UNIT 4

Data and Privacy

Q. Define computer ethics. List some important ethical issues related to data security.

Computer Ethics

 Computer ethics are the moral rules and guidelines that determine the proper use of computer
system.
 The computer should be used according to the ethics in order to avoid any problem in the
society.

Ethical Issues related to Data Security

All security systems are based on ethical principles. It is an ethical responsibilities of everyone to keep
the data of other people secure Some important issues related to data security are as follows:

1. Confidentiality & privacy

2. Piracy Fraud and misuse
3. Patent
4. Copyright
5. Trade secret Sabotage

Q. Describe confidentiality and data privacy. What is the importance of confidentiality and privacy?

Confidentiality and Privacy

Define

Confidentiality is the responsibility to keep other’s personal information private. It is a matter of taking
care of other people.

Example

Suppose the user has a bank account to perform business transaction. The bank must keep this
information confidential. The business can be harmed if the information is shared with its competitors.

Data privacy

Define

Data privacy or Information privacy refers to the right of an individual or an organization to keep
personal information private.

Explanation

It is typically related to the personal information stored on the computer systems.

User gives personal information online

The user gives personal information while performing different tasks such as
  Creating an email account
 shopping online
 visiting hospital
 taking admission to a college

etc. The data may be related to credit cards, personal preferences, driving licenses or personal health

Importance of Confidentiality & Privacy

 The privacy and confidentiality has become very critical due to the use of computers and the
Internet.
 The potential threat to the personal data includes the improper use of computerized data.

Example

A company may sell personal data (email IDs ,phone number ) to other company for marketing purpose.
It breaches the confidentiality of data many organizations.

Explanation

The banks, mobile companies, hospitals and universities store the personal information in computers.

These companies must keep the Information confidential.

It is very important that the confidential information is only shared with authorized users.

It must be protected from malicious users.

Q. Define piracy. Discuss software piracy and its different types.

Piracy

Piracy refers to the process of making illegal copies of any work protected by the copyright law.

It can be a book, software, song, movie, poetry, painting or house design etc Software piracy is the illegal
copying, distribution or use of copyright software.

Software Piracy

Most licensed software can only be used by one user on one computer. The user can

Copy the software for backup but it is illegal to use it on different computer. It gives

Financial loss to the original owner of the software, However, open source software
Are available at no cost. Anyone can modify the source code and redistribute it

Ime software companies sell software along with a confidential text called key. The software can be
activated using the key. The key is only given to the users who legally buy the software. Some people try
to get the keys using illegal means. This process is known as cracking/

108

IT Series Computer Science

Types of Software Piracy

Different types of software piracy are as follows

Soft lifting

It is a process of borrowing a software application from a colleague and installing it on your device.

Client-server @veruse it is process of installing more copies of the software than number of licenses. It is
typically done in client-server network It is a process of installing and selling unauthorized

Herd Sisk Leading

Coples of the software on new or refurbished computers.

Counterfeiting

Online Piracy

It is a process of selling the duplicate copies of the software It is a process of downloading the illegal
copies of software.
How are computers used for fraud and misuse? Give some examples.

Fraud and Misuse

Fraud and misuse refers to the unauthorized activities. The computers and the Internet are frequently
used to perform such activities. It includes theft of money by electronic means theft of services and theft
of valuable data

Example 1: Change Password Suppose a user receives an email with a link to change the password A
webpage opens if the user clicks that link. The webpage requires the user to enter his

Usemame and password. The webpage is actually used to collect the username and

Password of the user. Some malicious user may access the email account illegally.

Example 2: Prize Won

Sometimes the user receives an email to inform that he has won a grand prize such as car, house or
money. The email asks the user to transfer a small amount as the processing fee and get the prize. It is
just a way of fooling people and getting

Money from them. Example 3: Confidential Information

Sometime a malicious user disguises as a friend and sends an email to the user. He tries to get some
confidential information from the user such as username. Password and credit card details. This is known
as phishing

Q. What is patent? Why do we need to register it?

Patent
A patent is a right that is granted to the owner for a certain period of time. It is an effective way to
protect the idea. It can be for any invention such as device. Substance, method or process. A patent must
be obtained if someone is doing research in any field and has a new idea. It stops other people to make
or sell

Unit 4 Data and Privacy

109

An

Anything on the basis of that idea. The owner of the idea can exclusively use the idea to make and sell
anything Any other person or organization cannot copy that idea or a certain period of time.

