Chapter 4 Cyber Security

Learning Objectives

    • Define the terms, Cyber Security, Cyber Attack, and Data Breach
    • Explain Financial Fraud
    • Explain the principle of KYC
    • Identify 5 federal laws that address computer crimes
    • Discuss a DSA
    • Define the 3 tenets of Security
    • Discuss how CIA can be implemented in Fintech to minimize Cyber Attack incidents
    • Define Cryptography and Encryption and how they protect FinTech systems

 

Case Study – The Colonial Pipeline Cyber Attack

According to the Colonial Pipeline Company, on May 7, 2021 the company learned that it was the victim of a cyberattack. Malicious actors reportedly deployed “ransomware” against the pipeline company’s business systems. Ransomware is a type of malicious software that is used to deny access to information technology (IT) systems or data and hold the systems or data hostage until a ransom is paid. A joint DHS/FBI advisory notice confirmed that DarkSide ransomware was used in the attack. This notice explained that to ensure the safety of the pipeline, the company had proactively disconnected certain systems that monitor and control physical pipeline functions so that they would not be compromised. As of May 12, there were no indications that these operational systems had been breached. However, disconnecting these systems resulted in a temporary halt to all pipeline operations. On May 13, Colonial Pipeline reported that it had restarted its pipeline and that product delivery had resumed to all markets.

in 2023, the US Government released its findings in this report:

The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years

“Today marks two years since a watershed moment in the short but turbulent history of cybersecurity. On May 7, 2021, a ransomware attack on Colonial Pipeline captured headlines around the world with pictures of snaking lines of cars at gas stations across the eastern seaboard and panicked Americans filling bags with fuel, fearful of not being able to get to work or get their kids to school. This was the moment when the vulnerability of our highly connected society became a nationwide reality and a kitchen table issue.

The good news is that since that event, the Biden-Harris Administration has made significant strides in our collective cyber defense, harnessing the full power of the U.S. government to address the full spectrum of the threat. At the Cybersecurity and Infrastructure Security Agency (CISA), we have been laser focused on improving resilience across our Nation’s critical infrastructure. Recognizing that organizations need a simple way to access actionable and timely cybersecurity information, we developed stopransomware.govto provide a central location for alerts and guidance for businesses and individuals. Recognizing that only cohesive collaboration across government will scale to meet the threat, we launched the Joint Ransomware Task Force with our FBI partners to orchestrate the federal government’s response to the epidemic of ransomware. And recognizing the need to bring together industry, government, and internal partners and tear down siloes that create gaps for the adversary, we established the Joint Cyber Defense Collaborative (JCDC)—a concept born out of the U.S. Cyberspace Solarium Commission on which one of us served as a Commissioner—to catalyze a community of experts on the front lines of cyber defense—from across the public and private sectors—to share insights and information in real time to understand threats and drive down risk to the nation.

Since its establishment, the JCDC led the national response to one of the most extensive software vulnerabilities discovered; played a central role in CISA’s Shields Up campaign to protect critical infrastructure from potential Russian cyber-attacks; and, along with our partners at the Transportation Security Administration (TSA), brought together more than 25 major pipeline operators and industrial control systems partners to strengthen security practices to safeguard the operational technology networks critical to pipeline operations, efforts that complement the Security Directives TSA issued in the aftermath of the attack on Colonial Pipeline. Separately, with the support of Congress, we expanded our capability known as “CyberSentry” which enables heightened visibility into and more rapid detection of cyber threats that could target our nation’s most critical operational technology networks. Finally, we worked to help organizations of all sizes and skill levels prioritize the most impactful cybersecurity investments with the introduction of cybersecurity performance goals, or CPGs.

While we should welcome this progress, much work remains to ensure the security and resilience of our critical infrastructure in light of complex threats and increasing geopolitical tension. The U.S. Intelligence Community issued a stark warning of a potential future in its recent Annual Assessment, noting that “If Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure…China almost certainly is capable of launching cyber-attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.

