Cyber Law and Forensic

Cyber Law and Forensic
IT 841
Unit I
Cyber Security:
What You Need to Know?
2
99-1 Principle (Roughly)
99% of the attacks are thwarted by basic hygiene and some luck
DO
Think before you click etcetera
Up-to-date anti-virus, firewall and site advisor
BUT
Some new attacks may get through. However, attacker may only use your machine
to attack others and not attack you per se.
Will not prevent data loss by merchants and other servers. However, still have
safety in numbers. Attackers can steal a lot of account numbers but can exploit
much fewer.
1% of the attacks are difficult and expensive to defend or detect

For most individuals
We are simply not an attractive enough target.
For the US Department of Defense and its contractors
A huge target. Current score: 50-1 in favor of attackers (roughly)
For companies in less sensitive businesses 3
A serious threat to be taken seriously

Weakest Link: Password Reset
Typically done via secret questions and email to preferred email account
Mothers aide a e?
Fathers iddle a e?
Fa orite pets a e?
etcetera
As detailed i the posti gs, the Pali ha k did t e ui e a y eal skill. I stead, the
ha ke si ply eset Pali s passwo d usi g he i thdate, )IP ode a d i fo atio
about where she met her spouse the security question on her Yahoo account,
whi h was a swe ed Wasilla High y a si ple Google sea h.
Password reset on preferred email account itself done via secret questions
Conundrum
Real answers easy to remember but discoverable via Google
False answers hard to remember but safe from Google
4
Crystal Ball: In the Year 2025
PRIVACY
Expectation (and delivery) of privacy is close to zero
E-COMMERCE SECURITY
Close to perfect
NATIONAL AND CORPORATE SECURITY

The nation-state threat should be better contained
The asymmetric non-nation-state threat will remain
5
Crystal Ball: In the Year 2025
PAST, PRESENT
Cyber security is a young and immature field
The attackers are more innovative than defenders
Defenders are mired in FUD (fear, uncertainty and doubt) and fairy
tales
Attack back is illegal or classified
FUTURE
Cyber security will become a scientific discipline
Cyber security will be application and technology centric
C er se urit ill e er e sol ed ut ill e a aged
Attack back will be a integral part of cyber security
6
Cyber Security: Major Trends
Security Objectives:
Black-and-white to shades of grey
Attackers:
Innovative beyond belief
Defenders:
Need new doctrine
7
Cyber Security: Major Trends
Attackers:
Defenders:
Need new doctrine
8
Cyber Security Objectives
INTEGRITY AVAILABILITY
authenticity access
CONFIDENTIALITY
disclosure
9
World-Leading Research with Real-World Impact!
Cyber Security Objectives
USAGE
purpose
INTEGRITY AVAILABILITY
authenticity access
CONFIDENTIALITY
disclosure
10
Cyber Security
Objectives
USAGE
purpose
INTEGRITY USAGE AVAILABILITY

authenticity access
CONFIDENTIALITY
disclosure
11
Cyber Security: Major
Trends
Attackers:
Defenders:
Need new doctrine
12
Attackers: Innovative Beyond Belief
Major Innovations
Botnets
Robust underground economy and supply chain
Targeted attacks
Stealthy attacks
Some Examples
Drive by downloads
Scareware
Doctored online statements
Long-lived stealth attacks
Status
Attackers have sizable inventory of known but unused or rarely used
tricks 13
Innovation will continue

Cyber Security: Major
Trends
Attackers:
Defenders:
Need new doctrine
14
Defenders: Need New Doctrine
OLD: Cyberspace is a supporting infrastructure

NEW: Cyberspace is a war-fighting domain on par with land, sea, air
and space
OLD: Its all defe se, o atta k a k or pree pti e atta k

NEW: Alls fair i ar
OLD: Defend the entire network to the same degree

NEW: Defend selectively and dynamically
OLD: Blame and harass the end user

NEW: The user is part of the solution
OLD: Defe d agai st esterda s atta ks

15
NEW: Be proactive, get ahead of the curve, future-proof
Research Excellence
Secure Information Sharing
Social Computing Security
Cloud Computing Security
Malware Mitigation
Military Grade Security
Infrastructure Assurance and Security
Research Laboratories
FlexCloud: cloud platform
FlexFarm: malware honeyfarm
Community exercises: the real real-world
Core Differentiators
the flagship for cyber security research at UTSA
unique amongst the myriad academic cyber security centers in the country
due to their demonstrable emphasis on real-world impact 16
Digital signature overview
Informal definition
Informally, a digital signature is a technique for establishing the origin
of a particular message in order to settle later disputes about what
message (if any) was sent.
The purpose of a digital signature is thus for an entity to bind its identity
to a message.
We use the term signer for an entity who creates a digital signature,
and the term verifier for an entity who receives a signed message and
attempts to check whether the digital signature is correct or not.
Digital signatures have many attractive properties and it is very
important to understand exactly what assurances they provide and what
their limitations are.
While data confidentiality has been the driver behind historical
cryptography, digital signatures could be the major application of
cryptography in the years to come.
18
Electronic signatures
The European Community Directive on electronic signatures
refers to the concept of an electronic signature as:
data in electronic form attached to, or logically connected with, other

electronic data and which serves as a method of authentication
What different things can you think of that might

satisfy this rather vague notion of an electronic
signature?
19
Advanced electronic signatures
The European Community Directive on electronic signatures
also refers to the concept of an advanced electronic
signature as:
an electronic signature that is:

1. uniquely linked to the signatory
2. capable of identifying the signatory
3. created using means under the sole control of the signatory
4. linked to data to which it relates in such a way that subsequent changes in
the data is detectable
20
Security requirements
We will define a digital signature on a message to be some data that provides:
Data origin authentication of the signer

