (PH) model expands on the Confidentiality,
Integrity, and Availability (CIA)
triad that has been the basic model of Information Security for
over 20 years. This framework is
used to list all aspects of security at a basic level. It provides a
complete security framework to
provide the means for information owners to protect their

3. information from any adversaries
and vulnerabilities. It adds Authenticity, Utility, and
Possession to CIA triad security model. It
addresses security aspects for data throughout its lifecycle.
The Center for Internet Security has identified 20 controls
necessary to protect an organization
from known cyber-attack. The first 5 controls will provide
effective defense against the most
common cyber-attacks, approximately 85% of attacks. The 5
controls are:
1. Inventory of Authorized and Devices
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software
4. Continuous Vulnerability Assessment and Remediation
5. Controlled User of Administrative Privileges
A full explanation of all 20 controls is available at the Center
for Internet Security website.
Search for CIS controls.
Security Standards and Regulations
The National Institute of Standards and Technology (NIST),
Computer Security Division, provides
security standards in its Federal Information Processing

4. Standards (FIPS) SP 800 series. These
publications are used often by security professionals to ensure
they are properly safeguarding
information technology. NIST maintains a library of security-
related publications.
Individual industries are often guided by a Federal law to help
ensure that the proper security
and privacy controls are established. The following list
provides examples of an industry and it
associated Federal Law.
-- HIPAA
- FISMA
- FERPA
Responsibilities
Computer Security's responsibility is to prevent an intrusion
from occurring, detect a security breach if
one occurs and recover from the security breach. Computer
security generally involves the following
practices:
http://csrc.nist.gov/publications/PubsSPs.html
https://www.hhs.gov/hipaa/for-professionals/security/laws-
regulations/index.html
https://www.dhs.gov/fisma
https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

5. onitoring and Auditing
Once a security breach is detected, the following steps may be
taken:
o Review event logs
o Review variations from the baseline performance
o Use Intrusion Detection Systems (IDS)
o Research security resources to gather information
o Look for common symptoms of a specific attack
o E-mail
o Voice-mail broadcast
o Shut down affected servers
o Remove affected computers from network
o Remove network from the Internet
o Preserve the evidence
o External attacks
protocols can enter the perimeter network and
the private
network
o Internal attacks

6. clean backup
o Maintain service pack versions
o Run intrusion detection systems
o Review event logs regularly
nt logon events
o Collect and record attack details
o Perform a postmortem meeting
o Develop an action plan for future attacks
o Modify the security policy and security plan as needed
Threats
Figure 2. Typical threats.
Disasters
Disasters include natural and man-made disasters. These
include: tornado, hurricane, earthquake, fire,
bombings, and bioterrorism.

7. Humans
Human activity creates a number of threats to computer
security.
llowing company policy
passwords
tricks on legitimate users of a
computer system, in order to obtain information he needs to
gain access to the system
-sharing policies with business partnerships
Malicious Code
Malicious
Code
Description
Virus A code fragment that copies itself into a larger program,
modifying that program. It
executes only when its host program begins to run. It can
reproduce immediately or can
be triggered by a particular event, such as a date.
Worm Typically an independent program and copies itself from

8. one computer to another,
usually over a network.
Trojan Horse A code fragment that hides inside a program and
performs a disguised, unauthorized
function.
Bomb A type of Trojan Horse, used to release a virus, a worm,
or other system attack. It is
planted by a system developer and is triggered when a particular
date, time, or condition
occurs.
Trap Door A mechanism that is built into a system by its
designer or programmer. It provides the
designer a way to circumvent the normal access to the
application. Unfortunately these
can be left in the system and allow unauthorized access to the
system.
Spoof A program that tricks an unsuspecting user into giving
away privileges.
Hoax A program that claims that it is malicious code, but does
not do harm to the
system. Instead, it wastes time while security engineers
determine there is no threat.
Spyware A program that resides on your computer, captures all
of your activities, and then sends
the information to a company or hacker for their use.
Ransomware Malicious software that typically encrypts the
victim’s file making them no longer
accessible and demands a ransom to decrypt the files.

