UNIT II METHODS TO SECURE YOURSELF IN THE CYBER WORLD

1.Reversible and Irreversible Cryptographic mechanisms

Encipherment
The use of mathematical algorithms to transform data into a form that is not
readily intelligible. The transformation and subsequent recovery of the data
depend on an algorithm and zero or more encryption keys.
Digital Signature
Data appended to, or a cryptographic transformation of, a data unit that allows a
recipient of the data unit to prove the source and integrity of the data unit and
protect against forgery (e.g., by the recipient).
Access Control
A variety of mechanisms that enforce access rights to resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a data unit or stream of
data units.
Authentication Exchange
A mechanism intended to ensure the identity of an entity by means of
information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
Routing Control
Enables selection of particular physically secure routes for certain data and
allows routing changes, especially when a breach of security is suspected.
Notarization
The use of a trusted third party to assure certain properties of a data exchange.
Trusted Functionality
That which is perceived to be correct with respect to some criteria (e.g., as
established by a security policy).
Security Label
The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
Event Detection
Detection of security-relevant events.
Security Audit Trail
Data collected and potentially used to facilitate a security audit, which is an
independent review and examination of system records and activities.
Security Recovery
Deals with requests from mechanisms, such as event handling and management
functions, and takes recovery actions.
2. Applications of Digital Signature
Digital Signature
 A digital signature is an electronic signature form used for authentication
of the identity of the communicator or an authority signing the document.
 It ensures authenticity and originality of the content of the
communication or the document.
 Digital Signatures remain unchanged throughout the communication or
documentation, they are easily transportable and it cannot be imitated by
anyone else.

Applications

The important reason to implement digital signature to communication is:

o Authentication
o Non-repudiation
o Integrity

Authentication

 Authentication is a process which verifies the identity of a user who

wants to access the system.

 In the digital signature, authentication helps to authenticate the sources of

messages.

Non-repudiation

 Non-repudiation means assurance of something that cannot be denied.

 It ensures that someone to a contract or communication cannot later deny

the authenticity of their signature on a document or in a file or the
sending of a message that they originated.

Integrity

Integrity ensures that the message is real, accurate and safeguards from
unauthorized user modification during the transmission.
Algorithms in Digital Signature

A digital signature consists of three algorithms:

1. Key generation algorithm

The key generation algorithm selects private key randomly from a set of
possible private keys. This algorithm provides the private key and its
corresponding public key.

2. Signing algorithm

 A signing algorithm produces a signature for the document.

 Signing algorithms are algorithms used to sign tokens issued for your
application or API. A signature is part of a JSON Web Token (JWT) and
is used to verify that the sender of the token.

 RS256 (RSA Signature with SHA-256): An asymmetric algorithm,

which means that there are two keys: one public key and one private key
that must be kept secret. Auth0 has the private key used to generate the
signature, and the consumer of the JWT retrieves a public key from the
metadata endpoints provided by Auth0 and uses it to validate the JWT
signature.
 HS256 (HMAC with SHA-256): A symmetric algorithm, which means
that there is only one private key that must be kept secret, and it is shared
between the two parties. Since the same key is used both to generate the
signature and to validate it, care must be taken to ensure that the key is
not compromised. This private key (or secret) is created when you
register your application (client secret) or API (signing secret) and choose
the HS256 signing algorithm.

3. Signature verifying algorithm

A signature verifying algorithm either accepts or rejects the document's

authenticity.
3.Good password practices

Never reveal your passwords to others. You probably wouldn’t give your

ATM card and PIN to a stranger and then walk away. So, why would you give
away your username and password? Your login credentials protect information
as valuable as the money in your bank account. Nobody needs to know them but
you—not even the IT department. If someone is asking for your password, it’s a
scam.

Use different passwords for different accounts. That way, if one account is

compromised, at least the others won’t be at risk.

Use multi-factor authentication (MFA). Even the best passwords have limits.

Multi-Factor Authentication adds another layer of protection in addition to your
username and password. Generally, the additional factor is a token or a mobile
phone app that you would use to confirm that you really are trying to log in.

Length trumps complexity. The longer a password is, the better. Use at least
16 characters whenever possible.

Make passwords that are hard to guess but easy to remember.

 To make passwords easier to remember, use sentences or phrases.

 Avoid single words, or a word preceded or followed by a single number
(e.g. Password1). Hackers will use dictionaries of words and commonly
used passwords to guess your password.
 Don’t use information in your password that others might know about
you or that’s in your social media (e.g. birthdays, children’s or pet’s
names, car model, etc.). If your friends can find it, so will hackers.
Complexity still counts. To increase complexity, include upper and lower case
letters, numbers, and special characters. A password should use at least 3 of
these choices.

Use a password manager. Password management tools, or password vaults,

are a great way to organize your passwords. They store your passwords
securely, and many provide a way to back-up your passwords and synchronize
them across multiple systems.