A digital signature validates the message in the sense that assurance
is provided about the integrity of the message and of the identity of
the entity that signed the message.
Non-repudiation
A digital signature can be stored by anyone who receives the signed
message as evidence that the message was sent and of who sent it.
This evidence could later be presented to a third party who could
use the evidence to resolve any dispute that relates to the contents
and/or origin of the message.
21
Input to a digital signature
The message
Since a digital signature needs to offer data origin authentication (and
non-repudiation) it is clear that the digital signature itself must be a piece
of data that depends on the message, and cannot be a completely
separate identifier.
It may be sent as a separate piece of data to the message, but its
computation must involve the message.
A secret parameter known only by the signer
Since a digital signature needs to offer non-repudiation, its calculation
must involve a secret parameter that is known only by the signer.
The only possible exception to this rule is if the other entity is totally
trusted by all parties involved in the signing and verifying of digital
signatures.
22
Properties of a digital signature
Easy for the signer to sign a message
There is no point in having a digital signature scheme that involves
the signer needing to use slow and complex operations to compute
a digital signature.
Easy for anyone to verify a message
Similarly we would like the verification of a digital signature to be as
efficient as possible.
Hard for anyone to forge a digital signature
It should be practically impossible for anyone who is not the
legitimate signer to compute a digital signature on a message that
appears to e alid. B appears to e alid e ea that a o e
who attempts to verify the digital signature is led to believe that
they have just successfully verified a valid digital signature on a
message.
23
Arbitrated digital signatures
2 3
KS Arbitrator
KV
1
4
Signer KS KV Verifier
24
Arbitrated digital signatures
1.
Explain why arbitrated digital signatures
a)
meet the security requirements
b)
have the properties that we required
for a digital signature.
2.
How does the verifier check the first MAC, computed using KS?
3.
What is the main (practical) problem with implementing arbitrated
signatures?
25
True digital signatures
The vast majority of digital signature techniques do not involve having to
communicate through a trusted arbitrator.
A true digital signature is one that can be sent directly from the signer
to the verifier. For the rest of this unit when we say digital signature we
mean true digital signature.
True digital signature Public key encryption

requirements requirements
Only the holder of some secret Anyone can encrypt a
data can sign a message message
Anyone can verify that a Only the holder of some secret

signature is valid data can decrypt a message
26
A naive approach
1.
Given the apparent symmetry of the requirements for public key
encryption and digital signatures, propose a nave approach to
designing a digital signature scheme.
2.
State two reasons why the above approach is nave.
27
2. Hash functions
Hash functions
A hash function is a mathematical function that generally has the
following three properties:
1. Condenses arbitrary long inputs into a fixed

length output
You stuff as much data as you want into the function, and it
churns out an output (or hash) that is always the same fixed
length.
In general this hash is much smaller than the data that was put
into the function.
Because the hash is a smaller thing that represents a larger
thing, it sometimes referred to as a digest, and the hash function
as a message digest function.
29
Hash functions
2. Is one-way
The hash function should be easy to compute, but given the hash of
some data it should be very hard to recover the original data from
the hash.
3. It is hard to find two inputs with the same output
It should be hard to find two different inputs (of any length) that
when fed into the hash function result in the same hash (collision
free).
Note that it is impossible for a hash function not to have collisions. If
arbitrarily large inputs are all being reduced to a fixed length hash
then there will be lots of collisions. (For example - it is impossible to
give each of 60 million people a different 4 digit PIN.) The point is
that these collisions should be hard to find.
30
Hash functions?
Consider the following two mathematical functions and explain whether

they satisfy each of the properties of a hash function or not:
Multiplying two prime numbers together
Reducing a number modulo n
31
Practical hash functions?
There are several hash functions in common use that are believed
to be secure enough for general use.
Can you name them?
32
Hash functions and data integrity
A hash function provides a weak notion of data integrity.
If we had a list of MD5 hashes which contained information on all of our
operating system files on our home computer you could verify the values of your
files in the list and see which files have been changed or have been updated by
say a virus.
BUT
If a virus replaced the system file it could also replace the MD5 values in your
list with new ones and you would not be aware this had happened
33
Hash function applications
Digital signatures with appendix: hash-functions are used to bind data together
and make the signature process more efficient.
Password storage: hash-functions are sometimes used to store highly confidential

data such as passwords.
Cryptographic protocols: hash-functions are often used within cryptographic

protocols (including entity authentication protocols) to bind different data items
together.
Hash-functions can be used as components from which to construct other

cryptographic primitives .
34
Is a MAC a hash function?
Have a fixed length output
Rely on a symmetric key
Provide data origin authentication (and data
integrity)
Typically constructed from block ciphers or hash
functions
Is a MAC a hash function?
35
HMAC
MAC = h( K || h( K || message ) )
36
3. Digital signature algorithms
Some caveats
We will focus this section on describing digital signatures based on RSA. Please
note:
Although we only describe in detail how to implement digital signatures

using RSA, there are many other examples of (true) digital signatures
that are not based on RSA
The RSA public key cipher system has some special properties that
allow it to be used for both encryption and digital signatures not all
public key cipher systems can be used to generate digital signatures,
and neither can all digital signature algorithms be used as public key
cipher systems
We will see two different methods of implementing true digital
signatures using RSA these two techniques can also be used for some
other digital signature algorithms
The process described here is simplified please consult relevant
standards before making an actual implementation
38
Motivating different types of signature
Suppose that you receive a digitally signed message that

