SIZ Education |Information technology || Computer security by @ghazi.vani || 20% payout to siz-official || #club5050
Greeting to all Steemains. Hopefully, you all are fine and enjoying a great and blessed life with the grace of GOD. I'm going to share the most important topic Computer security.
Being connected to the Internet means giving anybody access to the computer. Despite the traditional
novice user’s belief that he is the one who goes outside, it is instead the Internet world that is coming
inside, with all its benefits and dangers. Knowing a few security issues is nowadays necessary even to
the non-expert user, to avoid being lured into traps or adopting potentially dangerous behaviors.
Moreover, the recent Italian law 196/2003 on privacy issues contains in the Allegato B the minimal security
techniques which must be adopted by system administrators but also by normal users. These law
requirements apply clearly to all companies and professionals who handle data, but they also apply to
personal users who communicate data. To personal users who do not communicate data still the security
requirements to avoid data theft apply.
Computer security Law:
Law 196/2003 in particular splits data into:
- personal data
- sensitive data: data about race and ethnicity, religious / philosophical / political opinions, belonging
to religious / philosophical / political / workers organization
- sensitive data about health and sex
- justice data, which have the same prescriptions as sensitive data
- genetic data, which need extremely particular procedures which will not be described here.
Law 196/2003 prescribes that:
- Each user must be authenticated by a personal username and a password or a biometric device or a
- Each user must have its own permissions, limited only to the data he needs for his work, and the
permissions must be revoked when the user does not need them anymore;
- Users must receive specific training or instructions to be able to use their authentication and to be
aware of their responsibilities, duties, and the possible dangers;
- All data must be backed up (see section 4.7 on page 31) at least every week;
- Security software must be updated at least every year and or 6 months when handling sensitive
- Sensitive data receive special care: they must be stored and transmitted using encryption or the
people must be unidentifiable, for example by assigning to each person’s data a numeric code
instead of his name and surname.
Encryption is a text masking technique, derived from military use, which transforms information in such a
way that it may be correctly read-only with a special password called a key. It uses two keys, a public key for
encrypting, usually known only to one computer or person, and a private key for decrypting, usually known
by all the computers or people who legitimately may read the information. The size of these keys, and
thus the difficulty to be guessed, is expressed in bits, with 128 bits being the typically most secure size
The two following schemas illustrate how B, C, and D can send secret messages using A’s public key.
The sent messages are encrypted and later decrypted by A with his private key. In case somebody intercepts a message, he is unable to decrypt it correctly since he does not have A’s private key, which
is known only to A. Even when somebody uses the public key to decrypt, it does not work.
The same process happens whenever a browser tries to send a password or secret information to a website
using a secure connection (see section 4.5 on page 29): the website tells the browser its public key and the
browser uses it to encrypt information that can be read-only by the arriving website.
Another analogous usage of encryption is to make stored data unreadable except by the owner. In this case
private and public keys coincide and are kept secret. The encryption and decryption process is done
automatically by a program (PDF creation programs or compression programs can do it, see page 11 for
instructions on how to do it) or even by the operative system (if the entire disk is encrypted), which asks the
password to the user every time.
A digital signature, or electronic signature, is an encryption technique for documents that guarantees, at
At the same time, the document’s author’s identity and that the document’s content have not been altered.
According to Italian law 82/2005, a digital signature is equivalent to a handwritten signature.
The two following schemas illustrate instead the usage of encryption for digital signature. A wants to
publish a publicly available document with its signature. It is sufficient for A to encrypt it with his private
key and all the users can try to decrypt it with A’s public key. If the result of decryption is
something readable, it means that the document was really encrypted with A’s private key and thus comes
from A; on the other hand, if the result is unreadable, it means that encryption was not done with A’s
private key. In this way, a digital signature used in combination with PEC can guarantee also the sender’s identity
and email’s content.
While encryption to receive secret messages or to hide information simply requires the user or the program
to create its own couple of private and public keys (programs, for example, browsers, do this operation
automatically without the user’s intervention), for digital signature it is not so simple. Since everybody must
be sure that the public key is really the author’s public key, digital signature requires a certification authority to distribute private and public keys. Even though theoretically a simple password is enough, to be sure that the user does not give the private password around, the certification authority gives him, after having identified him through a governmental identity card, a password usually together with another identification tool (a smart card, a telephone number for an OTP to be sent), which, when used together, correspond to his private key. An automatic signature program takes care of automatically encrypting documents.
Several Italian public institutions are now using the national health care card as a smart card and, using it as certification of user’s identity, offer access to many services, even though they do not offer yet the digital signature of personal documents. The service to digitally sign documents is offered by private certification companies, with prices currently affordable also by private users and with alternative devices such as smartcards or OTP devices.
The major drawback of encryption keys is that if a computer is put to work trying to encrypt a text with many private keys in sequence and then to decrypt it with the correct public key, within some years it will manage to find the right private key which leads to a correct encryption-decryption. Therefore, each couple of private-public keys has a time-limited duration, usually some years, after which it is necessary to change them and encrypt again all the past documents.
Documents for which it is important to determine the exact date of the signature have moreover a temporal mark signed directly by the certification authority.
Comparison with Handwritten Signature:
JOIN STEEM INFINITY ZONE