aboutsummaryrefslogtreecommitdiff
path: root/en_GB/Introduction to Information Security/introduction_to_information_security.md
diff options
context:
space:
mode:
authorLeonard Kugis <leonard@kug.is>2020-03-09 16:27:10 +0100
committerLeonard Kugis <leonard@kug.is>2020-03-09 16:27:10 +0100
commit1e3ca9ff919d9705f47739247ed9c245e8e82d1a (patch)
treebed6ee74004a1ea5b230f87a36df2ec4b5d07447 /en_GB/Introduction to Information Security/introduction_to_information_security.md
parent118c8650d925d24443ca2c71b053be5ce23fdedd (diff)
IntroSec
Added privacy chapter.
Diffstat (limited to 'en_GB/Introduction to Information Security/introduction_to_information_security.md')
-rw-r--r--en_GB/Introduction to Information Security/introduction_to_information_security.md52
1 files changed, 51 insertions, 1 deletions
diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md
index 60774c8..f8e5f93 100644
--- a/en_GB/Introduction to Information Security/introduction_to_information_security.md
+++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md
@@ -353,7 +353,7 @@ In TLS, the Diffie-Hellman values coming from Server to Client are signed with t
### HTTP sessions
-HTTP sessions per se do no end with TCP connections.
+HTTP sessions per se do not end with TCP connections.
To check for Man-In-The-Middle attacks, TCP session state is included in the HTTP digest.
Then the server also checks against his session state. If they are not equal, there is a MitM.
@@ -431,6 +431,56 @@ Privacy is based on the *Universal Declaration of Human Rights*. No one shall be
- Ownership: What may others do with your data?
- Nuisance: Right to be let alone
+### EU Data Protection Directive
+
+Member states shall protect the rights guaranteed in the *Universal Declaration of Human Rights*.
+But member states shall also not restrict the free flow of data between states.
+Tese *directives* are not *laws*. It is up to the states to implements the *directives* how they like.
+
+#### Terminology
+
+- Personal Data: Any information relating to a *data subject*.
+- Data Subject: Living person to whome personal data relates.
+- Data Controller: The entity determining the purposes and means of the processing of data. Mostly some kind of authority.
+- Data Processor: The entity processing the data on behalf of the controller.
+
+#### Summary
+
+- Processing personal data must have a legitimate purpose.
+- If neccessary, it must be kept up to date.
+- It might not be stored longer than neccessary.
+- Processing is neccessary under several conditions (law obligation of the processor, protect vital interests, ensure performance of task).
+- Processing only after consent of data subject.
+- Data subjects have the right to access their data.
+- No transfer of data to non EU countries.
+
+### EU General Data Protection Regulation (GDPR)
+
+- Penalties: 4% of annual global turnover.
+- Request consent in a more accessible form (explainations to the DAU)
+- Breach notification
+- Right to be forgotten
+
+### Tracking
+
+People might get tracked through cookies. *Same Origin Policy* prohibits tracking from third parties,
+but including resources such as images or ads on the primary website, the client fetches these resources
+from the tracking party, which is the origin in that view.
+
+#### Cookie syncing
+
+Links cookies together to match information and collect rich profiles about users.
+
+- *Demand Side Platform (DSP)*: Operates as an entity of the advertisers.
+- *Data Management Platform (DMP)*: Servers DSPs with historical user data.
+
+1. User visits website containing ad.
+2. Ad request is sent to the DSPs, unique user ID is created and stored in cookie.
+3. DSP calls pixel URL on DMP.
+4. DMP checks ID sent from DSP and if ID already exists in database.
+5. DMP puts own ID in matching table, mapping DSP ID and DMP ID together.
+6. In bidirectional sync, DMP also passes his ID to DSP for his map.
+
## Crypto Analysis
### Side Channel Analysis