you are expected to be able to verify. Imagine that the
message that is being signed is a random binary string.
To verify it you apply a publicly known process that does
not involve any secret parameters.
Remember that an attacker could modify the signature on
its way to you, changing a few bits here and there.
How are you going to know, just by performing a
verification of the digital signature, what message the
signature applies to and hence whether the signature is
valid?
39
Creating an RSA signature with appendix
message
1
hash
function message
3
signature
hash
signature
2
Signature
signature key
algorithm
40
Hashing before signing
There are two reasons why a message is hashed before it is signed

using RSA.
What are they?
41
Verifying an RSA signature with appendix
message
signature
1
2
hash
Verification
verification key function
algorithm
=?
3
Decision
42
RSA is special
You cannot obtain a digital signature scheme by swapping the
roles of the private and public keys of any public key cipher
system
You cannot obtain a public key cipher system by swapping

the roles of the signature and verification keys of any
digital signature scheme
Optional Task!
Express the operations involved in RSA signatures
mathematically to check that the process of verifying an RSA
signature with appendix does indeed work.
Now identify the special property of RSA that allows it to be used
as both an encryption and a signature algorithm.
43
Key separation
In real applications you should avoid using the
same RSA key pair for both encryption and for
digital signatures.
The reason is that good key management follows a principle known

as key separation, where any cryptographic key has a specific role
and is not used for different purposes.
Thus, properly implemented versions of RSA that are to be used for
both encryption and digital signatures should issue each user with
two key pairs:
a public / private key pair for encryption
a verification / signature key pair for digital signatures
These different key pairs should be carefully managed to ensure that
they are only used for the designated purpose.
44
RSA signatures with message recovery
Signer Verifier
message message
add remove
padding / 1 4 padding /
redundancy redundancy
signature Signature Verification verification

2 3
key algorithm algorithm key
signature
45
Digital Signature Algorithm
Although there have been many different proposals for digital signature schemes,
only two systems have thus far proved to be fairly popular.
RSA digital signatures are one, and the other is a digital signature scheme based
on ElGamal that was proposed as the Digital Signature Algorithm (DSA) and
standardised by the U.S. Government as the Digital Signature Standard.
The DSA is a digital signature with appendix, but it cannot be used as a public key
encryption system in the same way that RSA can be it is a dedicated digital
signature scheme.
46
4. Security issues
Basis of signature security
1.
On what basis does a digital signature offer data origin
authentication?
2.
On what basis does a digital signature offer non-repudiation?
3.
How do the security properties of a MAC and a digital signature
differ?
48
Hand-written v digital signatures
Hand-written Property Digital signatures
signatures
Uniqueness
Accuracy of
creation
Consistency over
messages
Storage
Physical aspects
Difficulty of
forgery
Acceptability
Legal support
49
Two generic attacks
O tai so eo e else s private sig ature key
I a digital sig ature s he e ou are our pri ate ke .
This is one aspect of the problem of identity theft.
Persuade others that so eo e else s pu li

verification key belongs to you
Others will verify it and believe that the message was signed by you.
This is a parti ularl eat atta k e ause ou do ot eed to o tai that
other perso s sig ature ke
An interesting variant of this attack for hand-written signatures arises if you
steal so eo e elses ail he a e redit ard is se t out to the if you
just sign this blank card then you can easily masquerade as them.
50
Two generic attacks
1.
How would you go about stealing someone elses private
signature key?
2.
How would you prevent someone persuading others that your
public verification key is actually theirs?
51
Security of hash functions
Because a hash is shorter than the message, collisions are inevitable

we just want them to be hard to find.
How long does a hash have to be before finding collisions is hard?
52
Suppose that we sign the message Keith owes Fred 10 by hashing it
using a hash function that has a hash of just 2 bits:
there are only four possible hashes: 00, 01, 10 or 11.
Fred receives this signed message, and being a manipulative type he
decides to change the message to Keith owes Fred 100. Of course
Fred does not have Keiths signature key, so he cannot digitally sign
this message. But he doesnt have to he only has to sign the hash!
What is the probability that:

hash (Keith owes Fred 10 ) = hash (Keith owes Fred 100 )?
53
Suppose the hash is 10 bits long in other words about 1000 hashes
1000 requests for 200 1000 request for 8000

1. Pay Fred Piper 200 1. Pay Fred Piper 8000
2. Pay F. Piper 200 2. Pay F. Piper 8000
3. Pay F.C. Piper two hundred 3. Pay F.C. Piper eight thousand
pounds pounds
4. Pay F.C. Piper two hundred 4. Pay F.C. Piper eight thousand
pounds only pounds only
5. Pay two hundred pounds to 5. Pay eight thousand pounds to Mr
Mr Fred Piper Fred Piper
6. . 6. .
Since there are only 1000 different possible values of the hash, there is a
very good chance that there will be at least one match
54
1.
What attack can Fred now launch against a payment clerk?
2.
What lesson have we learnt?
3.
How can this attack be easily avoided in practice?
55
Secure hash functions
In practice a common practical length for a hash is about 160 bits.
This makes finding collisions of the type just described extremely
unlikely, and also represents a significant compacting of the original
message length.
Much shorter hashes than 160 bits are insecure, as we have seen.
Much longer hashes than 160 bits might be secure, but are not as
efficient.
Finding good hash functions has proven to be a significant challenge to
cryptographers.
56
Summary
Digital signatures are in some senses a complimentary

