Authentication

• Verify that data comes from a trusted source:
  • User authenticates themselves to a system (login)
  • Website authenticates itself to prove it is legitimate

Think Pair Share

1. What does it mean by user authenticate to a system?
2. How do you authenticate yourself to a computer system?

User authentications

• Username and password
• Biometrics
  • Use of unique characteristics in human body to authenticate
  • For examples: 
    • ...

How hackers crack your password

Hackers use "brute-force" algorithm to test every combination of the password in order to crack the password.

Strong password is a password that is difficult to crack.

Write down the rules that makes password strong?

Think Pair Share

Share your experience of biometric authentications.

Have you face any problem with that?

Digital certificate

• Digital certificate is for website to authenticate itself
• Help user to see if data is from authentic website
• Usually it is issued by a third-party authority
• Modern web browser may warn if there's problem with certificate

Encryption

• Encode data (plain text) into meaningless code (cypher text) so that only authorized party can access
• It involves encryption key - a particular pattern/method to encode and decode the message
• Hackers can still steal the message, but hard to retrieve the data

Symmetric key encryption

• Sender use a key to encode the message
• Receiver receive the cypher text
• Use the same key to decode the message
• i.e. Sender and receiver share the same key

Think Pair Share

For symmetric key encryption, sender/receiver needs to share the same key. What is the issue for this kind of process, if we use it in a website?

Asymmetric key encryption

• There are two keys - public and private key
• The receiver creates a private key, and generate the public key based on the private key
• Receiver sends the sender the public key
• Sender encodes the message using public key
• Receiver gets the cypher text and decode using private key

Asymmetric key (cont)

• The key for encode and decode is different
• Public key can ONLY encode, but cannot decode
• Only the private key can decode

Firewall

• In computing, a firewall is a network securitysystem that monitors and controls the incoming and outgoing network traffic based on predetermined security rules

Firewall

• Protects LAN from security threats
• Examines data packets to and from LAN
• Base on predefined rules, either allow or block the packets from passing through
• Rules can based on:
  • IP Address and port
  • Content type
  • Application etc.
• Can be software or hardware

Proxy Server

• Act as intermediary between user and web server
• Proxy can:
  • Filter request based on predetermined rules
  • Keeping user's IP address secret
  • Cache the data (improve speed in loading webpages)
  • Act as firewall

Ethics

Think Pair Share

1. What is the difference between ethics and legal?
2. Give some example. 

Discuss the followings about if it is ethical. 

Copyright and Software

Copyright - Legally protected such that creator has exclusive right to distribute the work. 

Piracy - Unauthorised use / reproduction of one's work

Plagiarism - Stealing the work of another without making reference to the source where it was obtained

Opensource

Free software

• Sometimes called "Opensource"
• Source code is available to public
• Free to modify, distribute, use, as long as original authors are credited

Properitary

• Source code is "closed"
• Prohibited to
  • modify the code
  • Copy/distribute
  • Reverse engineering

Freeware

Proprietary software, but they are free (of charge)

Shareware

Proprietary software, free to use in either:

• a certain period of time
• a certain subset of functions