  • We cannot afford to dismiss this warning. We must do everything today to be prepared for such a scenario. First, we must ensure that the technology that underpins the services that Americans rely on every hour of every day is safe and secure. For too long, we have sacrificed security for features and speed to market, leaving us increasingly vulnerable, with the burden of security placed on those least able to bear it. As listed in one of the core pillars in the President’s National Cyber Strategy we need security to be built into the creation of new technology—as a foundational imperative—rather than bolted on at the end requiring continuous security updates from consumers.
  • Second, we need to prioritize cybersecurity at the highest levels. The days of relegating cybersecurity to the CIO or the CISO must end. CEOs and Boards of Directors must embrace cyber risk as a matter of good governance and prioritize cybersecurity as a strategic imperative and business enabler.
  • Third, we must continue to invest in the JCDC model of persistent and proactive operational collaboration between government and industry where the default is to share information on malicious cyber activity, knowing that a threat to one is a threat to all.
  • Finally, we need to normalize cyber risks for the general public with the recognition that cyber-attacks are a reality for the foreseeable future. We cannot completely prevent attacks from happening, but we can minimize their impact by building resilience into our infrastructure and into our society. We need to look no further than our Ukrainian partners for an example of the power of societal resilience.

These changes are not easy, but we need to hold ourselves accountable to the hard lessons learned from two years ago. Are we going to make the choices that will lead us to a secure, resilient, and prosperous future or are we going to allow inaction to dictate a future in which our national security and our way of life hang in the balance? We have proven that it can be done but only if we act now…together

Cybersecurity and Infrastructure Security Agency (CISA). (n.d.). The attack on Colonial Pipeline: What we’ve learned and what we’ve done over the past two years. Retrieved from The attack on Colonial Pipeline.

Computer Crimes

Computer Crimes have become a daily occurrence, carried out against individuals, corporations, and governments and across all industry sectors. With every incident, we learn more of what went wrong and attempt to remedy the fault. Cyber Security is a cycle of cat-and-mouse chase game for perpetrators are constantly attempting to identify new weaknesses in newly fortified systems in order to carry their attacks.

A highly detailed digital illustration symbolizing cybersecurity and encryption.
A highly detailed digital illustration symbolizing cybersecurity and encryption. Image generated by OpenAI’s DALL·E

Cyber Security

Cyber security refers to the practice of protecting information systems, data networks, and software applications and programs from digital attacks. These attacks often aim to access, alter, or destroy sensitive information, extort money from users, or disrupt normal business processes. With the ever-growing reliance on technology, cyber security has become a critical aspect of individual privacy, corporate integrity, and national security.

Effective cyber security measures involve multiple layers of protection spread across computers, networks, programs, and data. It requires a well-coordinated effort between technology, people, and processes. Key components include firewalls, antivirus software, encryption, multi-factor authentication, and employee training to recognize threats.

Types of Cyber Attacks

Cyber-attacks come in various forms, each with its distinct method and impacts. The common types of cyber-attacks include:

Malware

Malware, short for “malicious software,” refers to programs designed to harm or exploit systems. Examples include viruses, worms, Trojans, spyware, and ransomware. Malware often infiltrates systems through deceptive links or attachments in emails.

Viruses

A digital-themed image featuring a magnifying glass focusing on the word 'VIRUS' displayed in bold.
Image generated by OpenAI’s DALL·E

A computer virus is a type of malicious software (malware) designed to spread from one computer to another and interfere with normal operations. It attaches itself to legitimate programs or files and executes its code when the infected program or file is opened. Just like a biological virus, it can replicate and spread to other systems, often causing damage to software, stealing data, or making systems unusable.

Computer viruses can be delivered through email attachments, infected software, compromised websites, or even via USB drives. Some viruses are harmless and only create minor annoyances, while others can cause significant harm to individuals, businesses, or even national systems.

Symptoms of a Computer Virus Infection

Detecting a computer virus early is crucial. Below are common symptoms that may indicate your computer is infected:

Slow Performance. The computer or specific applications take longer to load than usual. Processes that were once smooth now feel sluggish or unresponsive.

Frequent Crashes or Errors.  The computer may randomly shut down, restart, or crash. Applications may freeze or generate error messages unexpectedly.

Unusual Pop-ups.  Excessive or irrelevant advertisements, especially ones urging the user to download software, are often signs of adware or malware infection.  Fake antivirus warnings claiming the system is infected can also indicate a virus.

Unexplained Data Loss or Corruption.  Computer files may go missing, become corrupted, or suddenly refuse to open and important documents or programs may appear altered.