technology to public key encryption, offering data origin
authentication and non-repudiation of digital messages.
Digital signatures have different properties and offer different
guarantees to hand-written signatures.
The security of digital signatures critically relies on the
security of the keys that are used to create and verify them.
57
The Basics of Intellectual Property
Law
If ou do t see a pro le ith this
question, you need this class!
Intellectual Property *
Definition of Intellectual Property Rights:
The group of legal rights associated with patents,
trademarks, copyrights, and trade secrets.
Types of Intellectual Property
Patents
Trademarks
Copyrights
Unfair Competition
Trade Secrets
How to Acquire Rights
Patents
by Application, Examination and Grant
Trademarks & Service Marks
by Use in Interstate Commerce, then
registration
Copyright
by writing something --
perfected by declaration and registration
Types of IP a General Practice Attorney
is Likely to Encounter
Variants of Trade Secrets
Limited rights in technical data
Restricted rights in computer software
Government purpose rights
special license rights
Types of Patents
Utility
Plant
Design
Utility Patent
Whoever invents or discovers any new

and useful process, machine,
manufacture, or composition of matter,
or any new and useful improvement
thereof, may obtain a patent therefor,
subject to the conditions and
requirements of this title. (35 U.S.C.
101)
Plant Patents
Whoever invents or discovers and asexually
reproduces any distinct and new variety of plant,
including cultivated spores, mutants, hybrids, and
newly found seedlings, other than a tuber
propagated plant or a plant found in an
uncultivated state. . . (35 U.S.C. 161)
No bacteria or similar single-cell organisms need apply!
Design Patents
Whoever invents any new, original, and

ornamental design for an article of
manufacture may obtain a patent. (35
U.S.C. 171)
What Is A Patent?
Grant by the U.S. Government to provide
individuals legal protection for their discoveries
(inventions)
Finds basis in Article 1, Section 8, U.S.
Constitution
Co gress is e po ered to ...pro ote the
progress of science and useful arts by securing
for limited times to authors and inventors the
exclusive right to their respective writings and
dis o eries.
Covered by Federal Law (Title 35 USC)
Gives the patent owner the right to prevent
others from making, using or selling the claimed
invention within the United States or Country of Issue.
Life & Duration
Life of utility patent - 17 years from date

of issue of Patent if application filed
before June 95 or 20 years from date of
filing application after June 95
Effective only in the U.S. (foreign patent
applications filed separately based on
U.S. application are available).
INVENTION
PATENTABLE IF........
NEW
USEFUL
NOT OBVIOUS
PERTAINS TO PATENTABLE
SUBJECT MATTER UNLESS
GRANT OF PATENT IS NOT
BARRED
SUBJECT MATTER
PATENTABLE
A PROCESS
A MACHINE
A COMPOSITION OF MATTER
A MANUFACTURE
35 USC Section 101

Pop Quiz
Now that you know what type of material is
patentable, Answer the following questions.
Questions?
Whats a i ro e that eats oil?
Whats a Har ard Mouse?
Whats a ethod of doi g usi ess ith a

computerized system?
What Does a Patent look Like?
Foreign Rights
PCT
Filing within year
Acquiring foreign rights from inventor
Making the Choice
National Filings
Cost
If you have to ask - ou a t afford it
How do we make use of Patents the
command accumulates?
LICENSING AND THE
GOVERNMENT
Or
How to negotiate a successful
partnership.
What is a License?
A contract between licensor and
licensee.
Licensor grants to licensee the right
to practice the technology claimed
in the licensed patent
Licensor agrees not to sue licensee
for i fri gi g li e sors pate t
37 C. F. R.
PART 404 LICENSING OF GOVERNMENT OWNED
INVENTIONS
404.5 Restrictions and conditions on all licenses granted
under this part.
(1) A license may be granted only if the applicant has
supplied the Federal agency with a satisfactory plan for
development or marketing of the invention, or both, and
with information about the applicant's capability to fulfill
the plan.
(2) A license granting rights to use or sell under a federally
owned invention in the United States shall normally be
granted only to a licensee who agrees that any products
embodying the invention or produced through the use of
the invention will be manufactured substantially in the United
States.
Other forms of IP!
Trade & Service

Marks
Marks
Trademarks ,
A trademark identifies tangible good or product of a company or
individual.
Servicemarks , SM
A service mark identifies the services of a provider. Marks used
by a company can function as both.
Trade names
Once a trade name was used to denote any mark descriptive of a
good or service.
Today, it is a company business name.
Acquiring Trademark Rights
Types of trademark
TM - a Trade Mark - used before registration
SM - a Service Mark SM - used before registration
Used in Interstate Commerce
Rights by Registration
Unfair Competition
Misuse of Trade Dress
Passing Off
Can the United States Government
Own a Trade/Service Mark?
YES!!!!
TOMAHAWK
Marine Corp Marathon
NAVYJOBS.COMSM
Let The Journey Begin SM
Can the United States be sued for
Trade/Service Mark Infringement?
YES!!!!!
In 1999, Congress removed Federal Government
sovereign immunity for trademark infringement
including going so far as to allow the US to be sued
in State court.
Other forms of IP
Copyright
Copyrights
Copyright law protects the expression of an idea.
Not the idea itself.
Copyright protects
origi al orks of authorship fi ed i a ta gi le
medium of expression, now known or later developed,
from which they can be perceived, reproduced, or
otherwise communicated, either directly or with the aid
of a a hi e or de i e. ( U..C. 102)
Original
The term original in the copyright law means that
the work originated with the author.
There is no requirement for novelty or uniqueness

as there is in patent law.
Must originate with author.