9. E-Commerce Dangers
misrepresentation of identities
or other facts in order to obtain something of value. With a
proper security system in
place, the consumer will be able positively to authenticate the
identity of the e-
commerce business and the business will be able to identify the
consumer
before performing the transaction. Identity theft constitutes a
current, serious example
of fraud perpetrated through unauthorized access to personal
information on the
Internet.
system. The financial
transactions may be altered if one can modify the data during
transit. Cryptographic
message digests can indicate whether a message has been
tampered with.
-of-service attack involves
preventing one from accessing
data by confusing or overloading the related computers or
networking equipment.
Transmission Control Protocol (TCP) is a communication
protocol commonly used on the
Internet for many kinds of communication. TCP SYN flooding
attack is a threat that
involves denial of service launched on the Internet. With TCP
SYN flooding attack,
hackers attempt to open so many TCP connections with a server
that it results in denial

10. of additional incoming connections. Interactive Web
technologies such as Java,
JavaScript, and ActiveX increase the difficulty of preventing
denial-of-service attacks.
With these Web technologies, a denial-of-service can be easily
embedded in programs.
Controls and Defenses
Policy, Processes, and Procedures
A security policy:
and network usage
security incidents
procedures
Data Backups and Hot Sites
Data backup protects not only against physical disasters but also
against equipment failure,
data theft, data modification and data corruption. Obviously the
backup site must be remote
from the primary database to avoid a common disaster. Backup
media include tape, at lower
cost, and disk, at higher cost. Backup frequency may be
periodic, as in once a week, or
continuous, as in a site that mirrors the primary site.

11. Communication with the backup site may
vary from physical transport to high-speed telecommunications
links. The type of backup needs
to be matched to the requirements of company or individual.
Backup frequency depends on the
acceptable data loss that might occur between the last recovery
point and a failure. The speed
and sophistication of recovery depends on the acceptable down
time. The cost of the backup
and recovery system should not greatly exceed the risk. Here,
risk is taken to be the amount of
the possible loss times the probability of its occurrence.
Access Control
Access control can take a variety of forms. "Firewall" or "proxy
server" software provides access
control for computers connected to the Internet. Access control
can involve using transmission
cables that cannot be tapped. Access control can also involve
requiring authentication prior to
allowing a computer to make known the content of certain data
files.
Forms of the latter type of access control are the following:
Strong Passwords
Passwords are critical to preventing unauthorized access to the
network and applications.
Therefore, passwords should be difficult to guess. They should

12. be eight or more characters and
a combination of capital and small letters, numbers, and special
characters. Passwords should
be changed regularly and frequently.
Microsoft provides recommendations for creating and using
strong passwords at the following
URL.
http://www.microsoft.com/protect/yourself/password/create.msp
x
Microsoft also provides a free password checker. To check the
strength of your password, use
the following URL:
http://www.microsoft.com/protect/yourself/password/checker.m
spx
Single Sign-On (SSO)
Many organizations are implementing Single Sign-On
technology. This technology consolidates
all user passwords into one. The user can access all applications
with only one login to the
network. Some organizations require two- or three-factor
authentication when using single
sign-on technology.
Three Factor Authentication

13. that individuals are who
they say they are.
-factor
authentication requires
the use of a password
(something you know), a
token (something you
have), and biometric data
(something you are).
Figure 3. Authentication Factors
Trusted Transactions
Before the Internet, most security measures focused on
Perimeter Security for an
organization. Technologies included firewalls, anti-virus
software, intrusion detection, and e-
mail scanning.
In the early 2000s, people hesitated to use the Internet for
banking, on-line shopping and other
transactions that involved sending financial or credit card
information over the Internet. There
was insufficient confidence in the technology that the data
would reach its destination without
being alter or intercepted.
E-Commerce enabled by the Internet requires trusted
transactions. E-Commerce has moved
transactions away from the organization to integrated
transactions between the customer, the
business, the supplier and the payer. In order to do this, security

