Cybersecurity & Global Impact

This is the entire exam guide for Module 11: Cybersecurity & Global Impact.

11.1 Data Policies, Privacy & Security Risks

Personally Identifiable Information (PII)

Definition: Information about an individual that identifies, links, relates, or describes them.

Examples of PII:

• Name, email address, home address
• Location / GPS data
• Social Security Number (SSN)
• IP address, biometric data, phone number
• Browsing history, purchase history

Benefits of PII in computing innovations:

• Google Maps uses your location to give navigation directions
• Streaming services use your history to recommend content
• Shopping sites personalize product suggestions
• Accounts and login systems depend on PII to function

Harmful effects / concerns:

• Data breaches expose your PII to criminals → identity theft, stalking, fraud
• Companies sell your data to advertisers without meaningful consent
• Once online, you lose control of your data permanently
• Government surveillance and profiling

Why Are Apps "Free"?

Free apps and websites make money by collecting and selling your data; your email, location, behavior, and preferences are sold to advertisers. You are the product. This is not a bad business model; it is highly profitable.

The Internet as a Postcard

Data packets travel through many routers on their way to a destination; just like a postcard passes through many post offices. Anyone along that route can read a postcard (or an unencrypted packet). This is why encryption is essential on the internet.

Phishing

Definition: Fraudulent emails or websites designed to trick you into giving up sensitive information (passwords, credit card numbers, PII).

Red flags in phishing emails:

• Suspicious or insecure sender domain (not the real company's domain)
• Suspicious links that don't match the displayed text
• Urgency or threats ("Act now or your account will be closed!")
• Poor grammar / spelling
• Unexpected attachments

11.2 Identity Threats

Key Definitions

Defenses

| Threat | Defense | | | - | | Virus | Antivirus software, avoid unknown downloads | | Malware | Keep software updated, use antivirus | | Keylogging | Antivirus, avoid sketchy apps | | Phishing | Verify links, don't click unknown sources | | Social engineering | Don't trust urgency, always verify identity | | Rogue access point | Avoid unknown or duplicate WiFi networks |

11.2–3 Identity & Protecting Data

Authentication Concepts

Security Incident vs. Data Breach

• Security incident: Something went wrong (an attempted or actual attack), but data loss is not confirmed.
• Data breach: Data is confirmed to have been lost or stolen by unauthorized parties.

A breach is always a security incident, but a security incident is not always a breach.

Low-Hanging Fruit (What Hackers Target First)

Hackers first attack common or previously breached passwords; using databases of known leaked passwords (e.g., from haveibeenpwned.com). This is far easier than cracking a new password from scratch.

What Makes a Strong Password?

• Random characters (not dictionary words)
• Mix of uppercase, lowercase, numbers, and special characters
• Longer than 8 characters (12+ preferred)
• Not previously used in a data breach

Multifactor Authentication (MFA)

Definition: Requiring two or more independent factors to verify identity.

Three factor categories:

1. Something you know (password, PIN)
2. Something you have (phone, hardware token)
3. Something you are (fingerprint, face, retina)

Why MFA is more secure than single-factor: Even if a password is stolen, the attacker still needs physical access to the second factor (e.g., your phone). This dramatically reduces the chance of unauthorized access.

Pros: Much stronger security. Cons: Slower login process, dependency on a second device, privacy concerns.

11.2–3 Encryption

Core Definitions

Symmetric vs. Asymmetric Encryption

| | Symmetric | Asymmetric | | -- | | -- | | Keys | Same key for encrypt and decrypt | Public key encrypts, private key decrypts | | Example | Caesar cipher, Vigenere cipher | RSA | | Drawback | Must securely share the key first | Slower, more complex |

Four Encryption Algorithms

1. Caesar Cipher (Symmetric)

• How to encrypt: Shift each letter a fixed number of positions to the right in the alphabet
• How to decrypt: Shift each letter the same number of positions to the left
• How to crack: Brute force; only 25 possible shifts, try all of them
• Example: Shift 3 → A→D, B→E, "CAT" → "FDW"