Unwanted Program Installations. Programs never installed may appear on the system. Browser extensions or toolbars may be added without the user consent.

Increased Network Activity.  The internet connection may slow down because the virus is consuming bandwidth by sending or receiving data.  Unexplained outgoing emails or messages being sent from the user accounts.

Disabled Security Software. Antivirus or firewall software may become disabled without the user intervention. The user may experience inability to update or run security tools.

Unusual Behavior. Computer files or folders may be renamed or moved without user input. The system may behave erratically, such as opening or closing windows on its own.

Excessive CPU or Disk Usage.  The computer may overheat due to high CPU or disk usage caused by the virus.  The task manager may show unknown processes consuming large amounts of resources.

Unfamiliar Emails or Messages.  Friends, family, or colleagues may receive strange messages or emails from the user containing links or attachments. This often indicates the virus is replicating itself and spreading.

Locked Files or Systems.  Some viruses, like ransomware, lock the user out of their own files or system and demand payment for access.

Unusual Sounds or Alerts. Some viruses play sounds, alarms, or even display messages to intimidate or confuse the user.

Ransomware

100's and a chain over a computer.
Image generated by OpenAI’s DALL·E

Ransomware is a type of malicious software (malware) that encrypts the victim’s files or locks them out of their system, making the data inaccessible. The attacker then demands a ransom payment (usually in cryptocurrency) in exchange for the decryption key or to restore access. Ransomware is one of the most dangerous forms of cyberattacks, targeting individuals, businesses, healthcare systems, and government organizations.

Ransomware is typically distributed through phishing emails, malicious links, drive-by downloads, infected software, or exploiting system vulnerabilities. Once installed, it rapidly encrypts files, leaving victims unable to access their own data.

Symptoms of a Ransomware Infection

Detecting ransomware early can help limit the damage. Common symptoms include:

Inability to Access Files.  Files become inaccessible and may have unusual file extensions (e.g., .locked, .encrypted). When one tries to open the files, they see an error message stating the files are corrupted or encrypted.

Ransom Note. A clear sign of ransomware is a ransom note displayed on the screen, often as a text file, HTML page, or a pop-up message. The note typically provides instructions on how to pay the ransom, usually in cryptocurrency like Bitcoin, and sometimes includes a countdown to create urgency.

Unusual File Extensions.  Files may have new, unfamiliar extensions added to their names, indicating they’ve been encrypted (e.g., document.pdf.locked).

Locked Screen In some cases, ransomware (like screen-lockers) completely blocks the computer user from accessing their desktop or system until the ransom is paid.

High CPU Usage. The encryption process often uses a lot of resources, causing the CPU or disk usage to spike without explanation.

Unresponsive Applications. Applications or the operating system may behave sluggishly or crash as ransomware takes control of resources.

Disabled Security Software.   Antivirus, firewall, or other security tools installed on the computer may be disabled or unresponsive.

Pop-up Warnings.  Some ransomware uses intimidating messages claiming the system is infected and demanding immediate payment.

Types of Ransomwares: 

There are many types of Ransomwares, each with each own characteristic.    Some of the most common include:

Encrypting Ransomware.  It encrypts (scrambles) files and demands payment for a decryption key.

Example: WannaCry, Locky.

Locker Ransomware.  It locks the victim out of their system but does not encrypt files.

Example: Police-themed ransomware claiming illegal activity.

Ransomware-as-a-Service (RaaS).  

Cybercriminals offer ransomware tools to others in exchange for a percentage of the ransom.

Double Extortion Ransomware. 

Attackers not only encrypt files but also threaten to release sensitive data publicly if the ransom is not paid.

 Recovering from Ransomware

Recovering from ransomware is challenging but possible.   Common methods of recovery include:

Isolate the Infected System. Immediately disconnect the infected device from the network (including Wi-Fi) to prevent the ransomware from spreading to other devices.

Do Not Pay the Ransom. Paying the ransom is not recommended because it does not guarantee the attacker will provide the decryption key and it encourages further attacks and funds criminal activity.

Identify the Ransomware.  There are several tools such as ID Ransomware or search online to identify the specific strain based on the ransom note or encrypted file extensions.  Some strains have publicly available decryption tools.

Use a Backup.  Having a backup of computer files is key to recovering from Ransomware.  The system can easily be restored by removing the ransomware and reinstalling a fresh copy of all computer files and data from the backup.