Registering Patent

Suppose someone is doing research in the medical field and finds the cure of a disease it would be a
good idea to register a patent for that idea. The patent would protect it for the creator. The
pharmaceutical companies would get permission from the creator to use it to make the medicine. The
creator may get a certain amount on

The sale of medicine.

Q. Define copyright and discuss the importance of copyright law.

Copyright

A copyright is a type of legal protection that protects some idea or product from being copied. Copyright
laws are important. They ensure that nobody uses the copyrighted material without getting permission
from the owner. It is illegal to copy any copyrighted material such as book, software, picture, video or
music. The copyright symbol is usually used with copyrighted material

RIGH COPY
COPYRIGHT

Figure: Copyright symbols

Most of the software products such as MS Windows. MS Office are protected by copyright. It means that
no one can copy them. A violation of copyright is called piracy. Many people use pirated software,
movies and music. They copy the copyrighted material illegally.

Q. What do you mean by trade secrets?

Trade Secrets

Trade secrets refer to secret information of a company that plays an important ole for its success. They
have a lot of value and Importance for the company. They provide the company an advantage over the
other companies.

The trade secrets must be protected carefully. It ensures that the company has a competitive advantage
over others. The unauthorized use of trade secrets can harm the company.

IT Series Computer Science 9

110

Examples

The trade secrets have been used by Coco-Cola for decades to ensure that its formula remains secret. It
has given it a significant competitive advantage

Over other companies Many companies are providing free email services such as Gmail and Hotmol etc.
However, some companies have significant competitive advantage over the others
Q. What is sabotage?

Sabotage Sabotage is a serious attack on a computer system. A malicious user can attack the computer
system remotely over the network. The viruses are frequently used in these attacks. A virus is a
computer program that is written with negative intentions The attacker may include virus with some free
software. The virus is activated when the free software is installed on the computer. It may change or
destroy information and sabotage important data on the system.

Q. How is the privacy of others safeguarded?

Safeguarding the Privacy of Others

The information of the people is collected and stored by many organizations. It is very important to
safeguard the privacy of other For example, NADRA stores the detailed information of a person and his
family. It is the ethical responsibility of NADRA to protect this information in order to safeguard the
privacy of the people.

Many websites declare their privacy policies for the users. It indicates the type of information being
collected from the user and the computer. It also indicates with whom the collected information will be
shared. Most of the users do not read these policies. They assume that their privacy is fully protected
due to the privacy policy.

PRIVACY POLICY

Figure: Privacy policy

Unit 4 Data and Privacy

111

Ge

Q. What privacy concerns arise through the mass collection of data?

Mass Collection of Data

Many organizations store the data of the people in computerized systems. Ver some examples of these
organizations are as follows:

A hospital stores the birth records NADRA stores family information

The school has the information of the students

Education Boards stores educational records Passport office stores personal detalls

Emall service providers such as Gmail

Online social networking websites such as Facebook.

Some organizations also store the Interests, likes and dislikes of the users, For?

Example, they may store the following data:

Travelling history

Favorite clothes

Health Information

Favorite food etc.

There are many companies that collect, buy and sell the consumer information. These companies are
known as data brokers. They use this information to know the interests of the people. The online
marketing is also very popular nowadays. These companies display the ads that are relevant to the
interests of the users. The Information is usually transferred from one place to other without the
permission of the uses. The privacy of people may be affected due to mass collection of data.

Q. Analyze the privacy and security concerns that arise with the use of computational systems. Describe
the aspects according to which data must be secured.

Privacy Concerns with Computational Systems

Computation is a general term for any type of information processing that can be represented
mathematically. There is a huge growth in the use of computational systems in every field. The
information is stored on the computers that are not stand- alone systems. These computers are
connected over the Internet. The data can be transferred from one computer to other easily. This
connectivity generates many privacy and security concerns.)