14. measures had to be in place to
create trust.
http://www.microsoft.com/protect/yourself/password/create.msp
x
http://www.microsoft.com/protect/yourself/password/checker.m
spx
In other words, Internet transactions require
-repudiation
Cryptography (or Encryption)
Cryptography can satisfy many of the security requirements for
trusted transactions.
Cryptography involves the use of codes and ciphers in order to
transmit information so that
access is restricted to the intended recipient. The primary
objective of cryptography is to allow
two or more users to communicate securely over an insecure
medium, for example, the
Internet. The information to be transmitted, called plaintext, is
encrypted using a
predetermined key to generate the ciphertext. The ciphertext is
transmitted over the insecure
medium to the receiver, who recovers the plaintext using a
cryptographic key and algorithm.
Cryptosystems can be classified into two categories: (1)

15. symmetric key cryptosystems and (2)
public key cryptosystems.
1. Symmetric Key Cryptosystems. These have the same problem
as unconditionally secure
codes. The key to decode the message must be transported to the
desired recipient
without a chance of falling into the wrong hands.
2. Public Key Cryptosystems. These provide a means to move
information in a secure
fashion without the need to secretly transmit a decoding key.
The disadvantage is that it
requires a large amount of computing to code and decode a
lengthy message.
Symmetric key and public key cryptography systems together
possess the necessary
characteristics to perform security for a wide variety of
systems, including secure e-commerce,
e-mail, and World Wide Web (WWW) interactivity. Today's
secure Internet data movements
are based on the following concepts:
for a symmetric code with a
reasonable amount of computing effort.
using the fast symmetric
key system.
Commonly Encountered Symmetric Codes
Data Encryption Standard. In 1977, the National Institute of

16. Standards and Technology (NIST)
published the Data Encryption Standard (DES). DES is a block
cipher algorithm. DES has 64-bit
block size (ciphertext is 64 bits in length). The DES key is 56
bits in length. DES was last reviewed
in 1993 and was approved for unclassified applications until
1998. Although DES is widely used,
it is no longer secure and must be replaced with more robust
algorithm.
Advanced Encryption Standard. The Advanced Encryption
Standard (AES) algorithm succeeded
DES. AES is a symmetric block cipher algorithm. AES has 128-
bit block size. AES has variable key
size (128, 192, or 256 bits). AES is more secure than DES.
Rijndael (pronounced as Rhine-Doll)
was selected as the algorithm. Conformance testing was done in
the summer 2001. The
standard will be reevaluated every five years.
Public Key Infrastructure (PKI)
PKI can be used for Internet e-business security, improve user
confidence in using the Internet
for transactions, and to implement trusted transactions.
PKI ensures the following conditions.
Confidentiality: Is the data private?
User authentication: Are you who you say you are?
Non-repudiation: Are you the only one who could have

17. made this transaction?
Data integrity: Has the data been tampered with?
PKI Technology includes the following features.
Digital Certificate
Binds user's identity to public key in
a digital form
Registration Authority (RA)
Security Officers of PKI
Administrator of PKI
Certificate Authority (CA)
Establishes trust
Issues digital certificates
Validates owner's identity
Certificate Revocation List (CRL)
List of all revoked certificates
Time revocation
Reason for revocation
Directories and X.500
Public repositories
Complete Public Key Infrastructure
Automates the management of digital certificates, public
keys, and private keys
Digital Certificates
Digital certificates provide a mechanism to connect the identity

18. of a subject (an individual,
company, or computer) to a public cryptographic key in a way
that can be trusted and verified.
To provide digital certificates, a certain entity called a trusted
party is responsible for verifying a
set of credentials in accordance with a predefined policy. If
approved, the subject's public key
and credentials are digitally coded and signed using the trusted
party's private key to form a
certificate. The certificate can then be distributed in a public
manner, and the identity
associated with a public key can be authenticated by decoding
the certificate with the trusted
party's public key and verifying the signature on it. Digital
certificates are issued by trusted
parties called Certification Authorities (CA).
Digital Signatures
Many public key algorithms can provide authentication, data
integrity, and nonrepudiation.
Since public key algorithms compute slowly, algorithms to
obtain a summary or "fingerprint" of
the plaintext are desirable. These algorithms are known as
message digests or hash functions. A
hash function processes an input of arbitrary length and
produces a fixed size output. Secure
message digests or hash functions possess three essential
mathematical properties.
1. Every input bit influences every output bit.