Use of Decryption Tools.  Many cybersecurity organizations and vendors, such as No More Ransom, provide free decryption tools for certain ransomware strains.  A check their database may reveal a solution exists for the type of ransomware.

Remove the Ransomware.  There are many reputable antivirus or anti-malware software to remove the ransomware from a computer system.  Typically, a “re-boot” of the system in Safe Mode is necessary to prevent the ransomware from interfering with removal tools.

Report the Incident.  Notify local authorities or cybersecurity agencies about the attack (e.g., the FBI’s Internet Crime Complaint Center in the U.S.).  Reporting helps track and combat ransomware activity globally.

Rebuild the System.  If no backup or decryption tools are available, a wipe of the system and a reinstall the operating system and applications would be required.  Only restore files from a backup that is confirmed to be clean

Spyware

A futuristic and highly detailed digital illustration symbolizing surveillance and cybersecurity.
Image generated by OpenAI’s DALL·E

Spyware is a type of malicious software (malware) that secretly hides and operates by being stealthy. It infiltrates a computer or mobile device to collect information without the user’s knowledge or consent. The collected data can include sensitive information like browsing habits, login credentials, financial details, or personal files. Spyware typically operates silently, making it difficult to detect without specific tools.   Spyware can be used for various purposes, such as stealing personal or corporate information, tracking online activities, or even monitoring an individual for surveillance purposes.

How Spyware Works 

Spyware, as mentioned earlier is typically downloaded by unsuspecting users.  Some of the methods used to entice the user include:

Phishing Emails. Spyware can be installed through attachments or links in phishing emails.

Malicious Websites. Visiting compromised websites can result in drive-by downloads of spyware.

Software Bundles. Legitimate-looking software or apps may include spyware hidden within.

Pop-ups and Ads. Clicking on fake ads or pop-ups can trigger spyware downloads.

USB Drives. Spyware can spread via infected USB drives plugged into a device.

Once installed, spyware runs silently in the background.  It may alter system settings or disguise itself as a legitimate program to avoid detection.  Spyware monitors activities like keystrokes, browsing history, or even webcam and microphone usage. Collected data is transmitted back to the attacker or spyware creator.

Types of Spyware

There are several types of spyware.  Some typical ones include:

Keyloggers: Record keystrokes to steal passwords and other sensitive information.

Adware: Tracks browsing habits to show targeted advertisements.

Trojan Horse Spyware: Disguised as legitimate software, it gains access to personal data.

Tracking Cookies: Collect data about browsing habits, often for marketing purposes.

System Monitors: Track all system activities, including emails, file usage, and internet browsing.

Symptoms of Spyware Infection

Spyware often operates stealthily, but certain signs may indicate its presence. These include:

Sluggish Performance. The computer may run slower than usual as spyware consumes resources in the background.

Increased Pop-ups.  Excessive ads or pop-ups, even when not browsing the internet.

Unusual Browser Behavior. The default search engine, homepage, or browser settings may change without the user permission. The user may be redirected to unfamiliar or malicious websites.

Unexplained Data Usage.  Spyware often sends collected data to external servers, increasing internet usage.

Battery Drain.  Mobile devices infected with spyware may experience faster battery drain due to continuous activity and sometimes excessive heating of the phone is noticeable.

Unauthorized App Installations.  Spyware may install additional apps or programs without the user consent.

Strange System Behavior. Files may disappear, or new, unfamiliar files may appear, Webcam or microphone activity may occur without user initiation.

Frequent Crashes or Freezes.  Spyware can cause system instability, leading to frequent crashes or freezes.

Security Software Alerts.  The antivirus or anti-malware software may detect suspicious activities or unauthorized attempts to access data.

Phishing

Phishing attacks deceive individuals into providing sensitive information, such as login credentials or financial details. Attackers often disguise themselves as trustworthy entities via emails, text messages, or fake websites.

 

Trusted bank example of phishing.
Phishing Trusted Bank By Andrew Levine. CC0

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks

These attacks aim to overwhelm systems or networks with excessive traffic, rendering them inaccessible. While DoS attacks originate from a single source, DDoS attacks use multiple compromised devices.