The use of Internet is very common nowadays. A lot of information is generated when the user browses
the Internet. This information is usually stored with the Web surfer known as cookies. The cookies can
track the interests of the people when they Vit different websites. The Information can be used by
businesses and marketing companies for marketing purposes. It can be considered as violation of
privacy.)

712

IT Series Computer Science

Aspects to Secure Personal Data

1. Confidentiality
Unauthorized person accesses the data

The personal data must be secured according to the following aspects Confidentiality means that the
data must be kept confidential and private.it should not be shared with any unintended persons
Confidentiality is violated if any

2. Integrity (Integrity means that the data must be correct. It should not be modified or

Changed illegally. For example, the website of the bank must display the conect

Bank balance of the user)

Availability

(Availability means that the data must be available to the user when needed Sometimes, the data
becomes useless if it cannot be accessed when needed All of the above aspects are important during the
processing, storage and

Transmission of data in a computerized system.

What is simple encryption? What is the importance of encryption for everyday life on the Internet?
Simple Encryption (Encryption is the process of encoding plain data into an unreadable format

The unreadable format of data is called ciphertext the process of converting

Ciphertext back to plaintext is called decryption) A secret code is required to convert

The encrypted data into plain data in order to read it. The secret code is called key

And is just like a password. The encryption is performed to ensure that only authorized
Persons can read the data. It is an important method of providing data security

Hello Amjad

Encryption

Hmmp Kplo

Decryption

Hello Amjad

Plain Text

Ciphertext

Plain Text

Importance of Encryption

Figure: Encryption & decryption

The importance of encryption for everyday life on the internet is as follows

1. Protection from Hackers

The encryption is very important to protect data from hackers. A malicious user that steals data is known
as hacker Nowadays, a large amount of personal data is stored on computer systems. The data is
transferred from one computer to another over the Internet. The hacker can steal the data when it
travels over the Internet. The encryption helps the user to protect important data from hackers.

‫انگلہ‬

On

75

c)1-by-1

d)2-by-2

02-by-2

3)3-by-1

Unit 4 Data and Privacy

113

2. Privacy Protection

(The encryption helps in protecting sensitive personal data. It ensures that the

data is not read by any unauthorized users)

3 . Data Protection across Devices

The data is frequently transferred and shared among many devices such as laptops and mobile phones.
The encryption profects data when it is transferred from one device to another device)

Q. Discuss different types of substitution cipher methods of encryption.

Substitution Cipher Methods

Substitution cipher method is a method of encryption in which the characters of original text are
replaced with some other characters. The substitution is done by a fixed predefined system. Two types of
substitution cipher methods are Caesar cipher and vigenere cipher.

1. Caesar Cipher

Caesar was a Roman politician and military general. He played an important role in the rise of Roman
Empire. Caesar used a method of encryption to send messages to soldiers and generals. Caesar cipher
method replaces each alphabet in the plaintext with another alphabet Each alphabet is replaced with
the alphabet that is at a fixed number of positions to the left or right of original alphabet.

Example 1

The following example uses three-character substitution to the right:

BCDEFGHIJKLMNOP

RST
U

WX

Initial Alphabets

Encrypted Alphabets

DEFGHIJKLMNOPQRSTUVWXYZABC

The above substitution

scheme

will

encrypt

the

plaintext
"PAKISTAN

into

ciphertext "SDNLVWDQ

Example 2

The following example uses three-character substitution to the left:

TẠI B

CD

EFG

HIJ

KL

MNO

PQR

UvwX Y
Z

Initial

Alphabets Encrypted Alphabets

XYZABCDEFGHIJKLMNOPQRSTUVW

The above substitution scheme will encrypt the plaintext " ciphertext "MXHFPQXK

PAKISTAN" into the ciphertext “ MXHFPQXK”.