Fixed in a Tangible Medium
Any stable medium that will record or reproduce
the material is acceptable
Computer software satisfies the fixation the
moment the material is stored
a computer display is considered fixed even if it
appears momentarily and only returns under
certain conditions (games)
Duration
Depends on whether it is pre or post 1 Jan. 1978
Pre - Depends on whether published? Registered,
first term, renewal etc.
Post -
Life of author + 50 years
Work-for-hire 75 years from publication, 100 years from
creation which ever is first
Ownership
Works for Hire - employer is considered the author
when:
work prepared by an employee within the scope or his/her
employment
work specially ordered or commissioned for use as a
contribution to a collective work
Transfer of title v Work-for-Hire
under a work for hire, employer is considered the owner.
Duration 75 years from pub or 100 from creation. Transfer
(assignment etc. 35 years)
Ownership cont..
Joint Works - when 2 or more people make
contributions of authorship with intention
contributions be merged into inseparable work
Government Copyright
17 USC 105
Copyright protection under this title is not available
for any work of the United States Government, but
the United States Government is not precluded
'
from receiving and holding copyrights transferred
to it by assignment, bequest, or otherwise
(including contract).
Fair Use
Limited use without owners permission
criticism, comment, parody, news reporting, teaching,
scholarship or research
criteria
purpose and character of use
nature of original work
amount of work used
extent of harm
Teaching Pop Quiz
Lets Apply the criteria:
Education command wants to reproduce a text book
and distribute to all bases and ships at sea.
Permissible?
Graphs copied and reproduced in slides will be used in
lecture to 150 people. The lecture is going to be video
broadcast to all bases and ships at sea. Permissible?
Using IP to Benefit the Lab
Technology Transfer
2
(T )
Technology Innovation Legislation
Stevenson-Wydler Technology Innovation Act of
1980
Bayh-Dole Act of 1980
Small Business Innovation Development Act of
1982
Cooperative Research Act of 1984
Federal Technology Act of 1986
Technology Innovation (Cont.)
Malcolm Baldridge National Quality
Improvement Act of 1987
Executive Orders 12591 and 12618 of 1987
Facilitating Access to Science and Technology
Other Acts Expanding What Can Be Done:
Defense Authorization Acts
National Competitiveness Technology Transfer Act
Department of Commerce Funding Acts
It is the continuing responsibility of the
Federal Government to ensure the full
use of the results of the Nations Federal
investment in research and development.
To this end the Federal Government shall
strive where appropriate to transfer
federally owned or originated technology
to State and Local Governments and to
Job Description for Researchers!
Each laboratory director shall
ensure that efforts to transfer
technology are considered
positively in laboratory job
descriptions, employee promotion
policies, and evaluation of the job
performance of scientists and
engineers in the laboratory.
CRADA = Cooperative Research and
Development Agreement
FEDERAL LABRATORY ... Personnel
Services
Property
Patent License Agreement
NON-FEDERAL PARTY... Personnel
Services
Property
$$$Money$$$
.
The Advantages of a CRADA
Participants are able to leverage Resources:

Manpower, Facilities, Funding
Technical problems are solved more effectively by
a team effort
Technology base is increased in both
organizations.
Federal tax dollars are more effectively utilized
Benefits to the Government
Researcher
15 USC 3710c
(iii) The agency or laboratory shall retain the royalties and other payments received from an
invention until the agency or laboratory makes payments to employees of a laboratory under
clause (i) or (ii).
(B) The balance of the royalties or other payments shall be transferred by the agency to its
laboratories, with the majority share of the royalties or other payments from any invention going
to the laboratory where the invention occurred. The royalties or other payments so transferred
to any laboratory may be used or obligated by that laboratory during the fiscal year in which
they are received or during the succeeding fiscal year
(i) to reward scientific, engineering, and technical employees of the laboratory, including
developers of sensitive or classified technology, regardless of whether the technology has
commercial applications;
(ii) to further scientific exchange among the laboratories of the agency;
(iii) for education and training of employees consistent with the research and development
missions and objectives of the agency or laboratory, and for other activities that increase
the potential for transfer of the technology of the laboratories of the agency;
(iv) for payment of expenses incidental to the administration and licensing of intellectual
property by the agency or laboratory with respect to inventions made at that laboratory,
including the fees or other costs for the services of other agencies, persons, or
organizations for intellectual property management and licensing services; or
(v) for scientific research and development consistent with the research and development
missions and objectives of the laboratory.
Government Research Money is becoming increasingly scarce.
The Old Way wont work anymore!
Formulate
Hypothesis,
Accumulate
Data, Do
Extensive
Testing!
Formulate a
hypothesis,
Patent it.
Raise $17 million!
The World Intellectual Property Organization
and Its Program for SMEs
Brief History of WIPO
Paris Union 1883

Berne Union 1886
International Bureau combined 1893
WIPO Convention 1967
UN Specialized Agency 1974
184 Member States (as of end of
October 2010)
Basic Facts about WIPO
WIPOs Mission:
To promote the protection of IP rights
worldwide and extend the benefits
of the international IP system to all
member States
Status: An intl intergovernmental organization