Man-in-the-Middle (MitM) Attacks

In these attacks, attackers intercept communication between two parties to steal or manipulate data. This often occurs on unsecured Wi-Fi networks or via compromised web applications.

SQL Injection

SQL injection exploits vulnerabilities in web applications to access or manipulate databases. By inserting malicious software code into SQL queries, attackers can retrieve sensitive information such as user credentials.

Zero-Day Exploits

Zero-day attacks exploit vulnerabilities in software that are unknown to the vendor. These attacks are particularly dangerous as they occur before the vulnerability is patched (repaired)

Password Attacks

Cybercriminals use various techniques to crack passwords, including brute force, dictionary attacks, and credential stuffing, to gain unauthorized access to accounts.

Data Breaches

A data breach occurs when sensitive, confidential, or protected information is accessed without authorization. Data breaches can result from cyber-attacks, insider threats, or accidental disclosures.

Causes of Data Breaches

Weak or stolen credentials: Weak passwords or stolen login details are a common entry point.

Unpatched vulnerabilities: Outdated software may contain exploitable security flaws.

Human error: Misconfigurations, lost devices, or accidental sharing of data can lead to breaches.

Phishing and social engineering: Deceptive tactics trick users into revealing information or access credentials.

Impact of Data Breaches

Financial loss: Organizations face fines, legal costs, and lost revenue.

Reputational damage: Trust is eroded among customers, partners, and stakeholders.

Operational disruption: Businesses may experience downtime or loss of productivity.

Identity theft: Personal information can be used for fraudulent activities.

Examples of High-Profile Data Breaches

Equifax (2017): Exposed personal information of over 147 million people due to unpatched software vulnerabilities.

Yahoo (2013-2014): Over 3 billion user accounts were compromised in one of the largest breaches in history.

Target (2013): Cybercriminals accessed credit and debit card information for over 40 million customers via a third-party vendor.

Cyber Security Measures

To counteract cyber-attacks and prevent data breaches, organizations and individuals must implement robust cyber security strategies:

Technical Safeguards

Firewalls: Block unauthorized access to networks.

Encryption: Protect data in transit and at rest.

Antivirus Software: Detect and remove malicious software.

Multi-Factor Authentication (MFA): Adds an extra layer of security to accounts.

Policy and Compliance

Establish clear security policies, including regular software updates, password management, and access controls.

Adhere to regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Employee Training

Human error remains a significant factor in cyber incidents. Regular training helps employees identify phishing attempts, social engineering tactics, and secure their accounts.

Incident Response Plans

Having a plan in place ensures that organizations can respond swiftly to mitigate the impact of breaches or attacks. This includes identifying the breach, containing it, and notifying affected parties.

The Three Tenets of Cybersecurity: Confidentiality, Integrity, and Availability 

Confidentiality, Integrity, and Availability as a lock, shield and drawers.
Image generated by OpenAI’s DALL·E

Cybersecurity revolves around the protection of information and systems from unauthorized access, disruption, or destruction. At its core lie three foundational principles, often referred to as the CIA Triad: Confidentiality, Integrity, and Availability. These three tenets form the backbone of cybersecurity policies, practices, and strategies, serving as guiding principles to ensure secure systems and data protection.

Confidentiality

Confidentiality ensures that sensitive information is accessible only to authorized individuals or systems. This principle protects data from unauthorized disclosure, whether intentional or accidental.

Importance of Confidentiality

In an increasingly interconnected world, safeguarding data from unauthorized access is critical. Breaches of confidentiality can result in identity theft, financial losses, reputational damage, and even national security threats.