1- Multiple choice questions 1. The order of matrix [2 1) is

Oral marks: 75

DESERT

a)2-by-1

mad AhRoll No: 5

1-by-2

Which is the order of square matrix. A) 2-by-1

c)1-by-

Chahzad
T.Mart

IT Series Computer Science

114

Ex

Example 3

The following example uses five-character substitution to the right: ABCDEFGHIJKLMNOPQRSTUVWX

Initial

Alphabets Encrypted Alphabets

FGHIJKLMNOPQRSTUVWXYZABCDE

The above substitution scheme will encrypt the plaintext “PAKISTAN” into the

Ciphertext “UFPNXYFS

2. Vigenere Cipher

Vigenere cipher method uses a table known as Vigenere Cipher table. The table consists of 26 rows and
26 columns. The first row contains the original alphabets from A to Z. The alphabet is shifted one letter
to the left in each subsequent row. The rows and columns are labeled by alphabets from A to Z.
Plaintext ABCDEFGHI JKLMNOPQRST

UVWXYZ

QRSTUVWXYZ

BCDEFGHIJKLMNO

CDEFGHIKIL MNOP QRST

UVWXYZA

QRST UVWXYZAS

DEFGHI JKLMNO

UVWXYZARC

DDEFGHIJKLMNOPQRST

51

LMNOPQ

FGHI

UVWX
ZABCO

ZAB

GHI KIL MNOPQR STUVWX

CDE

GHI

STU

WX YZAB DEF

KLMNOPQ RIS TUV

XYZABCDE FG

YZABCDE

KLMNOPQRSTUVW

GH
MNOPQRST UVWX

BCDEF GM

KL MNOPQRSTUVWXY

CDEFGHIJ

LMNOPQRSTUVWXYZ

CDEFGHIJK

aMMNOPQRS TUVWXYZA CDEFGHIJKL INNOPQRSTUVWXYZ

DEFGHI JKLM

QRSTUVWXYZA

F GH 1 JKLMN

PQRSTUVWXYZABC

GHI KLMNO

QRSTUVWXYZABCD

GHI KLMNOP

STUVWX ZABCDE HIJK LMNOP

STUVWXY ABCDE

JKLMNOPQR

TUVWX

NCDGFG

KLMNOP QR5

UUVWXYZ CDEFGHI

MNOP

VVWXYZ

QRST

DEFGHI

MNOPQRSTU

WWXYZ

EFGHIJK

NOPQRS TUV
XXYZ A CDEFGHIK

NOP

QR 57

VZASCDEF

UVW

GHIJK

OP QRSTUVWX

281

STUV WXY

Figure: Vigenere cipher table

The Vigenere cipher method works with substitution key. The key is combined with the plaintext to
generate the ciphertext.

The encryption process is performed as follows: 1 . Find the letter of plaintext in the column label of
Vigenere table

3. Find a letter that is in front of row label for the respective letter of the key that column

b) diagonal matrix
c) scalar ma

anc

115

Unit 4 Data and Privacy

Example

Suppose the plaintext is “PAKISTAN and the key is “ZINDABAD”. The encryption process using vigenere
cipher table will work as follows: Find the first letter of plaintext ‘P’ in the column label of vigenere
cipher table.

Find the first letter of key text 2 in row label Find the cell where the column ‘P’ and row 2 meet that is ‘O’

Convert the letter ‘P’ to ‘O’

Repeat the same process for all other letters The above encryption process will give the ciphertext
“OIXLSUAQ” as follows:

Column Row Label

KN

L
SA

Label P

AA

A
Column Letter

In some cases, the key may have less number of letters than the plaintext. The letters from the beginning
of the key are used to make the length of the key same as the plaintext. Suppose the plaintext is
“PAKISTAN” and the key is “HELLO”. The plaintext has 8 letters but key has only 5 letters. Therefore, the
first 3 letters will be added to the end of the key and it will become “HELLOHEL” It is known as interim
ciphertext

Q. Describe the process of decrypting a message using Vigenere table with the help of an example.

Decrypting a Message

The decryption process is performed as follows:

1. Find the letter of the key in the rows of Vigenere table 2. Locate the letter of the encrypted text
in that row

2. Take the column heading of that letter

Example

Suppose the encrypted text is “OIXLSUAQ” and the key is “ZINDABAD”.