Member States: 184
Observers: 250 +
Staff: 950 from 101 countries
Treaties Administered: 24
Decisions by: GA, CC, WIPO Conference
WIPO
Effort to demystify IPR and make it more accessible
and relevant to a broader group of people
IP no longer to be seen from solely a legal
perspective but also its place in the society as a tool
for economic growth
A means to an end, and not an end in itself.
WIPOs Ma date
WIPO is dedicated to developing a balanced and
accessible international intellectual property (IP)
system, which rewards creativity, stimulates
innovation and contributes to economic
development while safeguarding the public
interest.
Member States direct the work of WIPO
Governing Bodies
The WIPO General Assembly members of WIPO and of Paris and/or Berne (impt function election of DG)
The WIPO Conference members of WIPO
The WIPO Coordination Committee members of Paris and Berne (propose DG and agree on D and higher
appointments)
In addition, The Assemblies of the member states of each of the Unions, (e.g. the PCT Union Assembly; the Madrid Union Assembly etc.) were
established by the respective WIPO-administered treaties.
Standing Committees established for a given purpose
Standing Committee on the Law of Patents (SCP).
Standing Committee on the Law of Trademarks, Industrial Designs and Geographical Indications (SCT).
Standing Committee on Copyright and Related Rights (SCCR).
Standing Committee on Information Technologies (SCIT).
When a SC determines that sufficient progress has been made in order to move towards treaty adoption, the GA can decide to convene a Diplomatic
Conference.
Permanent Committees
Committees of Experts to revise and update the classification systems.
Program and Budget Committee
Committee on Development and Intellectual Property (CDIP)
Intergovernmental Committee on Intellectual Property and Genetic Resources, Traditional Knowledge and Folklore (IGC).
Advisory Committee on Enforcement (ACE).
Promotion of IP through:
Norm setting - Preparing for new treaties and developing and
administering treaties that are in force
Registration activities
IP for development
Other Services
Registration activities
Alternative dispute Resolution mechanisms
Arbitration and mediation
Treaties - 24
IP Protection- internationally agreed basic
standards of protection (Paris, Berne)
Registration- one application to have effect in many
(PCT, Madrid, Hague)
Classification-organize information concerning
inventions, trademarks and industrial designs into
indexed, manageable structures for easy retrieval
(Locarno, Nice)
Development Agenda for WIPO
Adopted: September 2007 to emphasize use of IP for
development
Challenge: facilitate use by developing countries of IP for

economic, social, cultural development
45 agreed proposals (6 clusters of activities)

Technical Assistance and Capacity Building;
Norm-setting, Flexibilities, Public Policy and Public Knowledge;
Technology Transfer, Information and Communication Technology (ICT)
and Access to Knowledge;
Assessments, Evaluation and Impact Studies;
Institutional Matters including Mandate and Governance
Committee on Development and Intellectual Property

monitor, assess, discuss and report on implementation of
recommendations and discuss IP and development issues
Development Agenda Coordination Division
Ensure agreed outcomes reflected in relevant programs
IP for Development
Legal Framework
IP administration
Enforcement and IP education
National IP strategies - IP cross cutting
Users - creators, inventors and innovators,
businesses, public research institutions identify,
protect, exploit and manage their IP assets more
effectively.
WIPO Worldwide Academy
http://www.wipo.int/academy/en/
Provides training to promote use of IP for development in line
with evolving IP landscape
Intl, interdisciplinary approach to IP education
Face-to-face training/distance learning
Aims to promote international cooperation to enhance human IP
capital through global networking with stakeholders and partners
PROGRAMS:
Professional Development (IPOs)
Partnership Program (Universities, etc.)
Distance Learning Program (expanding portfolio of courses)
Executive Program (launch 2011)
Summer Schools Program
Internships at WIPO
Services
Registration Treaties
PCT
Madrid
Hague
Alternative dispute resolution
Arbitration and mediation Center
WIPO Provider of Premier Global IP
Services
Core income generating business areas:
Patent Cooperation Treaty (Patents)
Madrid System (Trademarks)
Hague System (Industrial Designs)
Lisbon System (Geographical Indications)
WIPO Arbitration and Mediation Center
Aim: to be the first choice for users by continuing to offer
cost-effective value-added services
PCT Statistics
180000
160000
140000
120000
100000
80000
60000
40000
20000
0
78 80 82 84 86 88 90 92 94 96 98 00 02 04 06 08
142 Contracting Parties

PCT: International Applications Received in 2009
(by country of origin)
50,000 -11.4%
45,000
a changing geography of
40,000
innovation
35,000
+3.6%
30,000
25,000
20,000 -11.2%
15,000
+2.1% +29.7%
10,000
5,000
0
US JP DE KR CN FR GB NL CH SE IT CA FI AU IL
International Trademark Registration: The Madrid System
Trademarks Number of
by right-holder right-holders
Right-holders 79.60%
(169,939)
1-2 marks
3-10 marks
135,273
28,553 16.80%
11-100 marks 5,788 3.41%
101-500 marks 295 0.17%
> 500 marks 30 0.02%
All 169,939 100.00%
> 500 marks

101-500 marks 5.74%
10.21% 1-2 marks
31.70%
Registrations
in force
(515,562)
11-100 marks
26.75% 3-10 marks
25.60%
85 Contracting Parties
WIPO Arbitration & Mediation Center
Alternative dispute resolution (ADR)
(http://arbiter.wipo.int)
I. Classical Arbitration & Mediation Services

II. Tailor-made dispute resolution procedures:
e.g.: UDRP - criteria:
- identical/confusingly similar
- legitimate interest
- bad faith
A cost-effective and expeditious procedure

WIPOs Main Sources of
Revenue
15%
1%2%
6%
Member States
PCT System
Madrid Sytem
Hague System
Other
76%
Budget 2010-2011: CHF 618 million