Key Strategies to Maintain Confidentiality

  1. Limit and Safeguard Access (known as Access Control). Organizations implement strict access control measures to ensure only authorized personnel can read or modify sensitive data. Access Controls have 4 components:
    • Identification.  Identification is a process that checks the identity of a person attempting to gain access to a system or application. The most common method is username.  Many systems also use account numbers, employee number, Social Security Number, street address, or a house number.  Identification also can be performed through smart cards with special codes embedded in them.  High security applications may sometimes use biometrics (the use of Fingerprints, Voice Prints, or Retina Scan).    
    • Authentication.  Authentication Is the process that assures the requestor (he/she) are truly who they claim to be.  This process has 3 parts:
      • Challenge by answering “Something you know” – This includes passwords, PINs, or other things that you and only you would know. Example could be “who was your 3rd. grade math teacher”.
      • Challenge by answering “something you have” – This includes physical credit cards, driver’s licenses, social security cards, policy numbers, badge numbers, etc.
      • Challenge by “proving something about who you are”.  This includes biometrics such as your retina scans, your DNA, your voice, your fingerprints and your signature.
    • Authorization.  Authorization is the process that ensures that you are authorized to perform the activity you are about to perform on a computer.  For example, based on login credentials, an employee in a department is authorized to see their pay, but only their pay, while their manager can see all his/her department employees’ salaries.
    • Accountability.   Accountability is the ability to trace back an action to a specific person. Organizations maintain log files that record keyboard keystrokes and other activities such as surfing the internet and can play back these actions.
  • Encryption: Encrypt sensitive data both at rest and in transit. Encryption ensures that even if unauthorized individuals gain access to data, it remains unreadable without the appropriate decryption key.
  • Data Masking and Anonymization: Mask or anonymize sensitive data in non-production environments or during analytics to limit exposure.
  • Network Security Measures: Use firewalls, intrusion detection systems (IDS), and virtual private networks (VPNs) to secure communications and prevent unauthorized access.
  • Regular Training: Educate employees about phishing, social engineering attacks, and the importance of protecting sensitive information.

Real-World Examples

  • The unauthorized disclosure of classified government data (e.g., the Edward Snowden case).
  • Breaches involving customer data, such as the 2017 Equifax breach, where personal data of over 140 million people was exposed.

  1. Integrity

Integrity ensures that information is accurate, reliable, and not altered by unauthorized individuals or processes. This principle focuses on maintaining the trustworthiness of data throughout its lifecycle.

Importance of Integrity

Data integrity is critical for decision-making and operations. Compromised or tampered data can lead to catastrophic errors, fraud, or operational failures.

Key Strategies to Ensure Data Integrity

  1. Hashing.

Hashing is the process of converting input data of any size into a fixed-size string of characters, typically a sequence of numbers and letters, called a hash value or digest. This process uses a mathematical function known as a hash function. Hashing is widely used in cybersecurity, cryptography, and data management to ensure data integrity, secure password storage, and more.

Unlike encryption, hashing is a one-way process. Once data is hashed, it cannot be reversed to its original form (except in rare cases of brute force attacks or hash collisions).

How Hashing Works

  1. Input Data: The data being hashed, often referred to as a “message” or “input,” can be of any length—text, files, or other forms of information.
  2. Hash Function: A hash function takes the input data and processes it using a mathematical algorithm.
  3. Hash Value: The output is a fixed-size string of characters, regardless of the input’s length.

For example:

  • Input: Hello, world!
  • Hash Function: SHA-256
  • Hash Value (Digest): a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b42e7e1f10bdee923

Key Characteristics of Hashing

  1. Fixed Output Size: Regardless of the input size, the hash function always produces an output of fixed length. For example, the SHA-256 algorithm always generates a 256-bit (32-byte) hash value.
  2. Deterministic: The same input will always produce the same hash value when hashed using the same algorithm.
  3. Irreversible: Hashing is a one-way process. It is computationally infeasible to retrieve the original input from the hash value.
  4. Collision Resistance: A good hash function minimizes the chances of two different inputs producing the same hash value. Such an event is called a collision.
  5. Fast Computation: Hash functions are designed to compute the hash value quickly.

How Hashing is Formed

Let’s see how a hash is generated in detail using the SHA-256 hash function.

Step 1: Input Data

The input can be any string, file, or data. For example:

  • Input: Hello

Step 2: Padding

Hash functions like SHA-256 often require the input to be a specific length (e.g., a multiple of 512 bits). If the input does not meet this requirement, it is padded to reach the required length.

  • In this case, Hello is padded using a process like appending a 1 followed by enough 0s to make the length valid for the algorithm.

Step 3: Initial Hash Values

The algorithm starts with predefined constants called initial hash values. For SHA-256, these are eight specific 32-bit words.

Step 4: Processing the Input

The padded input is divided into fixed-size blocks (e.g., 512 bits for SHA-256). Each block is processed using a series of operations, including bitwise logic, modular arithmetic, and message compression.

Step 5: Generate Hash Value

The intermediate results from processing each block are combined to form the final hash value.