Decryption will be performed as follows:

The

The

The
 1. Find the row for the letter 2 in Vigenere table. 2. Locate the letter of the encrypted text in that
row which is ‘O’

2. Take the column heading of that letter which is ‘P. It’s the decrypted letter.

3. Repeat the step 1 to step 3 for all other letters.

Q. Write the procedure to use Vigenere cipher widget.

Vigenere Cipher Widget

The Vigenere cipher widget shows animation of the encryption and decryption of plaintext. It uses
Vigenere cipher method according to the given key.

No. 1 - Multiple choice ques

The order of matrix [21] is

DESERTI

a) 2-by-1

Name Muhammad Roll No: 57

Checked by:

Amir shahzad

a) 2-by-1
 b) 1-by

1-b

Which is the order of square mat

Q1. Tick The

Correct Answer Which is the nodes of

IT Series Computer Science

The procedure to use Vigenere cipher widget is as follows

116

T. Mark

1. Open the web browser. 2 Type https://studio.code.org/s/vigenere/stage/1/puzzle/1 in address

bar ar

Press Enter The Vigenere cipher widget will appear

2. Type the plaintext in the textbox below Enter your text message (140 Chars

3. Type the key in the textbox below Enter your secret key. 5. Click Encrypt button
6 Click Play button. The result will appear in the textbox below Cipher te

Ves Caher W

Un

Random Substitution Method

Q. What is random substitution method using frequency analysis?

The messages encrypted with Caesar cipher method are easy to crack. It shit each letter of the plaintext
with a letter at the same number of positions to the left or right. This method can be modified by shifting
the letter with a letter at a random position. This is called random substitution cipher method

Frequency Analysis

The process of breaking the encryption methods is known as crypto analysis The frequency analysis is
used in this method. It is the study of the frequency of letter or group of letters in a ciphertext. This
method is used as an aid to break the classico ciphers.

Random Substitution Tool

This version of the tool shows the frequency of letters in graphs. The user co analyze the frequency of
letters in the encrypted message by comparing it to th frequency of letters in plaintext The mapping of
the letters can be changed.

IT Series Computer Science 9

Od

Q. Briefly describe weaknesses and security flaws of substitution ciphers.

The simple substitution cipher method only shifts the letters of plaintext to a new place. The frequency
and distribution of different letters in plaintext and ciphertext is identical Another weakness in the
substitution ciphers is that the frequencies of the letters are not masked at all. It is very easy to crack the
substitution cipher methods due to these weaknesses.

Q. What is password? List some important characteristics of a good

Password.

Password

Password is a secret word that may consist of letters, numbers and special characters. Passwords are
used for authentication to enter a system. It helps to

Prevent the unauthorized persons from accessing files, programs and other resources Characteristics of a
Good Password

A good password should be difficult to guess or crack. Some important characteristics of a good
password are as follows:

• A good password consists of at least eight characters. It does not contain usemame, real name,
children name or company name It does not contain a full word.

It Is different from previous passwords. It contains uppercase letters, lowercase letters, numbers and
symbols.

Unit 4 Data and Privacy

119

Q. What is the relationship between cryptographic keys and passwords? Relationship between
Cryptographic Keys and Passwords Passwords are used for authentication to enter a system whereas the
Cryptographic key is used to read an encrypted message. A key is not some o

Password in computer security. A password can be used as a key The basic

Humans. However, a key is used by the software or humans to process a message

Q. Give a reason to add CAPTCHA on websites.

CAPTCHA

It is possible to write a program that can access a website and fil a form of t it a password. The program
can be used to hack the password by trying different passwords repeatedly. The program can also be
used to fill a form and submit the data to the website again and again. CAPTCHA is used to avoid this
situation

CAPTCHA is a set of random letters and numbers that appear as a distorted Image and a textbox. The
user needs to type the characters in the image into the textbox to gain access to the system. CAPTCHA
text is only readable by humans not the computer. It is used to ensure that the user is human and not a
computer Hotmail and Gmail use CAPTCHA to ensure that the user creating an email address is human
and not a computer or robot

Overlooks

Inquiry

Type the two words

CAPTCHA stop spars

Figure: CAPTCHA
Q. What is cybercrime? Describe different types of cybercrimes.