19. 2. If a single input bit is changed, every output bit has a 50
percent chance of changing.
3. Given an input and corresponding hash, it should be
computationally unfeasible to find
another input with the same hash.
Common message hash functions include: MD2, MD4, MD5,
MD6, SHA, SHA-1, SHA-2 and SHA-
3. MD2, MD4, and MD5 were developed by Ronald Rivest of
RSA Data Security. These are 128-
bit digests.
A digital signature may be created and sent along with a
message to achieve authentication and
to assure data integrity and nonrepudiation. The sender, say,
Alice, applies a hash function H to
her plaintext message m to create the message digest,
represented symbolically by Hm. This
means that H operates on m. Alice then operates on Hm with her
certified private key A to
produce the encrypted message digest AHm. She sends AHm to
the recipient, say Bob, along
with m. Bob recovers Hm by operating on AHm with Alice's
certified public key A*. Symbolically,
A*AHm = Hm, since A* just undoes A. Bob then separately
operates on the received plaintext
message m' with H to obtain Hm'. If Hm' = Hm, Bob is sure that
(1) the message came from Alice
and (2) it was not tampered with in transmission, and (3) Alice
cannot disavow it.
Security Considerations

20. Privacy
Although privacy and security are related, they are not
identical. Privacy pertains to an
individual's right to limit disclosure of personal information. It
is an implied right, rather than an
expressed one, flowing from the U.S. Constitution. Security
pertains to data, which may contain
information about individuals. If personal and consumer data
are protected, so is personal and
consumer privacy. Thus, businesses go to great lengths, on line
and off, to guarantee the
confidentiality of such data. However, to assure the security of
a computer system, it may be
necessary to observe the usage of it by individuals, thus
infringing upon their complete privacy.
It may be necessary to conduct a background check of
prospective employees to assess their
character and habits, again infringing upon their privacy. In a
larger sense, the government
finds it necessary to conduct wiretaps under warrant and to
perform other surveillance to
provide national security.
Intellectual Property
One of the striking features of intellectual property—that is,
creative works of writing and
music—in digital form is its cost asymmetry. What this means
is that the Beatles incurred a
substantial cost to supply the first unit of intellectual property,
say, the digital master of Sgt.

21. Pepper's Lonely Hearts Club Band. Yet the marginal cost—the
cost of producing and distributing
one more copy of it—is trivial. Therein lies the root of our
intellectual property problems. First,
how can we pay for the first unit? Then how should we price the
subsequent units? The record
companies say that the subsequent units must be priced enough
over their marginal cost to pay
for the first unit. The users say that the subsequent units should
be priced at their marginal
cost, namely almost nothing. The record companies achieve
their goal through their monopoly
on production and distribution granted by the copyright law.
But when the digital age makes
copying and distribution almost free, the users face irresistible
temptation to break the
monopoly, as the original Napster did.
Such issues as this led to the concept of Digital Rights
Management (DRM). Here producers
used various methods of coding and encryption to restrict
copying and distribution of
intellectual property. Successful efforts to break the DRM codes
led, among other reasons, to
the rewrite of the copyright laws as the Digital Millennium
Copyright Act of 1998 (DMCA). In
one controversial provision, DMCA made it a crime to defeat
DRM codes. About the best we
can say here is that the issue still simmers. Nevertheless,
producers and distributors are having
some success in persuading users to pay a little for their music
and videos. Apple's iTunes
testifies to that.

22. Equitable User Access
Under the heading of equitable user access, the concept of the
digital divide looms large. The
more affluent individuals of this country and the world have
access to personal computers and
broadband that bring benefits of information and productivity.
The less affluent individuals of
this country and the world lack this access and these benefits.
Clearly a positive feedback
operates to enhance the skills and achievements of those with
access, whereas that feedback is
lacking for those without access. United States policy
recognizes this problem in a limited way.
The Federal Communications Commission administers a so-
called Universal Service Fund.
Telecommunications carriers must contribute a portion of their
revenue to the fund. The fund's
monies are then made available (1) to subsidize the price of
telephone service to high cost
areas (like rural or mountainous settlements),(2) to provide core
telephone service to low
income individuals, (3) to help schools and libraries pay for
advanced telecommunications
services, and (3) to help rural health care facilities pay for the
same.
The International Telecommunication Union works to increase
the penetration of
telecommunications services to developing countries.

