College of Engineering & CS
Wright State University
Dayton, Ohio 45435-0001
"On the Internet, Nobody knows you're a dog. True or False?"
Privacy and security are siblings. The WWW has brought the Internet to every computer with a modem or a NIC. What is not as widely known is the loss of privacy and security it has caused. This lecture describes these issues, and present some measures that individuals can take.
In the real world you have the power to choose when and to whom you reveal certain parts of your identity. But on the Internet the digital footprints you leave can be tracked and compiled without your knowledge or consent.
"Internet security is akin to a three-tiered cake. The top layer is the
Internet as a network, and this was the weak point hackers exploited in the
February 2000 denial of service attack [on popular Internet sites, including
Yahoo.com and Amazon.com]. The attack was composed of an excessive number of
false, computer-generated hits on a given Web site causing the site to overload,
and become unavailable to customers. The second layer of the cake is
transactional security, or what is commonly called e-commerce and personal
identity. This includes the question of who, really, sent you an email, or whose
Web site are you accessing. The third layer of the Internet security cake is
personal privacy, represented by encryption such as PGP. These three separate
areas are commonly lumped together in discussions but must be understood
independently to properly discern the Internet security issues."
[From "Internet Security and the Courts", Bradley J. Hillis, June 8,
The talk by Mateti gives you an overview of personal security and privacy. [Prabhaker Mateti, "Personal Security and Privacy on the Web," June 2000, slides: HTML | ppt. Required Reading.]
There are now numerous web sites educating the public on internet privacy. Here are a few recommended sites:
The Publius software allows anyone with a Web browser to post a file online, with almost no fear of being traced or of having the content removed from the system without permission. AT&T is supporting this online system designed to let Web surfers publish any content without fear of censorship.
Publius works by breaking a file into small pieces, making many different copies of each piece, and then distributing them individually across a network of volunteer Web servers. It is like putting a photograph on a jigsaw puzzle, making copies, taking the puzzle apart, and then hiding all of the individual pieces. Using strong encryption, Publius develops the equivalent of a Web address, or URL, where the content can be "found." The address contains coded instructions for finding all the hidden pieces and putting them back together. The address cannot be used to track down the original author or to track down all the individual pieces and delete them, however.
Authors can update the content themselves, but the URL coding system can detect whether unauthorized changes have been made to the content. A setting also allows the content publishers to keep even themselves from deleting files from the network, lest they are afraid of being coerced by some authorities at a future date.
[http://cs1.cs.nyu.edu/waldman/publius/ Recommended visit.]
(Please note that there are organizations which include "freenet" as a substring in their names but unrelated to the following.)
Freenet is a peer-to-peer network designed to allow the distribution of information over the Internet in an efficient manner, without fear of censorship. Freenet is completely decentralized, meaning that there is no person, computer, or organisation in control of Freenet or essential to its operation. This means that Freenet cannot be attacked like centralized peer-to-peer systems such as Napster. Freenet also employs intelligent routing and caching meaning that it learns to route requests more efficiently, automatically mirrors popular data, makes network flooding almost impossible, and moves data to where it is in greatest demand. All of this makes it much more efficient and scalable than systems such as Gnutella. Ian Clarke,Brandon Wiley, Oskar Sandberg and Theodore W. Hong, "Freenet: A Distributed Anonymous Information Storage and Retrieval System", ICSI Workshop on Design Issues in Anonymity and Unobservability, July 25-26, Berkeley, California. [freenet.sourceforge.net/ index.php? page=theoppr Required Reading.]
"A planetary memory for all mankind is coming... The initiative aims to develop highly survivable and available storage systems made up of widely distributed processors that are individually unreliable and untrustworthy -- with the overall system nevertheless secure. Inspired by the Internet and Web, this project targets self-organization, self-maintenance, and effective administration in the absence of central control. It is basic research in the area of Internet distributed algorithms and protocols, and may lead someday to a standard for information archives -- an important component of digital libraries." [www.intermemory.org/ Recommended visit.]
There is now (June 2000) commercially available software that covertly records every key an employee touches, and then tells the boss. In fact, if you try to delete the keys out and back space over them, the software has a facility to unwork that...so you cannot delete what you were typing and get away with it.
These lecture materials are gleaned from many sources. All are presented after careful reading. In some cases, I may have neglected proper attribution. I assure the reader it is not because I claim authorship. Indeed, in the lectures there is hardly any thing new that I have contributed. Suggestions for improvement are always welcome.
|06/01/08 02:33:54 PM|
|Open Content Copyright © 2000 firstname.lastname@example.org||Other Internet Security Lectures by Mateti|