Access Rights, Privacy

1
Access Rights, Privacy Confidentiality
2
Learning Objectives

• Explain the importance of varying the access
  allowed to database elements at different times
  and for different categories of user.
• Discuss the problem of maintaining
  confidentiality of data on an open network and
  how to address this problem.
• Explain the need for encryption, authorisation
  and authentication techniques.

3
Example of the need for restricting access 1

• In a banking system, accounts must be updated
  with the day's transactions.
• While this is taking place users must not be able
  to access the database.
• Thus, at certain times of the day, users will not
  be able to use a cash point.

4
Example of the need for restricting access 2

• While a database system is checking stock for
  re-ordering purposes, the POS terminals will not
  be able to use the database as each sale would
  change the stock levels.
• N.B.
• One solution is to only use the database for
  querying prices and to create a transaction file
  of sales which can be used later to update the
  database.

5
Example of the need for restricted views of the
database

• A large hospital has a large network of
  computers.
• There are terminals in reception, on the wards
  and in consulting rooms.

6
Example of the need for restricted views of the
database

• Receptionists access rights
• Check the patient's name and address when a
  patient registers
• but not
• the drugs to be administered nor to the patient's
  medical history.

7
Example of the need for restricted views of the
database

• Nurses access rights
• Same data as the receptionists and to the
  information about the drugs to be given so they
  can administer them
• but not
• patients' medical histories.

8
Example of the need for restricted views of the
database

• Consultants
• Need to access all the data.

9
Usernames Passwords

• To give levels of security
• All three categories of user of the database,
  receptionist, nurse and consultant, must only be
  allowed to see the data that is needed by them to
  do their job.

10
Other example restrictions

• Consultants have the right to see all the data
  that is in the database but if the terminal is in
  a public place then patients and receptionists
  can see the screen.
• Solution
• Restrict access in public locations irrespective
  of username and password.

11
Hardware method of preventing access

• All terminals have a unique address on their
  network cards.
• DBMS holds these addresses and their locations
  and restricts access to data accordingly.

12
Physical Methods of Restricting Access

• Physical precautions like locking doors /
  keyboards.
• Physical identifiers (fingerprints, iris
  recognition).

13
Encryption

• Provides data security by scrambling (encrypting)
  data to make it unintelligible to anyone who
  intercepts it.
• This involves applying a mathematical function
  (cipher) to the data, using a key value.
• N.B.
• The data could be anything including messages
  e.g. emails etc..
• Decrypt to unscramble encrypted data in order
  to make it intelligible.

14
Public and Private Keys

• Each user has a public / private key pair usually
  created by a Certification Authority (CA).
• The private key is kept secret, while the public
  key may be widely distributed.
• The keys are related mathematically, but the
  private key cannot be practically derived from
  the public key.
• Data encrypted with the public key can be
  decrypted only with the corresponding private
  key.
• A sender sends data / messages encrypted with the
  recipients public key.
• The recipient decrypts the message with their
  corresponding private key.
• The recipient is the only one with this
  corresponding private key so is the only one who
  can decrypt it.

15
Analogy for public-key encryption

• A locked mailbox with a mail slot.
• The mail slot is exposed and accessible to the
  public its location (the street address) is in
  essence the public key.
• Anyone knowing the street address can go to the
  door and drop a written message through the slot.
• However, only the person who possesses the key
  can open the mailbox and read the message.

16
Digital signature

• A digital code sent with the data that uniquely
  identifies the sender and authenticates the data.
• This digital code is a mathematical summary of
  the data which is encrypted with senders private
  key and sent with the data.
• The recipient will decrypt this digital code with
  the senders public key.
• This verifies the sender as he is the only one
  with the corresponding private key.
• The recipient also recalculates the digital code
  of the data received and if this is different to
  the digital code received from the sender then
  the data has been tampered with (as it is a
  mathematical summary of all the data).
• Also helps combat repudiation, i.e. denial of
  involvement in a transaction. Since the owner
  keeps their private key secret, anything signed
  using that key can only have been signed by the
  owner.

17
An analogy for digital signatures

• The sealing of an envelope with a personal wax
  seal which no one else has.
• The message can be opened by anyone, but the
  presence of the seal authenticates the sender.

18
Verification of credentials

• However, a private/public key pair and a digital
  signature do not verify the credentials of the
  sender only that the sender is the one with the
  corresponding private key.
• i.e. A unique individual sent the message but are
  they who they say they are?
• Digital Certificates attempt to do this (next
  slide).

19
Digital certificates

• An electronic document which incorporates a
  digital signature from the CA (encrypted using
  the CAs private key so proves the CA made it) to
  bind together a public key with identity
  information such as the name of a person or an
  organization, their address, and so forth.
• Given to you when you apply for a private /
  public key pair from a CA but only if you prove
  to them and they can prove for themselves that
  you are who you say you are.
• Verifies that the sender is who they say they are
  if you can verify the CA's signature (by
  decrypting the certificate using their public
  key) and trust the CA.

20
Visit the following websites for more information

• http//en.wikipedia.org/wiki/Public_key_cryptograp
  hy
• www.itsecurity.com
• www.verisign.com

21
Plenary

• Using, as an example, the database of student
  records in a school,
• Explain why different users should be given
  different access rights.
• Describe how these access rights can be
  implemented.

22
Plenary

• Different users require different information.
• Information is sensitive/confidential and should
  only be available to those who need it.
• Secretary may need contact information.
• College nurse may need medical information.
• Subject tutors may need academic information.
• Personal tutor needs social information.
• Principal can see all (but medical information)
• Students allowed RO access to their own record.
• Technician allowed to alter structure but not to
  see data.

23
Plenary

• Passwords arranged as hierarchy to verify user
  ID.
• User ID identifies areas available to user.
• Particular machines allow different access.
• Physical precautions like locking doors /
  keyboards.
• Encryption of information.
• Physical identifiers (fingerprints, iris
  recognition).

24
Plenary

• State the meanings of the terms
• encryption,   
• message authentication
• and explain how they are used to maintain
  confidentiality of messages.

25
Plenary

• Encryption
• Makes messages unintelligible
• Provides security for data by making it
  impossible to understand
• Key used to encrypt data and another to decrypt
  it
• Use of public and private keys

26
Plenary

• Message Authentication
• Method of ensuring that message is from the
  person it claims to be from
• Use of digital signature created using private
  key which can only be done by owner of key
• Digital certificate from authority to
  authenticate author of message.