<– 4 – Storing Data: Spreadsheets and Databases | 6 – The Internet –>

## Learning Objectives

After completing this unit students will be able to:

- Identify different
**ciphers**and their pros and cons: caesar, random substitution, vigenere - Demonstrate why
**encryption**is important in computing - Describe secret key (
**symmetric**) and public/private key (**asymmetric**) encryption - Understand the uses of
**RSA**and**Diffie-Hellman**encryption **SSL/TLS**, Digital Certificate (CA)- Understand
**one-way functions**and simple**modular**algebra and how they relate to encryption - Describe some basic types of security threats such as phishing, SQL Injection, dictionary attacks, and types of
**malware** - Understand what makes a good password (length)
- Describe why a hash is useful in passwords
- Understand how salts help in defending against rainbow table attacks

- Describe the role of social engineering in most major breaches in recent history
- Recognize when
**heuristic**techniques are necessary/Indicate when problems are**computationally hard**(Traveling Salesman Problem)- Describe how Big O notation affects the efficiency of computational tasks
- Be familiar with P vs. NP problems
- Understand the importance of the halting problem

## Suggested Reading

*Blown to Bits,*Chapter 5 – Secret Bits. pp 161-193*Blown to Bits,*Chapter 6 – Balance Toppled pp 195-228*Nine Algorithms that Changed the Future*, Chapter 4 – Public Key Encryption. pp 32-46*Nine Algorithms that Changed the Future*, Chapter 9 – Digital Signatures. pp 109-125*Nine Algorithms that Changed the Future*, Chapter 10 – What is Computable. pp 174-198

## Important Videos

- The Imitation Game
- Encryption and Public Keys – Code.org
- Cryptography – Crash Course to CS
- Public Key Encryption
- SHA – Secure Hashing
- Passwords and Hash Functions Explained
- RSA Encryption Algorithm
- Diffie-Hellman Key Exchange
- Enigma Machine
- Flaw in Enigma
- Big O Notation
- Big O Notation with Derek Banas
- P vs. NP

## Important Vocab

**Asymmetric key encryption**– a different key is used to encrypt and decrypt a message**Backdoor**– a secret way to bypass traditional access to a device or network**Botnet**– a large network of internet-robots called bots controlled by a command-and-control server, often used for DDoS attacks**Caesar Cipher**– a shift cipher where each letter is shifted the same amount**Cipher**– a pair of algorithms that give details on how to encrypt and decrypt the data**Computationally hard**– a problem that takes too long even for a computer to find the exact solution**DDoS**– distributed denial-of-service attack, hackers flood a site with fake request making all the site’s resources unavailable for legitimate users**Decryption**– the reverse process of encryption**Digital Certificate**– a trusted third-party file that verifies a site as legitimate**Digital signature**– an electronic signature that, by using public key, can be verified authentic**Encryption**– taking text and converting it so it is illegible**Hacker**– anyone who uses their technological skills to solve problems. A malicious security hacker exploits weakness on a computer or network and can steal or disrupt data**Hashing**– the process of running data through a one-way function that takes data of varying sizes and returns a unique fixed length value**Heuristic approach**– an approach that gives results that are “good enough” when an exact answer is not necessary**Key**– in cryptography, a shared secret to make encryption harder to crack**Logic bomb**– code that has been placed into software that waits to run until specific conditions are met**Malware**– malicious software intended to cause damage to a computer or network**Modular****arithmetic**– using the remainder when dividing, also known as clock arithmetic**Multi-factor authentication (MFA)**– using two or more methods for verifying a user**NP problem**– nondeterministic polynomial time, a problem that can be verified, but not solved, in polynomial time**One-way Function**– a problem that is easy in one direction and difficult in the other**P problem**– polynomial time, a problem that can both be solved and verified in polynomial time**Phishing**– using “bait” to trick a user into handing over sensitive information like usernames, passwords, or credit card numbers**Private Key**– a shared secret needed to decrypt a message**Public Key**– a system that allows a key to be publicly published**Salting**– adding a random set of characters to a password before it is hashed to protect against rainbow table attacks**Spear phishing**– a type of phishing attack that targets a specific person or group using pre-existing knowledge**SSL**– Secure Sockets Layer, issues digital certificates for websites**Substitution Cipher**– a cipher where a letter is mapped or swapped with another letter in the alphabet**Symmetric Key Encryption**– the same key is used both to encrypt and decrypt a message**TLS**– Transport Layer Security, issues digital certificates for websites**Traveling Salesman Problem (TSP)**– an NP-hard problem that, when given distances between pairs of cities, seeks to map out the shortest route between many cities and return back to the original city**Trojan Horse**– malware disguised to hide its true intent**Two-factor Authentication (2FA)**– a subset of MFA where exactly two methods for verifying a user are implemented**Virus**– a program that infects other programs and usually spreads to other programs or computers by copying itself repeatedly**Worm**–a standalone piece of malware that can disrupt a network by copying itself repeatedly without human interaction

<– 4 – Storing Data: Spreadsheets and Databases | 6 – The Internet –>