Cybersecurity & Global Impact Notes

Personally Identifiable Information (PII): Information that identifies, links, relates, or describes an individual.
Technology collects, uses, and exploits data about individuals, groups, and institutions.
Digital technology requires some form of PII to function.
PII can be used for identity theft or online stalking.
Free apps and websites collect user PII and sell it to other companies; users are the products, not customers.

Phishing: Attempt to acquire personal information through fraudulent emails or websites.
Keylogging: Recording keystrokes to gain access to passwords and confidential information.
Malware: Software intended to damage a computing system or take control of its operation.
Rogue Access Point: Unauthorized access point to secure networks.

Social engineering: Manipulating individuals to divulge confidential information for fraudulent purposes.
Identification: Claiming an identity.
Authentication: Verifying the identity of a user, process, or device.
Authorization: Granting access privileges.
Principle of Least Privilege: Granting only necessary privileges to complete a task.
Security incident: A security event that compromises data integrity, confidentiality, or availability.
Data Breach: Confirmed disclosure of data to an unauthorized party.
Low hanging fruit for hackers: weak passwords, unpatched software vulnerabilities, and phishing attacks
Password strength: More characters make it harder to crack, provided it's not a commonly used password.
Encryption: Encoding messages to keep them secret.
Decryption: Reversing encryption to reproduce the original plain text.
Cracking: Attempting to decode a secret message without knowing the specifics of the cipher.
Multi-factor authentication is more secure than single-factor but requires extra steps.
Protect devices by using multi-factor authentication, practicing the principle of least privilege, and updating software.
Encryption methods:
- Caesar cipher: Shift each letter of the alphabet $n$ times.
- Random substitution: Each letter is replaced by another randomly.
- Vigenere: Uses a keyword to determine multiple Caesar shifts.

Symmetric encryption: One key for both encryption and decryption.
Asymmetric encryption: Public key for encryption and private key for decryption.
Diffie-Hellman (DH) Key Exchange: Securely exchanges cryptographic keys over a public channel.
- Both Alice and Bob have a private key.
- Both know and agree on a public prime number $p$ and a generator number $g$ .
- They make calculations using their private keys based on public values to derive a shared secret key.
- To encrypt a number $T$ , compute $T * x^P mod P$ .
- To decrypt a number $D$ , compute $D * x^P mod P$ .
Modular arithmetic (MOD) is a one-way function.
DH Disadvantage: Lacks authentication and is vulnerable to man-in-the-middle attacks.

Public Key (RSA) Encryption: Asymmetric encryption using a public key for encryption and a private key for decryption.
Bob has his own public and private keys.
Alice only needs Bob’s public key to send a secure message.
Alice encrypts her message using Bob's public key, which can only be decrypted by Bob's private key.
Public key encryption uses asymmetric encryption.
It differs from symmetric encryption, which uses the same key for encryption and decryption.
It uses modular arithmetic, which is a one-way function.
RSA uses modular arithmetic and exponentiation.
RSA uses extremely large prime numbers.
Cracking RSA requires brute force, a computationally hard problem.
Certificate authority (CA) addresses the public key issue through, digital certificates verifying ownership.
RSA encryption provides authentication, unlike DH key exchange.

Similarities:
- Both parties need private numbers.
- Both parties have public keys.
- Both determine the same secret key.
- Are asymmetric encryption
- Use mod and prime numbers
DH:
- All numbers/keys from both are required to get shared key
- Shared secret key is required to further encrypt and decrypt as a separate step
- No authentication
RSA:
- Recipient has a private key and public key
- Sender uses public key for the recipient to encrypt
- Recipient uses their private key to decrypt sender’s message
- Sender does not use any of their own keys
- No separate step to encrypt/ decrypt a message
- Authenticated

Steganography: Hiding a secret message inside something that looks normal.
Steganography hides data in plain sight, while encryption makes data unreadable.
Encryption steps for the code:
1. Make all red channels even (if not already)
2. Set the red amount in the encrypted image’s corresponding pixel number to be an odd number
Least significant bit (LSB) steganography hides messages by replacing each pixel’s least significant bit(s) with the bits of the message to be hidden.
Lossless compression should be used because we don't want to lose the updated bits later to lossy compression