Data Protection Measures
Data protection is essential to secure sensitive information from unauthorized access, loss, or damage. A robust security system must address both physical risks to the hardware and logical risks to the data using advanced authentication and encryption methods.
Learning Objectives
- 12.5.2.5 Explain physical risks to data and protective measures
- 12.5.2.6 Differentiate between biometric verification and identification
- 12.5.2.7 Describe symmetric and asymmetric encryption
- 12.5.2.8 Explain the purpose of Digital Signatures and Digital Certificates
Lesson Presentations
12.1C-data-protection.pdf, 12.1C-encryption-security.pdf · Slides for classroom use
Conceptual Anchor
The Nightclub Bouncer Analogy
Biometric Verification is like handing the bouncer your ID: you claim to be "John", and he checks your face against the ID picture (1-to-1 comparison). Biometric Identification is like the bouncer scanning the crowd to find a known troublemaker without anyone showing an ID (1-to-many comparison).
Rules & Theory
1. Physical Risks & Protection
Before implementing complex software security, the physical hardware must be secured. Physical risks include threats to hardware and data from real-world events such as theft, fire, floods, power surges, and unauthorized physical access.
| Protection Measure | Purpose / How it works |
|---|---|
| Secure Server Rooms | Restricting physical access using locks, biometric scanners, and alarms. |
| Fireproof Safes | Protecting physical backup storage media from fire and extreme heat. |
| UPS (Uninterruptible Power Supply) | Providing temporary battery power during power outages to prevent data loss and protect against power surges. |
2. Biometrics
Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics. The system captures the biometric data, converts it into a mathematical model (a template), and saves it into a secure database.
A Verification vs Identification
| Verification (1-to-1 comparison) | Identification (1-to-many comparison) |
|---|---|
| The system checks if a person is who they claim to be by comparing their live biometric data with their specific stored template. | The system searches the entire database to find a matching template without knowing the person’s identity upfront. |
| Example: Unlocking a smartphone using FaceID. | Example: Identifying a thief using CCTV at an airport. |
B Types of Biometrics
- Physical: Fingerprints, Hand Geometry, Retina Scanning, Iris Scanning, Facial Recognition, DNA Matching, Ear Shape.
- Behavioural: Signature recognition, Voice Recognition, Key Stroke Pattern, Gait (Body Dynamics).
3. Encryption
Encryption is the process of converting readable data (plain text) into unreadable characters (cipher text) so that only authorized parties can access it. The security effectiveness is determined by the strength of the algorithm and the length of the key.
| Symmetric Encryption | Asymmetric Encryption |
|---|---|
| Uses a single key to both encrypt and decrypt the data. | Uses a mathematically linked key pair: a Public Key to encrypt, and a Private Key to decrypt. |
| Faster, but poses a major security risk: the secret key must be safely shared with the receiver. | Slower, but highly secure. The public key is shared openly, while the private key is never shared. |
[Image of Asymmetric Encryption process]
4. Digital Signatures & Digital Certificates
A Digital Signatures
A digital signature ensures the authenticity and integrity of a document. It works by reversing the asymmetric encryption process:
- The sender encrypts a hash of the document using their Private Key. This creates the digital signature.
- The receiver uses the sender's Public Key to decrypt the signature. If it decrypts successfully, it proves the sender genuinely sent it (because only they have their private key) and that the document has not been altered.
B Digital Certificates
An electronic document used to prove the ownership of a public key. It prevents hackers from distributing fake public keys.
- A digital certificate includes information about the key, information about the owner's identity, and the digital signature of an entity that has verified the certificate's contents.
- They are issued by a trusted third party called a Certificate Authority (CA) as part of a Public Key Infrastructure (PKI).
Common Pitfalls
Verification vs Identification
Remember the math: Verification is 1-to-1 (Are you who you say you are?). Identification is 1-to-many (Who are you among this huge database?).
Public vs Private Keys in Signatures
Normally, you encrypt with a Public key and decrypt with a Private key. But to create a Digital Signature, the roles are flipped: the sender encrypts with their Private key, and the receiver checks it using the sender's Public key.
Exam Style Tasks
List three physical risks to computer systems and provide one protective measure for each.
Explain the difference between Physical biometrics and Behavioural biometrics, providing two examples of each.
Explain how a Certificate Authority (CA) uses a Digital Certificate to prevent a hacker from impersonating a legitimate bank's website.
Self-Check Quiz
Q1: What is the purpose of an Uninterruptible Power Supply (UPS)?
Q2: Why is FaceID on a phone considered "Verification" rather than "Identification"?
Q3: What determines the security effectiveness of an encryption method?