23. The MIT Media Lab has now achieved production of "One
Laptop per Child," a bare bones
computer costing only $100, operable even in regions without
electric power. Intel and other
organizations are following suit with competitive offerings.
Beyond these efforts, little is really being addressed.
Net Neutrality
Net neutrality has two sides -- those in favor and those against.
Those in favor of the principle argue that the genius of the
Internet is its complete neutrality
with respect to those who supply content, those who consume
content, and the content itself.
Because all the intelligence is "at the edges" of the network in
the terminal devices, anyone can
display his bright idea or videos of his trained seal; others can
seize upon that idea and develop
it or criticize it. In this way information and innovations are
spread around with the result of
raising the economic and cultural level of the nation.
Those against the principle argue that the nature of content has
greatly expanded since the
Internet's early days. Some content deserves more priority than
others. Some content deserves
more speed or reliability than others. Some users, such as
Google and Yahoo, pump more
volume into the Internet than others. To accommodate these
diverse needs, new investment in
the facilities and capabilities of the Internet are needed.

24. Therefore, pricing for some content
and some users should be higher to finance such investment.
Apart from these principles is the practical fact that some
users—even individual users—and
some content use up more of Internet capacity than others. An
example is file sharing of videos
through the BitTorrent protocol. This recently became
troublesome for Comcast, in that five
percent of the users on its network consumed 70 percent of the
capacity. Such lopsided use
could degrade service for the other 95 percent of the users
sharing the network, suggesting
that Comcast should have the right to manage such traffic in the
interests of its customers and
its business. Fortunately, it was in the mutual interest of both
Comcast and BitTorrent to agree
on a traffic management solution that ameliorated the problem.
No legislative resolution of the issue has occurred to date,
although the U.S. Congress is still
concerned.
Regulatory Considerations
Some aspects of information technology are regulated.
Historically the most important portion
is the telephone industry, especially the local exchange.
Accordingly, we volunteer a few salient

25. points about regulation.
You run into regulations every day. When you drive your
automobile to work, you follow a set
of regulations for driving --observe the speed limit, stay right
except to pass, and so forth. You
have paid a tax for your tags, which you must have to drive
your vehicle on the streets, and you
have a driver's license, which you obtained by initially passing
written and "behind-the-wheel"
tests. You have probably renewed your license by taking an eye
test, or perhaps another
written test. You enter a restaurant knowing, at least
subconsciously, that the meat you will eat
was inspected by the Department of Agriculture, its weight
measured on a scale calibrated by
the division of weights and measures, and prepared in a kitchen
inspected by the local
department of health. Regulation permeates daily life.
Fundamentally, regulations are adopted to protect the public.
These regulations are designed
to help in a variety of circumstances. Some regulations go to
safety, like those governing foods
and drugs. Others go to economics, like those governing prices.
For example, the market may
not be efficient enough to prevent one competitor from holding
enough market share to
dictate prices to consumers. In such a case, the company may be
said to have monopoly power.
Regulation is developed to prevent an abuse of such market
power, perhaps by setting rates, or
at least by limiting them.

26. Markets in which there are many buyers and sellers characterize
perfect competition. Each
transaction in the marketplace has a relatively small bearing
upon the overall market and each
transaction is a small component of overall market volume.
Products differ, and consumers may
choose the characteristics of the products they want from among
a wide range of suppliers.
Consumers or purchasers will have a high degree of information
on which to base choices. They
may use product specifications, price, and other criteria to make
their market choice. Choosing
one supplier over another does not disadvantage them. When
these conditions are met, supply
and demand are in equilibrium and determine the market price.
The opposite of competition is monopoly, such as existed
formerly in many parts of the
telephone industry. In a monopoly environment, choice is
substantially reduced. There are
fewer choices of suppliers, of products or services, and of
criteria for choosing products. In a
pure monopoly there is but a single supplier. That supplier
could then control supply in such a
way to maximize profit. It turns out that maximum profit occurs
at a smaller supply and higher
price than would occur under perfect …