2. Random Substitution Cipher (Symmetric)

• How to encrypt: Replace each letter with a randomly chosen letter using a substitution table
• How to decrypt: Use the substitution key table in reverse
• How to crack: Frequency analysis; in English, E, T, A, O, I are most common; match frequencies in ciphertext to known letter frequencies

3. Vigenere Cipher (Symmetric)

• How to encrypt: Use a repeating keyword; each letter in the keyword determines the shift for the corresponding plaintext letter
• How to decrypt: Know the keyword, apply shifts in reverse
• How to crack: First determine keyword length (using index of coincidence or Kasiski method), then apply frequency analysis to each shifted group
• Example: Keyword "CAB" (C=2, A=0, B=1) applied to "HELLO" → shift H by 2, E by 0, L by 1, L by 2, O by 0

4. RSA / Public Key (Asymmetric)

• See full RSA section below

11.4 Secure Key Exchange; Diffie-Hellman

What Is Diffie-Hellman?

DH is a key exchange protocol, NOT encryption. It allows two parties to agree on a shared secret key over a public (insecure) channel without ever transmitting the key itself. That shared key is then used in a symmetric encryption algorithm.

Why Modular Arithmetic?

MOD is a one-way function; easy to compute forward, computationally hard to reverse. Even if an eavesdropper knows p, g, and the public values A and B, they cannot feasibly determine the private keys a or b.

DH Formulas (MEMORIZE)

Publicly agreed upon: prime number p, generator number g

Alice's private key: a
Bob's private key: b

Alice computes and sends:  A = g^a mod p
Bob computes and sends:    B = g^b mod p

Alice computes shared key: K = B^a mod p
Bob computes shared key:   K = A^b mod p

Both arrive at the same K.

DH Worked Example (p=23, g=11, a=6, b=5)

A = 11^6 mod 23 = 1771561 mod 23 = 11   → Alice sends 11 to Bob
B = 11^5 mod 23 = 161051 mod 23 = 7     → Bob sends 7 to Alice

Alice: K = 7^6 mod 23 = 117649 mod 23 = 4
Bob:   K = 11^5 mod 23 = 161051 mod 23 = 4

Shared secret key K = 4 ✓

Using the DH Key

Once K is established, it is used as the key in a symmetric cipher (like Caesar or Vigenere) to actually encrypt messages.

Example (from journal): K=4, message = "I have the key"

• Caesar Cipher (part a): Shift each letter right by 4
  • I→M, h→l, a→e, v→z, e→i, t→x, h→l, e→i, k→o, e→i, y→c
  • Ciphertext: "M lezi xli oic"
• Vigenere (part b): Spaces replaced with _, K=4 → first letter of key = E (4th letter). Key = E, F, G. Apply repeating shifts.

DH Disadvantages

• Man-in-the-middle (MITM) attack: An attacker (Eve) can intercept A and B, substitute her own values, and establish separate keys with Alice and Bob; neither knows.
• Does not encrypt: DH only creates a shared secret; it does not provide encryption or authentication by itself.

11.5 Public Key Encryption; RSA

Overview

RSA is a type of asymmetric encryption that uses:

• A public key (n, e) → used to encrypt
• A private key (n, d) → used to decrypt

The sender (Bob) does NOT need the receiver's (Alice's) private key. He only needs her public key to send a secure message. Only Alice can decrypt it using her private key.

