Data security, privacy and integrity

 System security

  • explain the difference between the terms security, privacy and integrity of data
  • show appreciation of the need for both the security of data and the security of the computer
    system
  • describe security measures designed to protect computer systems, ranging from the stand-alone PC to a network of computers, including:
    • user accounts
    • firewalls
    • general authentication techniques, including the use of passwords and digital signatures

Objectives

System Security

  • Ensures the system functionality
  • Ensures only authorized user to have access to the system
  • Types of threats to a system:
    • Internal mismanagement
    • Natural disaster
    • Unauthorized intrusion to the system
    • Malicious software entering the system

Discussion

  • List methods that can prevent from those types of security threats to a system

Authentication

  • Authentication is a technique to prove that the identity is indeed who the person is claiming to be
  • Techniques includes:
    • Password
    • Biometric
    • Digital Signature / Certificate

Strong/Secure password

  • Write down the rules for strong password:

Firewall

  • Firewall (usually) sits between LAN and WAN, designed to prevent unauthorised access between them
  • Firewall can be hardware or software
  • Techniques by firewall:
    • Packet filtering: Examine all the incoming and outgoing packet, and to allow or reject based on the predefined rules
    • Application gateway: Security checking is applied to specific applications

Data Security

  • describe security measures designed to protect the security of data, including:
    • data backup
    • a disk-mirroring strategy
    • encryption
    • access rights to data (authorisation)
  • show awareness of what kind of errors can occur and what can be done about them

Objectives

Security of Data

  • Safeguarding the data against accidental or malicious damage or loss
  • Recover from data loss
    • Backup
    • Disk mirroring
  • Restrict access of data
    • Encryption
    • Authorisation

Backup

  • Full backup
    • Usually done in off-peak hours for the system
  • Incremental backup
    • A full backup is needed first, then only backup those changes, sometimes called differential backup
  • Problem to backup:
    • The files stored should be "frozen" during the backup - no changes should be made until the backup complete, otherwise inconsistent state may be recorded

Disk-mirroring

  • Data is simultaneously stored on two (or more) disk systems during the normal operation
  • RAID-1 is one of the example (research)
  • It's also possible the mirror disk is situated remotely
  • No need to freeze the data when backup (since every write operation will be done on all disks
  • Not a replacement of backup, but both strategy are used in real life

Encryption

  • Data or file is converted to meaningless code with some encryption key / algorithm
  • Only accessible with the decryption key
  • E.g. you can use password to protect a zip folder, thus the password act as the encryption / decryption key
  • Encryption not only protects data from illegal access, but also ensures data are not tampered / intercepted during data transmission

Authorisation

  • Authorisation is about whether a user has the right to access a certain part of system / data
  • Note about difference between authorisation and authentication
  • (Research) learn about the file security in a Windows system

Data Integrity

  • Ensuring the data is valid and up-to-date
  • During input, transfer, storage and retrieve etc.
  • Techniques Include:
    • Validation
    • Verification
  •  describe error detection and correction measures designed to protect the integrity of data, including:
    • data validation
    • data verification for data entry
    • data verification during data transfer, including
      • parity check
      • checksum check

Objectives

Data Validation

  • Automatic checks by computer for validity of the inputted data
  • Validation types:
    • Range check
    • Format check
    • Length check
    • Presence check
    • Unique check - Make sure the data is not repeated, e.g. No two students have same ID
    • Lookup check - Make sure the data is within the possible allowed list (usually the list is defined in Db)
    • Check Digit (next page)

Check Digit

  • An extra character is added to the field, e.g. the last number in DSEJ ID or Macau ID
  • To ensure the data entered / transmitted is correct
  • The check digit will be calculated once the data is entered, and compare with the entered check digit
  • Depending on algorithms, usually check digit can pickup following errors:
    • single (or more) digit error 
    • digit swapped in order
  • Check digit cannot locate / correct error

Activity

  • Try to research how ISBN check digit works
  • Try with ISBN in your textbook and check if it is valid. 
  • Try to make some mistake when inputting the textbook ISBN, and see what type of mistake it can pickup

Data Verification during transmission

  • Data can be corrupted during transmission
  • Verification Techniques:
    • Parity Bit (Odd/Even)
    • Checksum (NOT Check Digit!)
    • Parity Block Check
  • Study: https://www.computerscience.gcse.guru/theory/error-detection

Parity Block Check

Parity Bit Checksum Parity Block
Add one bit to 7-bit data to make the number of 1s odd or even Extra redundant data (checksum) calculated using all the transferred data Parity check made on a group of bytes in sequence 
One bit error Yes Yes Yes
Two bit error No Possible Sometimes
Remark Any Even number of error bit cannot be detected Accuracy depends on size of checksum and algorithm Able to locate which bit is wrong and auto-correct
Made with Slides.com