1.

6 Security, Privacy and

Data Integrity
Students should be able to:
1.6.1 Data security
• explain the difference between the terms security, privacy and integrity of data
• show appreciation of the need for both the security of data and the security of the computer
system
• describe security measures designed to protect computer systems, ranging from the stand-alone PC to a network
of computers, including:
– user accounts
– firewalls
– general authentication techniques, including the use of passwords and digital signatures
• describe security measures designed to protect the security of data, including:
– data backup
– a disk-mirroring strategy
– encryption
– access rights to data (authorisation)
• show awareness of what kind of errors can occur and what can be done about them
Students should be able to:
1.6.2. Data integrity
• describe error detection and correction measures designed to protect the integrity of data,
including:
– data validation
– data verification for data entry
– data verification during data transfer, including
○ parity check
○ checksum check
 1.6.1 Data security
Computer security is a branch of technology known as applied information security to
computers and networks.
 1
Security, Privacy And
Integrity
 Definitions

◎ Data integrity: a requirement for data to be

accurate and up to date
◎ Data privacy: a requirement for data to be
available only to authorised users
◎ Data security: a requirement for data to be
recoverable if lost or corrupted
 “
One of the requirement for the protection of
the data is the security of the system used to
store the data. The system security is required
to ensure the system functionality as well as
that only authorised users have access to the
system.
Difference between security of data and system

Security Of Data Security Of System

❖ Protection of data in the ❖ Protection of the computer
computer system. system
❖ To prevent corruption of ❖ To prevent access of virus
data and prevent hackers or intrusions to the system
from using or and prevent unauthorized
manipulating the data users to access the
❖ Eg. data encryption. computer system
❖ Eg. user ID and password.
 2
Security Measures
 Security measures designed to protect:

1. The Computer System 2. The Security Of Data

Ranging from the stand-alone PC to a Including:
network of computers, including: – data backup
– user accounts – a disk-mirroring strategy
– firewalls – encryption
– general authentication techniques, – access rights to data (authorisation)
including the use of passwords and
digital signatures
1.1 User Account
❖ An identification assigned to each user with a
username and password which allows or does not
allow a user to connect to a network, another
computer, a website or shared resources is called a
user account. Eg. email account.
❖ Its main security feature is authentication; it is
verification of the user’s identity.
❖ User account may be administrator or normal user
account.
 Types of User Account
Administrator
❖ These accounts are special
accounts that are used for
making changes to system
settings or managing other
people’s accounts.
❖ They have full access to every
setting on the computer.
❖ Every computer will have at
least one administrator
account and the owner should
already have the password to
this account.
Normal
❖ These accounts are the basic
accounts that one uses for
normal everyday tasks.
❖ As a standard user, one can do
just about anything one would
need to do, such as running
software or personalizing your
desktop.
 1.2 Firewalls
◎ A firewall is a network security device controlled by its
software counterpart that grants or rejects network access to
traffic flows between an untrusted zone (e.g., the Internet)
and a trusted zone (e.g., a private or corporate network).
◎ The firewall acts as the demarcation point or “traffic cop” in
the network, as all communication should flow through it
and it is where traffic is granted or rejected access.
◎ Firewalls enforce access controls through a positive control
model, which states that only traffic defined in the firewall
policy is allowed onto the network; all other traffic is denied
(known as “default deny”).
1.3 General Authentication Techniques

◎ Using password
◎ Using digital signature
 Authentication
Password
◎ A password is an unspaced
sequence of characters used to
determine that a computer user
requesting access to a computer
system is really that particular user.
◎ Typically passwords are associated
with user ID which securely
protects data and information from
unauthorized users.
◎ Passwords are case sensitive and
are encrypted such that they cannot
be cracked easily.
Digital Signature
◎ A digital signature is a way to ensure that
an electronic document (e-mail,
spreadsheet, text file, etc.) is authentic.
Authentic means that you know who
created the document and you know that
it has not been altered in any way since
that person created it.
◎ Digital signatures rely on certain types of
encryption to ensure authentication.
 “
Encryption is the process of taking all the data that one
computer is sending to another and encoding it into a
form that only the other computer will be able to
decode. Authentication is the process of verifying that
information is coming from a trusted source. These two
processes work hand in hand for digital signatures.
 2.1 Data Backup
◎ Data backup is a strategy to secure a duplicate or secondary
copy of data such that the original data gets erased or lost
either accidentally or intentionally.
◎ Data backup are essential as the original data may get
corrupted due to virus infiltration, hard disk drive crash,
high power surges or even accidental deletion of data.
◎ Various secondary storage devices may be used to take back
ups either periodically or in parallel every time an original
backup is taken.
◎ Back ups may be taken in external hard disks, USB sticks,
cloud storage, time machine in MAC.
 2.2 Data Mirroring Strategy
◎ Disk mirroring is a technique used to protect a computer system
from loss of data and other potential losses due to disk failures.
◎ In this technique, the data is duplicated by being written to two
or more identical hard drives, all of which are connected to one
disk controller card. If one hard drive fails, the data can be
retrieved from the other mirrored hard drives.
◎ It is a form of disk backup in which anything that is written to a
disk is simultaneously written to a second disk. This creates
fault tolerance in the critical storage systems. If a physical
hardware failure occurs in a disk system, the data is not lost, as
the other hard disk contains an exact copy of that data.
 2.3 Encryption
◎ Encryption is the conversion of electronic data into another form, called
ciphertext, which cannot be easily understood by anyone except
authorized parties.
◎ The primary purpose of encryption is to protect the confidentiality of
digital data stored on computer systems or transmitted via the Internet or
other computer networks.
◎ Encryption guarantees
✓ Authentication: the origin of a message can be verified.
✓ Integrity: proof that the contents of a message have not been changed since it
was sent.
✓ Non-repudiation: the sender of a message cannot deny sending the message.
 2.4 Access Rights To Data (Authorization)
◎ Access rights to any data are set by the administrator with the
level of authorization a user has to file or a folder.
◎ Authorization is a process by which an administrator determines
if the client has permission to use a resource or access a file.
◎ Access Rights may include:
▪ File permissions: such as create, read, edit or delete on a file server.
▪ Program permissions: such as the right to execute a program on an
application server.
▪ Data rights: such as the right to retrieve or update information in a
database.
 Errors that may occur and their solutions

