Computer Science (9645) | Cyber security

Cyber Security: Protecting Your Digital World (9645)

Welcome to the exciting world of Cyber Security! This chapter is crucial because, in our interconnected digital world, protecting data is one of the most important jobs for a computer scientist.
Don't worry if terms like 'cipher' or 'firewall' sound intimidating—we'll break down these concepts using real-world examples. By the end, you will understand how we defend networks and ensure sensitive information stays secret and accurate.

Quick Review: Why is Cyber Security Needed?

• To ensure Confidentiality (only authorised users see the data).
• To ensure Integrity (data is accurate and hasn't been tampered with).
• To ensure Availability (authorised users can access the system when needed).

Section 1: Understanding Digital Threats (Malware)

Cyber security is often a battle against malicious software, or malware. The syllabus requires you to understand three common types and the vulnerabilities they exploit.

Worms, Trojans, and Viruses

These are all types of malware, but they behave differently:

1. Viruses
A virus needs a host program to attach to (like a biological virus needs a living cell). It requires human action (e.g., running an infected file) to replicate and spread.
Vulnerability exploited: User carelessness or operating system flaws allowing unauthorized modification of executable files.

2. Trojans (Trojan Horse)
A Trojan disguises itself as legitimate software (like the wooden horse used by the Greeks). It performs malicious actions hidden behind its intended function.
Vulnerability exploited: User trust and deception (social engineering).

3. Worms
A worm is a standalone piece of malware that replicates itself and spreads automatically across a network, without needing a host program or human intervention.
Vulnerability exploited: Network configuration flaws, security vulnerabilities in operating systems or applications that allow remote execution.

Section 2: Cryptography and Encryption (3.5.7)

Encryption is the use of an algorithm to convert readable data (plaintext) into an unreadable form (ciphertext). This ensures confidentiality, so that even if intercepted, a third party cannot understand the data unless they have the correct method (the cipher) and the secret value (the key).

Core Terms

• Plaintext: The original, readable message (e.g., "ATTACK AT DAWN").
• Ciphertext: The encrypted, scrambled message (e.g., "DWWDNF DW GDZQ").
• Cipher: The algorithm or method used for encryption/decryption (e.g., shifting letters).
• Key: A secret value (letters or bits) applied by the cipher to convert plaintext to ciphertext.

Did you know? The word "cryptography" comes from the Greek words kryptos (hidden) and graphein (to write).

2.1 The Caesar Cipher (Weak Security)

The Caesar cipher is a simple example of a substitution cipher where each letter in the plaintext is shifted a certain number of places down the alphabet.

Why the Caesar Cipher is easily cracked:

1. Limited Keys: There are only 25 possible shift values (keys). A brute-force attack (trying every possible key) is trivial for a computer.
2. Frequency Analysis: The frequency of letters in the ciphertext (e.g., the letter 'E' is usually the most common) directly corresponds to the frequency of letters in the plaintext. Identifying the most frequent letter in the ciphertext immediately suggests the shift value used.
3. Known Shift: Once the shift applied to one letter is identified, the shift applied to all other letters is known.

2.2 The Vernam Cipher (Perfect Security)

The Vernam cipher, often called the One-Time Pad, offers perfect security—meaning absolutely nothing can be learned about the plaintext by examining the ciphertext.

Conditions for Perfect Security (Must be Met!):

For the Vernam cipher to be perfectly secure, the following conditions must be met:

1. The key must be chosen completely randomly.
2. The key must be at least as long as the plaintext message.
3. The key must be used only once (hence 'one-time pad').
4. The key must be known only to the sender and receiver.

2.3 Computational Security

Modern ciphers (like AES, used in HTTPS) are far more complex than Vernam or Caesar. They rely on computational security.

• A cipher is computationally secure if an algorithm to crack the cipher would take an unfeasible time to complete (e.g., thousands of years with current technology) or has a very low probability of success.
• Unlike the Vernam cipher, it is *theoretically* possible to crack a computationally secure cipher, but practically impossible.

