Computing Security

1
Computing Security Ethics

• GEK1511 Tutorial Session 8

Tutor Miss Elizabeth Koh diskre_at_nus.edu.sgOffice
phone 65162829 Slides found at www.comp.nus.edu.
sg/ekoh/teaching.htm
2
Outline

• Recap of Computing Security and Ethics Lecture
• Online Examination Case Discussion
• Final Tips for Project

3
Computing Crimes

• Malware
• Hacking/Cracking
• Identity theft
• Scam
• Digital piracy

4
What are the differences?
5
Identity theft

• Impersonation of someone elses identity to
  obtain information or credit
• Related to Phishing
• (http//www.nus.edu.sg/comcen/security/faq/Phishin
  g.htm)
• Attempt to obtain your login credit card
  details by masquerading as a trusted party (e.g.,
  a bank)

6
Example of Phishing
http//www.dbs.com/sg/personal/ibanking/additional
info/security/phishing/
7
Security measures Key principles

• Securing Communication
• Secrecy
• Prevent understanding of intercepted
  communication
• Cryptography, Symmetrical/Secret Key System vs
  Asymmetrical/Public Key System (CD interactive)
• Authentication
• Establish identity of sender/receiver
• digital signature, 2 factor authentication
• Integrity
• Establish that the communication has not been
  tampered
• SSL, VPN
• Controlling access e.g. via Firewall

8
Computing Ethics

• Ethics
• Privacy
• Netiquette
• Spam
• ACM Code of Ethics

9
Tutorial Case Study

• Online Examination Case Discussion

(a.) How can we ensure that it is really the
student who is taking the examination? (Note We
need to ensure that it is the right student who
is sitting through the entire exam) (b.) How
can we ensure that each student only get to
access the designated examination during the
specified time of the examination? (c.) How can
we ensure the security and secrecy of the
examination questions on the online examination
system? In other words, how can we ensure that
the examination questions would not be leaked
prior to the conduct of the examination? (d.)
How can we ensure that the answers submitted
remotely by the students to the online
examination system have not been
intercepted/tampered as it is transmitted online?
10
(a.) How can we ensure that it is really the
student who is taking the examination? (Note We
need to ensure that it is the right student who
is sitting through the entire exam) Use
biometric for authentication access control.
Biometric technology (e.g. facial recognition)
can be used to ensure that it is the same student
who is sitting for the paper throughout.
11
(b.) How can we ensure that each student only get
to access the designated examination during the
specified time of the examination?
Authentication access control. Digital
signature. Biometric can again be used here.
Moreover the access rights for each examination
paper is only activated during the period of the
examination. As a further precaution, examination
paper that are not being taken can also be
encrypted to prevent any accidental access.
12
Questions
(c.) How can we ensure the security and secrecy
of the examination questions on the online
examination system? In other words, how can we
ensure that the examination questions would not
be leaked prior to the conduct of the
examination? Firewall. (Answers should include
how a firewall can achieve this, e.g. prevent
hackers, audit trail) Also, authentication
access control as well as encryption can be used
as well.
13
Questions
(d.) How can we ensure that the answers
submitted remotely by the students to the online
examination system have not been
intercepted/tampered as it is transmitted online?
VPN, SSL. Encryption. Digital signature.
14
Final Tips for Project

• Web pages have to employ scannable text, using
• highlighted keywords (hypertext links serve as
  one form of highlighting typeface variations and
  color are others)
• meaningful sub-headings (not "clever" ones)
• bulleted lists
• one idea per paragraph (users will skip over any
  additional ideas if they are not caught by the
  first few words in the paragraph)
• the inverted pyramid style, starting with the
  conclusion
• half the word count (or less) than conventional
  writing

15
Final Tips for Project

• Credibility is important for Web users
• can be increased by high-quality graphics, good
  writing, and use of outbound hypertext links
• Links to other sites show that the authors have
  done their homework and are not afraid to let
  readers visit other sites

16
Project Submission

• The finalized Web pages are to be uploaded to the
  UNIX Web server using the UNIX account of any
  group members on 30 March 2007 by 1159pm.
• The project report, which comprises solely of the
  Web pages print-out, is to be submitted
• Hand in hardcopy of project (BW, legible text,
  10-15 A4 pages) to box placed outside S15-04-28
  by 3pm 30th March
• The report should have a cover page consisting of
  the following details
• Names, Matric Numbers Email of all members
• Tutorial Group/Team
• Project Topic
• Name of Tutor
• URL of your project Website
• Minimal changes to webpage allowed that differ
  from your print-out

17
Presentation/Demo

• Held next week
• Can use own laptop or PC in classroom (no sound)
• Load website from Internet OR present direct from
  local drive
• Each group given 12mins to present, 3mins for QA
• Timer
• Random choosing of groups to be the critique
  group
• BE AS PUNCTUAL AS POSSIBLE!
• 2nd week of presentations Exam Revision

18
Computing Security Ethics

• GEK1511 Tutorial Session 8

Any Questions?
Slides found at www.comp.nus.edu.sg/ekoh/teaching
.htm Tutor Miss Elizabeth Koh diskre_at_nus.edu.sgS
15-04-28 Phone 65162829