Errors Solutions
◎ Errors on input: when data is ◎ Being focused while entering
keyed wrongly, a batch of data the data.
could be lost or accidently ◎ Use of backup software.
entered twice. ◎ Uses of effective gateways
◎ Program errors
◎ Files infected by viruses
◎ Transmission errors: due to
interference in communication
links.
 1.6.2 Data integrity
◎ Computer integrity is a quality of data, which guarantees the data is complete,
consistent, reliable and has a whole structure.
◎ Data integrity is preserved only if and when the data is satisfying all the rules.
These rules might be how each piece of data is related to each other, validity of
dates, linkage, etc.
◎ If data integrity is preserved, the data can be considered consistent and can be
given the assurance to be certified.
 1
Data Validation
 Validation

◎ Validation is a check that data entered is of the

correct type and format; it does not guarantee that the
data is accurate.
◎ Data validation is implemented by software
associated with a data entry interface.
◎ There are a number of different types of check that
can be made.
 Types of check for data validation
❖ Presence check; to ensure that an entry field is not left blank.
❖ Format check; eg. a date has to be dd/mm/yyyy
❖ Length check; eg. a telephone number
❖ Range check; eg. the month in the date must not exceed 12
❖ Type check; eg. a numeric value for the month in a date
❖ Existence check; to ensure that the data exists or not
❖ Character check; eg. in names there must be alphabets
 2
Data Verification
 Verification for Data Entry
◎ Data verification is the confirmation of data received by a
system.
◎ For example, when a user wants to change his/her password of
any account, at first the user should enter the old password. If
the entered password is verified then only the user is asked to
supply a new password. And there will be always a request to
re-enter the password for the verification of the new password
that has been entered first.
◎ It is usually an effective process but in general it does not
ensure data accuracy because the wrong data could be entered
initially and in the reentry as well.
Verification during Data Transfer
◎ All data are transferred as bits(0 or 1).
◎ It is possible for data to be corrupted during
transmission; i.e. an individual bit being flipped from 1
to 0 or vice versa.
◎ There are many approaches to detect and correct the
corrupted data; parity and checksum checks.
1. Parity check
◎ If two devices that are communicating decide that there
will always be an odd number of 1s, then if a byte is
received that has an even number of 1s, an error must
have occurred.
◎ This is particularly easy to implement if data is
transferred in bytes using a seven bit code.
◎ Either even or odd parity can be implemented in the
eighth bit of the byte.
 Assuming even parity, the procedure is:
◎ At the transmitting end, the number of 1s in the seven bit code
is counted.
◎ If the count gives an even number, the parity bit is set to 0 and
if the count gives an odd number, the parity bit is set to 1.
◎ This is repeated for every byte in the transmission.
◎ At the receiving end, the number of 1s in the eight bit is
counted.
◎ If the count gives an even number, the byte is accepted.
◎ This is repeated for every byte in the transmission.
◎ However, the transmission cannot be guaranteed to be error
free by using the approach parity check. If two mistakes are
made in the same byte they will cancel each other out and the
faulty data will be accepted.
◎ The limitation of this method is that it can only detect the
presence of the error but cannot identify the actual bit that is
in error.
◎ If an error is detected, retransmission has to be requested.
◎ Parity is not only used during data transfer between devices,
but even when data is transferred between different parts of
the CPU.
 2. Checksum check
◎ At transmitting end, a block is defined as a number of bytes.
◎ Irrespective of what the bytes represent, the bits in each byte are
interpreted as binary numbers.
◎ The sum of these binary numbers in a block is calculated and
supplied as a checksum value in the transmission.
◎ This is repeated for each block.
◎ The receiver does the same calculation and checks the summation
value with the checksum value transmitted for each block in turn.
◎ Once again an error can be detected but its position in the
transmission cannot be determined.
 “
For a method to detect the exact position of an error and
therefore be able to correct an error it has to be
considerably more complex. A simple approach to this
is the parity block check method. Like the checksum
method this is a longitudinal parity check; it is used to
check a serial sequence of binary digits contained in a
number of bytes.
 Thanks!

Any questions?