2.4 Symmetric vs. Asymmetric Ciphers (Key Exchange)

Ciphers are grouped based on how they use keys for encryption and decryption.

1. Symmetric Ciphers

• Mechanism: Use the same key to encrypt the plaintext and decrypt the ciphertext.
• Examples: Caesar cipher, Vernam cipher, AES.
• The Problem: The Key Exchange Problem
  This is the major issue with symmetric ciphers: How do the sender and receiver share the secret key without it being intercepted by a third party? If the key is intercepted, the whole system fails.

2. Asymmetric Ciphers (Public/Private Key)

• Mechanism: Use different mathematically related keys for encryption and decryption.
  • One key is Public (shared openly for encryption).
  • One key is Private (kept secret by the owner for decryption).
• Solution: Since the encryption key is public, there is no risk in sharing it. The key exchange problem does not apply because the private key never leaves the owner.

Section 3: Network Security Mechanisms (3.14.5)

While encryption secures the data itself, we need defensive mechanisms to protect the network boundary.

3.1 How a Firewall Works

A firewall acts as a security barrier between a trusted internal network and an untrusted external network (like the Internet). It examines traffic flowing in and out and blocks anything suspicious.

Firewall Mechanisms:

1. Packet Filtering (Simplest)
   Examines the header information of individual data packets (such as the source IP address, destination IP address, and port number). It uses pre-set rules to decide whether to allow or block the packet. It does not inspect the data content (payload).
2. Stateful Inspection (Most Common)
   This is more advanced. It not only checks the header information but also monitors the entire connection (or 'state'). If a packet arrives, the firewall checks if it belongs to an established, active, and legitimate connection before allowing it through.
3. Proxy Server (Application Level)
   A proxy server acts as an intermediary (a 'middleman') for requests from clients seeking resources from other servers.
   • It hides the identity and structure of the internal network from external threats.
   • All external communication appears to come from the proxy server, not the internal clients.

3.2 Digital Certificates and Signatures

These tools use asymmetric encryption concepts (public and private keys) to establish trust and ensure data integrity online.

Digital Certificates

When you connect to an HTTPS website (look for the padlock), the server provides a Digital Certificate.

• Purpose: To verify the identity of the server (e.g., proving that "google.com" is genuinely owned by Google).
• Obtainment: Certificates are issued by a trusted third party called a Certificate Authority (CA).
• Usage: The certificate contains the website’s public key, allowing your browser to securely encrypt data sent to the server.

Digital Signatures

A digital signature is a mathematical technique used to authenticate the sender of a message and guarantee the message's integrity (that it hasn't been changed).

How it works simply: The sender uses their private key to encrypt a hash of the message (the signature). The receiver uses the sender's public key to decrypt the signature and verify the hash matches the received data.

Section 4: Data Integrity and Error Control (3.5.8)

Ensuring the integrity of data means confirming that data transmitted or stored remains exactly the same as the original data, without accidental errors or corruption.

Error Detection Methods

1. Parity Bits

A Parity Bit is an extra bit added to a binary word (usually a byte) to make the total number of 1s either even (even parity) or odd (odd parity).

• Use: Detects simple transmission errors.
• Effectiveness: Very basic. It only detects an odd number of errors (1 bit flip, 3 bit flips, etc.). If 2 bits are flipped, the parity check still passes, but the data is incorrect.

2. Checksums

A checksum is a value calculated from the data block itself using a specific mathematical algorithm.

• Process: The sender calculates the checksum and sends it along with the data. The receiver calculates their own checksum from the received data.
• Verification: If the two checksums match, the data is likely error-free.
• Effectiveness: More effective than a parity bit as it checks the integrity of an entire block, not just a single byte.

3. Majority Voting (Error Correction)

This method is used not just for detection, but also for correction, by sending the same data multiple times (often three times).

• Process: The receiver compares the copies. If one copy is different from the other two, the system assumes the majority version is correct and corrects the erroneous one.
• Effectiveness: Highly effective for simple errors, but inefficient as it uses a lot of extra bandwidth (redundancy).