UNIT 5 Information Security and Biometrics Technology

5-1 Introduction to computer security

1. Introduction

Computer Security is techniques developed to protect single computers and network-linked computer systems from accidental or intentional harm, including destruction of computer hardware and software, physical loss of data, deception of computer users and the deliberate invasion of databases by unauthorized individuals.

Computers and the information they contain are considered confidential systems because their use is typically restricted to a limited number of users. Confidentiality and the possession of information can be violated by shoulder surfing, or observing another user's computer screen; tricking authorized users into revealing confidential information; wiretapping, or listening in on or recording electronic communications; and stealing computers or information.[1] 

A variety of simple techniques can prevent computer crime. For example, destroying printed information, protecting computer screens from observation, keeping printed information and computers in locked cabinets, and clearing desktops of sensitive documents prevent access to confidential information. But more sophisticated methods are also necessary to prevent computer crimes.

2. Encryption

One technique to protect confidentiality is encryption. Information can be scrambled and unscrambled using mathematical equations and a secret code called a key. Two keys are usually employed, one to encode and the other to decode the information. The key that encodes the data, called the private key, is possessed by only the sender. The key that decodes the data, called the public key, may be possessed by several receivers. The keys are modified periodically, further hampering unauthorized access and making the encrypted information difficult to decode or forge.

3. Approved Users

Another technique to prevent computer crime is to limit access of computer data files to approved users. Access-control software verifies computer users and limits their privileges to view and alter files. Records can be made of the files accessed, thereby making users accountable for their actions. Military organizations give access rights to classified, confidential, secret, or top secret information according to the corresponding security clearance level of the user.[2]  

4. Passwords

Passwords are confidential sequences of characters that give approved users access to computers. To be effective, passwords must be difficult to guess. Effective passwords contain a mixture of characters and symbols that are not real words. To thwart imposters, computer systems usually limit the number of attempts to enter a correct password.

Tokens are tamper-resistant plastic cards with microprocessor chips that contain a stored password that automatically and frequently changes. When a computer is accessed using a token, the computer reads the token's password, as well as another password entered by the user, and matches these two to an identical token password generated by the computer and the user's password, which is stored on a confidential list.[3] In the future, passwords and tokens may be reinforced by biometrics, identification methods that use unique personal characteristics, such as fingerprints, retinal patterns, skin oils, deoxyribonucleic acid (DNA), voice variations, and keyboard-typing rhythms.[4]

5. Firewalls

Computer networks, multiple computers linked together, are particularly vulnerable to computer crimes. Information on networks can be protected by a firewall, a computer placed between the networked computers and the network. The Firewall prevents unauthorized users from gaining access to the computers on a network, and it ensures that information received from an outside source does not contain computer viruses, self-replicating computer programs that interfere with a computer's functions.

6. Security Servers

Special computers called security servers provide secure connections between networked computers and outside systems, such as database-storage and printing facilities. These security computers use encryption in the handshaking process, the initiation of the electronic exchange, which prevents a connection between two computers unless the identity of each is confirmed to the other.[5]

7. Integrity and Authenticity

The integrity and authenticity of information are threatened by modifying, removing, or misrepresenting existing data. For example, omitting sections of a bad credit history so as to only remaining the good credit history violates the integrity of the document, and requesting a cash advance using a stolen credit card violates the authenticity of that transaction. The most serious threats to integrity and authenticity of information comes from those entrusted with access privileges who commit crimes, for example, secretly transferring money in financial networks, altering credit histories, sabotaging information, and committing payroll fraud.[6] These crimes can be prevented by using such techniques as check-summing (mathematically comparing a file before and after it is accessed), authenticating the source of messages, and limiting the amount of money that can be transferred through a computer.

8. Availability

The availability of information is affected if access to the information is prevented; if data are moved, misplaced, or damaged; or if information is converted to a less useful form. Computers and components such as floppy or hard disks are easy to damage. A computer's memory can be erased or the computer's hardware can be damaged by flooding, fire, or dust. To safeguard the availability of information, several backup copies of data should be made and stored in another location. Businesses that rely on computers need to institute disaster recovery plans that are periodically tested and upgraded.

WORDS AND PHRASES

authenticate       证明,证实,鉴定

biometrics   生物测定学,生物统计学

checksum 校验和

classified      分类,加以保密区分

clearance        (政府、军队)授权允许阅读机密文件, 通行证

deception        欺骗,诡计

deliberate        蓄意的，仔细考虑的

firewall  防火墙

forge      伪造

fraud  欺骗,欺诈,诡计.

handshaking  信号交换,同步交换;接续,联络

imposter     骗子

retinal   视网膜的

sabotaging       破坏,故意损坏

scramble          混杂,搅乱

self-replicating自我复制的

tamper-resistant  抗篡改的,防篡改的

thwart]     反对,阻碍

token     表征,记号,权标

wiretapping   窃取信道信息,线路窃听

accountable for对……负责

backup copy  备份副本

computer crime  计算机犯罪

computer virus  计算机病毒

deoxyribo encode /decode 编码/解码,译解

listen in 监听，收听

nucleic acid(DNA) 脱氧核糖核酸

shoulder surfing  背后窥视,从别人的肩膀后偷看

NOTES

[1] Confidentiality and the possession of information can be violated by shoulder surfing, or observing another user's computer screen; tricking authorized users into revealing confidential information; wiretapping, or listening in on or recording electronic communications; and stealing computers or information.

信息的机密性和所有权，可能受到不法行为的侵犯，例如：背后偷看、扫视别人计算机屏幕、诱骗受权用户泄露机密情报、线路窃听或听取、记录电子通信，以及偷窃计算机或信息等。

[2] Military organizations give access rights to classified, confidential, secret, or top secret information according to the corresponding security clearance level of the user.

军事组织根据用户相应的安全级别给予他访问保密、机密、秘密或绝密信息的权力。

[3] When a computer is accessed using a token, the computer reads the token's password, as well as another password entered by the user, and matches these two to an identical token password generated by the computer and the user's password, which is stored on a confidential list.

当用标权卡进入了一个计算机时，计算机就会读入标权卡的口令，同时也读入由用户输入的另一个口令，并把这两个口令与计算机生成的识别权标口令和存放在保密表格中的用户口令进行比较。

[4] In the future, passwords and tokens may be reinforced by biometrics, identification methods that use unique personal characteristics, such as fingerprints, retinal patterns, skin oils, deoxyribonucleic acid (DNA), voice variations, and keyboard-typing rhythms.

将来，生物测定学能够增强口令和权标的功效，可以利用如指纹、视网膜、皮肤油脂、脱氧核糖核酸、声音的差异和敲击键盘的节奏等独一无二的个人特性进行身份确认。

[5] These security computers use encryption in the handshaking process, the initiation of the electronic exchange, which prevents a connection between two computers unless the identity of each is confirmed to the other.

这些安全计算机在联络过程中，一开始信号交换先进行加密，只有两个计算机的身份互相确认之后才能建立两者之间的联系。

[6] The most serious threats to integrity and authenticity of information comes from those entrusted with access privileges who commit crimes, for example, secretly transferring money in financial networks, altering credit histories, sabotaging information, and committing payroll fraud.

对信息完整性和真实性最严重的威胁来自那些被信任的具有使用特权的犯罪分子，例如：在财经网络中秘密转移钱财，更改信用记录，故意破坏信息，进行工资欺诈。

All your devices can be hacked