(decrease of 1.6% (9.8m) on 08-09)
Small and Medium-sized Enterprises
Division
World Intellectual Property Organization
Tamara Nanayakkara
Counsellor
SME SMEs,
Support creators
Institutions and users
of IP
Wealth Creation
website
newsletter
guides
IP Panorama
Studies
SMEs
90% of enterprises of any economy. The back bone of economic
development and growth
Few SMEs (high tech and start up) are technology developers (patents,
copyright)
Some are technology users (patent info)
Most are technology followers (TM, GI, Design etc)
IP system is relevant to all for their competitiveness. Exclusivity (IP
rights) and beyond (licensing, financing, partners, branding, franchising)
Obstacles
However, the IP system is an under-utilized tool
Limited awareness of the IP system and its relevance as
a strategic tool
High costs (filing, translation, drafting, maintain)
Complexity of IP system
Delays in obtaining IP rights
Lack of expertise to make use of the IP system
Success rate in getting IP rights (patents) low
Inability to monitor and enforce
Support Institutions
SME focal points in national governments;
Ministries, departments and other government-owned/funded agencies responsible for institutions or projects
such as science and technology parks, incubators, as well as ministries responsible for particular sectors such as
biotechnology, ICT, agriculture, higher education;
Chambers of commerce, and associations of industry and trade;
Intellectual property offices;
Banking and financing institutions;
Science and technology universities, Government funded R&D centres
Innovation, testing and demonstration centres,
Technology transfer, licensing, commercialization and management institutions;
Science and technology parks, incubators; ;
Small business consulting firms,
Universities or other institutions providing training in business, innovation management, technology management,
entrepreneurship, new product development etc
Associations of inventors, patent and/or trademark agents; Law firms;
IP management and consultancy firms etc
What Can Support Institutions do to Assist
Awareness raising and Training

Technological Information Services
Financial Assistance
Customized advisory services
Assistance on IP exploitation and commercialization
Diagnosis of IP needs of enterprises
IP Australia
IP tool box
IPR, its Commercialization, management and protection
Smart start
IP issues in starting or buying a business
IP and business strategies
Case studies
INPI France
A diagnosis of the current state of the company
regarding its needs in relation to industrial property
A prospective view based on an understanding of
the development prospects of the company and an
understanding of the competitive advantages
which can be created by industrial property;
Recommendations and avenues for action
Canadian IP Office
Publication- Stand out from your competitors,
make intellectual property your best ally.
Bank of speakers for events
IP toolkit, an information resources.
Trademark database tutorial
Success stories
Korean IP Office
Thirty one regional IP centers patent info services, consultations and

presentations.
50% fee reduction for SMEs for patent filing;
Patent management advisory service for universities and SMEs
R&D patent center customized consultations on patent strategies;
Consultations on branding strategies
Facilitated funding for SMEs with promising inventions
IP Mart - Patent technology market for potential licensors and licensees to
meet;
Cuban Industrial Property Office
(OCPI)
SME specific services include:

Diagnosis of the IP needs of the enterprise (IP Audit)
State-of-the Art searches
Training and advice
Proposals on the selection of marks
Marks and distinctive signs searches
Around 70 case studies of SMEs that have
succesfully used the IP system to enhance their
competitiveness
Easy to read, practical, business friendly
guides
Translations and/or adaptation projects
Countries are encouraged to translate and or adapt the
guides to their local language (s) and their laws and
procedures.
Over 20 countries have completed such translations and
adaptations. Around 20 more have signed agreements
and are in the process of completing.
Uruguay
Macedonia Algeria
mozambique
IP PANORAMA 12 Modules
Basic Modules Advanced Modules
1. Importance of IP for SMEs 6. Patent Information
2. Trademarks and Industrial 7. Technology Licensing in a
Designs Strategic Partnership
3. Invention and Patent 8. IP in the Digital Economy
4. Trade Secrets 9. IP and International Trade
5. Copyright and Related Rights 10. IP Audit
11. Valuation of IP Assets
12. Trademark Licensing
In Development
Franchising and IPRs

Free Access through Internet
Publicly available from the website of SMEs division
World Wide Promotion and Use
Translated into Thai, Hungarian and Arabic. Being translated into Russian, French and Polish.
Referred and used by various institutions world wide
No cost or royalty payment for use by not for profit institutions

Project on IP for SMEs
Identify barriers, issues, challenges and opportunities of SMEs.

De elop aterials ased o IP for Busi ess series a d IP PANORAMA ,
Undertake business-oriented IP education and training in teaching and training
institutions that support SMEs
Prioritize delivery of training - knowledge-intensive, high tech, export-oriented
sectors, especially those which are already part of global supply or value
chains/networks, or with SMEs that are in geographic clusters, or those linked to
research institutes, universities, or housed in incubators and science parks
As far as possible in implementing activities explore and develop synergies and
partnerships with similar projects, draw lessons from the experience of other
countries and use case studies.
Unit II
CYBER LAWS
BIBLIOGRAPHY
LAWS RELATING TO COMPUTER,INTERNET AND E-
COMMERCE.
BY:NANDAN KAMATH
LEGAL ASPECTS OF BUSINESS
BY:AKHILESHWAR PATHAK
COMPANY LAW
BY:KC GARG,VIJAY GUPTA,POONAM GUPTA AND R.C CHAWLA
www.google.com
www.altavista.com
CONTENTS
INTRODUCTION
NEED FOR CYBER LAWS
CYBER LAWS IN INDIA
CYBER CRIMES
OFFENCES AND LAWS IN CYBER SPACE
CYBER LAWS AMENDMENTS
CONCLUSION
INTRODUCTION
GROWTH OF CYBER
SPACE
ONSET OF INTERNET
CYBER LAW OR LAW

