<– 4 – Storing Data: Spreadsheets and Databases | 6 – The Internet –>

Learning Objectives

After completing this unit students will be able to:

  • Identify different ciphers and their pros and cons: caesar, random substitution, vigenere 
  • Demonstrate why encryption is important in computing 
  • Describe secret key (symmetric) and public/private key (asymmetric) encryption
  • Understand the uses of RSA and Diffie-Hellman encryption 
  • SSL/TLS, Digital Certificate (CA)
  • Understand one-way functions and simple modular algebra and how they relate to encryption 
  • Describe some basic types of security threats such as phishing, SQL Injection, dictionary attacks, and types of malware
  • Understand what makes a good password (length)
    • Describe why a hash is useful in passwords
    • Understand how salts help in defending against rainbow table attacks 
  • Describe the role of social engineering in most major breaches in recent history
  • Recognize when heuristic techniques are necessary/Indicate when problems are computationally hard  (Traveling Salesman Problem) 
    • Describe how Big O notation affects the efficiency of computational tasks 
    • Be familiar with P vs. NP problems
    • Understand the importance of the halting problem

Suggested Reading

Important Vocab

  • Asymmetric key encryption – a different key is used to encrypt and decrypt a message
  • Backdoor – a secret way to bypass traditional access to a device or network
  • Botnet – a large network of internet-robots called bots controlled by a command-and-control server, often used for DDoS attacks
  • Caesar Cipher – a shift cipher where each letter is shifted the same amount
  • Cipher – a pair of algorithms that give details on how to encrypt and decrypt the data
  • Computationally hard – a problem that takes too long even for a computer to find the exact solution
  • DDoS – distributed denial-of-service attack, hackers flood a site with fake request making all the site’s resources unavailable for legitimate users
  • Decryption – the reverse process of encryption
  • Digital Certificate – a trusted third-party file that verifies a site as legitimate
  • Digital signature – an electronic signature that, by using public key, can be verified authentic
  • Encryption – taking text and converting it so it is illegible
  • Hacker – anyone who uses their technological skills to solve problems. A malicious security hacker exploits weakness on a computer or network and can steal or disrupt data
  • Hashing – the process of running data through a one-way function that takes data of varying sizes and returns a unique fixed length value
  • Heuristic approach – an approach that gives results that are “good enough” when an exact answer is not necessary
  • Key – in cryptography, a shared secret to make encryption harder to crack
  • Logic bomb – code that has been placed into software that waits to run until specific conditions are met
  • Malware – malicious software intended to cause damage to a computer or network
  • Modular arithmetic – using the remainder when dividing, also known as clock arithmetic
  • Multi-factor authentication (MFA) – using two or more methods for verifying a user
  • NP problem – nondeterministic polynomial time, a problem that can be verified, but not solved, in polynomial time
  • One-way Function – a problem that is easy in one direction and difficult in the other
  • P problem – polynomial time, a problem that can both be solved and verified in polynomial time
  • Phishing – using “bait” to trick a user into handing over sensitive information like usernames, passwords, or credit card numbers
  • Private Key – a shared secret needed to decrypt a message
  • Public Key – a system that allows a key to be publicly published
  • Salting – adding a random set of characters to a password before it is hashed to protect against rainbow table attacks
  • Spear phishing – a type of phishing attack that targets a specific person or group using pre-existing knowledge
  • SSL – Secure Sockets Layer, issues digital certificates for websites
  • Substitution Cipher – a cipher where a letter is mapped or swapped with another letter in the alphabet
  • Symmetric Key Encryption – the same key is used both to encrypt and decrypt a message
  • TLS – Transport Layer Security, issues digital certificates for websites
  • Traveling Salesman Problem (TSP) – an NP-hard problem that, when given distances between pairs of cities, seeks to map out the shortest route between many cities and return back to the original city
  • Trojan Horse – malware disguised to hide its true intent
  • Two-factor Authentication (2FA) – a subset of MFA where exactly two methods for verifying a user are implemented
  • Virus – a program that infects other programs and usually spreads to other programs or computers by copying itself repeatedly
  • Worm –a standalone piece of malware that can disrupt a network by copying itself repeatedly without human interaction

<– 4 – Storing Data: Spreadsheets and Databases | 6 – The Internet –>