Example of Hashing Using SHA-256

Input: Hello, world!

Process: Use the SHA-256 algorithm to generate the hash value.

Output:

a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b42e7e1f10bdee923

Popular Hashing Algorithms

  1. Message Digest #5 (MD5):
    • Produces a 128-bit hash value.
    • Commonly used for checksums but is now considered insecure due to vulnerabilities.
  2. Secure Hash Algorithm (SHA) Family:
    • SHA-1: Produces a 160-bit hash value (deprecated due to vulnerabilities).
    • SHA-256: Produces a 256-bit hash value (widely used in cryptography).
    • SHA-3: A newer standard with enhanced security features.
  3. Bcrypt:
    • Specifically designed for password hashing with built-in salting and adjustable computational cost.
  4. Argon2:
    • Winner of the Password Hashing Competition (PHC), designed for secure password hashing with resistance to GPU-based attacks.

Applications of Hashing

  1. Data Integrity:
    • Hash values are used to verify that data has not been altered during transmission or storage. If the hash of the received data matches the original hash, the data is intact.
  2. Password Storage:
    • User passwords are hashed before being stored in a database. When a user logs in, the system hashes the entered password and compares it to the stored hash.
  3. Digital Signatures:
    • Hashing is a critical component in digital signatures, ensuring message integrity and authenticity.
  4. Blockchain:
    • Cryptographic hashes are fundamental to blockchain technology, securing transactions and linking blocks in a chain.
  5. Checksums:
    • Used in software downloads to verify that files have not been corrupted during the download/upload transfer.
  • Version Control and Backups: Maintain backups and use version control systems to ensure that original, unaltered data is recoverable in the event of accidental or malicious modification.
  • Digital Signatures: Implement digital signatures to verify the authenticity and integrity of messages, software, and documents.
  • Access Logs and Auditing: Regularly monitor access logs to detect unauthorized changes or anomalies in data.
  • Data Validation: Employ input validation techniques to prevent injection attacks (e.g., SQL injection), which could compromise the integrity of stored data.

Real-World Examples:

  • Altered financial data in corporate databases leading to inaccurate financial reports.
  • Unauthorized changes to electoral data systems, which can undermine trust in democratic processes.

  1. Availability

Availability ensures that systems, applications, and data are accessible to authorized users whenever they are needed. This principle focuses on minimizing downtime and ensuring continuous operation.

Importance: In today’s fast-paced digital environment, businesses and individuals rely heavily on the availability of data and systems. Disruptions can lead to financial losses, damaged reputations, and, in some cases, risks to human life (e.g., healthcare systems).

Key Strategies to Ensure Availability:

  1. Redundancy and Failover: Design systems with redundancy and failover mechanisms to ensure continuous availability, even in the event of hardware or software failures.
  2. Disaster Recovery Planning: Develop and test comprehensive disaster recovery plans to quickly restore services after an outage or attack.
  1. Load Balancing: Use load balancers to distribute traffic evenly across servers, preventing overload and maintaining uptime during traffic spikes.
  2. Regular Maintenance and Updates: Ensure systems are updated and patched regularly to address vulnerabilities that could lead to disruptions.
  3. DDoS Mitigation: Implement measures to protect against Distributed Denial of Service (DDoS) attacks, which aim to overwhelm servers and make services unavailable.
  4. Service-Level Agreements (SLAs): Define SLAs with service providers to guarantee a specified level of availability and performance.

Real-World Examples:

  • The 2021 Colonial Pipeline ransomware attack, which disrupted fuel supply in the U.S. due to systems being taken offline.
  • Downtime of e-commerce platforms during peak shopping seasons resulting in significant revenue losses.

Licenses and Attribution

CC Licensed Content, Original

This educational material includes AI-generated content from ChatGPT by OpenAI. The original content created by Mohamed Kotaiche from Hillsborough Community College is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License CC BY-NC 4.0

CC Licensed Content Included

Phishing Trusted Bank By Andrew Levine. CC0

Other Licensed Content Included

License

Icon for the Creative Commons Attribution-NonCommercial 4.0 International License

Introduction to FinTech by Mohamed Kotaiche is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted.

Share This Book

Feedback/Errata

Leave a Reply

Your email address will not be published. Required fields are marked *