How RSA Differs from DH

| | Diffie-Hellman | RSA | | -- | | - | | Purpose | Key exchange only | Encryption + authentication | | Authentication | No; vulnerable to MITM | Yes; provides authentication | | Key type | Symmetric shared secret result | Asymmetric public/private key pair |

RSA Setup Formulas (MEMORIZE)

Step 1: Choose two prime numbers p and q
Step 2: n = p × q
Step 3: m = (p-1)(q-1)
Step 4: Choose e → smallest integer where: 1 < e < n AND gcd(e, m) = 1
         (start testing from e=2 upward)
Step 5: Find d → smallest integer where: (e × d) mod m = 1
Step 6: Public key = (n, e)
        Private key = (n, d)

RSA Encrypt & Decrypt Formulas

Encrypt:  C = H^e mod n     (H = original message value, C = ciphertext)
Decrypt:  H = C^d mod n

RSA Worked Example (p=7, q=11, message H=2)

n = 7 × 11 = 77
m = (7-1)(11-1) = 6 × 10 = 60
e = 7  (test: gcd(2,60)=2 ✗, gcd(3,60)=3 ✗, gcd(4,60)=4 ✗, gcd(5,60)=5 ✗, gcd(6,60)=6 ✗, gcd(7,60)=1 ✓)

Public key = (77, 7)

Encrypt: C = 2^7 mod 77 = 128 mod 77 = 51

Find d: (7 × d) mod 60 = 1
Test d=43: 7 × 43 = 301, 301 mod 60 = 1 ✓
Private key = (77, 43)

Decrypt: H = 51^43 mod 77 = 2 ✓

Why Is RSA Secure?

• Uses extremely large prime numbers (77-digit long in real applications)
• The only known way to crack RSA is brute force; trying all possible values
• This is a computationally hard problem; would take longer than the age of the universe with current hardware
• Uses modular arithmetic (one-way function) and exponentiation

Certificate Authorities (CAs)

A trusted third party that issues digital certificates, which verify that a public key actually belongs to who it claims to belong to. This solves the MITM problem in RSA by authenticating the public key owner.

RSA vs. DH Summary

RSA provides authentication (proves who you're talking to), whereas DH only creates a shared key with no identity verification.

11.7 Steganography

Definition

Steganography: Hiding the existence of a message so that others don't even know a secret is being communicated. The message is concealed within a cover medium (like an image).

Steganography vs. Encryption

How LSB (Least Significant Bit) Steganography Works

Every pixel in an image is represented in binary. For example:

00100100
       ↑ least significant bit (LSB)

To hide data, you change only the last 1–2 bits of each pixel's binary value. This causes an imperceptible change to the image visually, but encodes message data.

Example; encoding "cat":

Original pixel: 11111111
Hidden bit:     1111111[1]  ← last bit changed to encode message

Steps to Embed a B&W Message into an Image (from class)

1. Make all red channel values even (ensure no pure blacks that would disrupt the process)
2. Change only the smallest 1 or 2 bits in the binary representation of each pixel to encode the secret message pixels

Compression: Lossy vs. Lossless

Always use lossless compression (e.g., PNG) when working with LSB steganography.

• Lossless: Preserves every bit exactly → hidden LSBs survive
• Lossy (e.g., JPEG): Discards small data changes during compression → destroys the LSBs → secret message is permanently lost and cannot be recovered

Susie's Problem (Review Question 11)

If the hidden message is clearly visible in the output image, she is modifying too many bits or using bits that are too significant. Fix:

• Modify only the least significant bits (last 1–2 bits only)
• Use a high-detail, busy image as the cover (lots of texture/variation makes small changes harder to notice)
• Ensure lossless format (PNG, not JPEG)

Formulas Reference Sheet

Diffie-Hellman Key Exchange

A = g^a mod p          (Alice's public value)
B = g^b mod p          (Bob's public value)
K = B^a mod p          (Alice computes shared key)
K = A^b mod p          (Bob computes shared key)

RSA Encryption

Setup:
  n = p × q
  m = (p-1)(q-1)
  e = smallest int where gcd(e, m) = 1  and  1 < e < n
  d = smallest int where (e × d) mod m = 1

Encrypt:  C = H^e mod n
Decrypt:  H = C^d mod n

Caesar Cipher

Encrypt: shift each letter right by key k
Decrypt: shift each letter left by key k

Vigenere Cipher

Encrypt: for each letter i, shift by keyword[i mod len(keyword)]
Decrypt: reverse the shifts using the same keyword

Full Concept Summary Table