Cybercrime

A cybercrime is a criminal activity carried out by means of computers and the Internet. In some
cybercrimes, the computer is used to commit a crime such as fraud. Kidnapping, murder and stealing
money from bank account or credit card. The criminals use Internet to access the personal information
such as username, password and credit card number.

In other cases, computer can be a target of cybercrime such as unauthorized access to a computer to
spread viruses on it. The process of downloading illegal software, music and videos is also considered a
cybercrime.

By

120

IT Series Computer Science

Types of Cybercrime

Different types of cybercrimes are as follows

1. Identity Theft

The identity theft is a criminal activity in which the hacker traps someone to give the account details and
password. The hacker can then use the account of the user to perform any malicious activities

2. Transaction Fraud
The transaction fraud is a criminal activity in which the scammer performs on illegal transaction.
Different types of transaction fraud can be as follows

The scammer offers an Item for online. Some buys the items makes the payment but the scammer never
delivers the item The criminal may buy something using the stolen credit card

⚫The criminal may buy something using personal credit card. He then reports

The card as stolen and claims for the chargeback.

3. Advance Fee Fraud

The advance fee fraud is a criminal activity in which the criminal informs the user that he has won a prize
or lottery. He then asks the user to submit a processing fee so the prize may be dispatched. It is very
common type of cybercrime in which people lose the money Ch

4. Hacking

An act of unauthorized access to the computer or network is called hacking The person who gains
unauthorized access to the computer system is called hacker The hackers are computer experts and use
their knowledge to break into the computer system and network It usually happens when the user
downloods a fle from the Internet and executes it. Spyware is a type of software that is used in hacking.
It connects the hacker to the computer to access important information without user knowledge. The
hackers typically access the information for financid benefits such as stealing money from bank account
or using credit card.

Q. What is a phishing attack? Discuss different characteristics of phishing email and phishing website.

Phishing Attack

A phishing attack is a criminal activity in which the criminal uses fake email and website to get sensitive
information such as username, password and credit card details etc.
Characteristics of Phishing Email

Different characteristics of a phishing email are as follows:

Important & Urgent

A phishing email appears as important notice, urgent update or alert. It has a subject that shows it is
from a trusted source.

Unit 4 Data and Privacy

Examples:

121

Someone tried to access your email. Please change your

Password immediately

Packet delivery at your home address

Change of password required urgently

Attractive

Emall account updates • Urgent: Your account will be locked in 24 hours

The email contains message that is attractive. For example. It

May inform the user about winning a prize or lottery etc.

The email usually uses a forged sender address such as

info@facebook.com or contactus@gmail.com etc. However,

the contents and the links in the email are not from Facebook

Forged Address

Logos & Images

Or Gmail. It is just a method of tricking the user The email sometimes contains the logos and images of
some companies The logos are used to give the feelings that the

Forms

Email is genuine The email may contain a form for the user to fill the personal information. The
information is actually sent to the malicious

User if the user fills data and submits it

Characteristics of Phishing Website

Different characteristics of a phishing website are as follows:

. The phishing website looks like original. It uses the contents from the original website such as logos,
images etc

. It may contain the actual links to the web contents of the original website
Such as contact us and privacy statement . It may use similar name as the original website

. It may use similar forms as the original website to get data from the user.

Q. Define denial of service attack.

Denial of Service (DoS)

A Denial of Service (DoS) is a cyber-attack that makes a machine or network resource unavailable. It
means that the access to that resource is denied to the user The attack makes the resource too busy by
sending many requests for it. The actual user cannot get the resource. It sometimes overloads the
system so much that the network is shut down. Suppose a user needs to open a website but another
user sends many requests to that website using computer program. The user will not be able to access
the website in this situation.

DoS attackers typically target the web servers of big organizations such as banks, media companies or
govemment organizations. These attacks typically may not result in the loss of data but waste a lot of
time and money.