OF INTERNET
NEED FOR CYBER LAWS
TACKLING CYBER
CRIMES
INTELLECTUAL
PROPERTY RIGHTS AND
COPYRIGHTS
PROTECTION ACT
CYBER LAWS IN INDIA
ITACT PASSED IN 2000
INTERNET IN INDIA
IMPLEMENTATION OF
CYBER LAW
REASONS FOR DELAY IN
IMPLEMENTATION OF
CYBER LAWS IN INDIA
IT ACT PROVISIONS
email would now be a valid and legal form of
communication in our country that can be duly
produced and approved in a court of law.
Companies shall now be able to carry out electronic

commerce using the legal infrastructure provided by
the Act.
Digital signatures have been given legal validity and

sanction in the Act.
IT ACT PROVISIONS
The Act now allows Government to issue

notification on the web thus heralding e-
governance
statutory remedy in case if anyone breaks into

companies computer systems or network and
causes damages or copies data
CYBER CRIMES
CYBER CRIMES AGAINST
PERSONS
eg elissa a d love ug virus
PROPERTY
eg computer vandalism
GOVERNMENT
eg Al-Qaeda
CYBER CRIMES
CRIME THROUGH ORKUT
Koushambi ,24-year
old software
professional working
for TCS was brutally
killed by Manish
Thakur, in a hotel room
at Andheri.
INTERNET AND ITS EFFECT
20% - 30% of Internet
pornography consumption is by
children of ages 12 - 17.
MySpace is being used by

predators to meet and entice
kids online.
Specific marketing strategies are

being used to attract children to
porn sites.
OFFENCES AND LAWS IN CYBER SPACE
TAMPERING WITH
COMPUTER DOCUMENTS
HACKING WITH COMPUTER
SYSTEM
PUBLISHING OBSCENE
MATERIAL ON INTERNET
BREACHING OF
CONFIDENTIALITY AND
PRIVACY
CYBER LAWS AMENDMENTS
INDIAN PENAL CODE,1860
INDIAN EVIDENCE ACT,1872
BANKE S BOOK EVIDENCE ACT,1 1
GENERAL CLAUSES ACT,1897

CONCLUSION
CYBER LAWS_ ESSENTIAL FEATURE IN TODAYS
WORLD OF INTERNET
ACHIEVING GLOBAL PEACE AND HARMONY

THANK YOU
Rest is with pdf

QUERIES WELCOMED
INFORMATION TECHNOLOGY ACT
2000
AN OVERVIEW
PRESENTATION OVERVIEW
Need for the law
Legal issues regarding offer, Acceptance and
conclusion of contract
Issues of Digital Signature
Public Key infrastructure
Certifying Authorities.
Preamble of IT Act, 2000
An Act to provide Legal Recognition for E-Commerce
EDI transactions and Electronic communications
Use of alternatives to paper based methods of communication
and storage of information.
To facilitate electronic filing of documents with the
Government agencies.
And further to amend
Indian penal code
The Indian Evidence Act, 1872
The Bankers Books Evidence Act, 1891 & RBI Act 1934.
Components of the Act
Legal Recognition to Digital Signatures
Electronic Governance
Mode of Attribution, Acknowledgement and
Despatch of Electronic Records.
Secure Electronic Records.
Regulation of Certification Authorities.
Digital Certificates.
Components of the Act (Cont)
Duties of subscribers
Penalties and Adjudication
Offences
Protection to Network Service Providers in certain
situations.
Definitions terms defined in the
Act
Access
Addressee
Computer
Computer Resource
Data
Electronic Form
Information
Intermediary
Secure System
Asymmetric Cryptography
Digital Signature.
E-commerce
Simply put:
E-commerce refers to doing business and transactions over
electronic networks prominently the internet.
Obviates the need for physical presence
Two parties may never know, see or talk to each other but
still do business.
Has introduced the concept of electronic delivery of
products and services.
Unmanned round-the-clock enterprises Available always.
E-Com- Potential Problems
Security on Net-Confidentiality, Integrity and
Availability.
Cyber crimes-Hackers, Viruses
Technological Complexities
Lack of Information trail
Complex cross border Legal Issues
Desparate Regulatory Environment and Taxation
Policies.
Challenges
Protecting Information in Transit

Protecting Information in storage
Protecting Information in Process
Availability and Access to information
to those Authorised.
Concerns in E-Transactions
Confidentiality
Integrity
Availability
Confidentiality concerns
Eavesdropping
Wire Tapping
Active/Passive
E-mail snooping
Shoulder Surfing
Integrity Attacks
Data Diddling
Buffer Overflow
Used to insert malicious code
Channel violation
Spoofing
Availability Threats
Denial of Service (DDOS)
Ping of Death
SYN Flooding
Remote Shut Down
Tools and Techniques
Key Loggers
Password Crackers
Mobile Code
Trap Doors
Sniffers
Smurf (Ping tools)
Tools and Techniques
Viruses
Exe, Script, Datafile, Macro
Worms
Trojan Horse
Logic Bombs
Remote Access Trojans
Attacks on Cryptosystems
Cipher-text only attacks

Known plain text attacks
Brute Force Attacks
Man-in-middle attacks
Social Engineering
The best bet ever

Trickery and Deceit
Targeting Gullible victims
Most effective can penetrate the most
secure technologies
Parameters
Data Confidentiality
User Authentication
Data Origin Authentication
Data Integrity
Non Repudiation.
Legal Recognition of Digital Signature
All information in electronic form which requires
affixing of signature for legal recognition now
satisfies if authenticated by affixing digital
signature.
Applicability includes:
Forms, licences, permits, receipt/payment of
money.
DIGITAL
SIGNATURES.
How Digital Signature Works
XYZ wants to send a message relating to new Tender
to DOD.
XYZ computes message digest of the plain text using
a Hash Algorithm.
XYZ encrypts the message digest with his private key
yielding a digital signature for the message.
XYZ transmits the message and the digital signature
to DOD.
Digital Signatures (Cont)
When DOD receives the message, DOD computes the
message digest of the message relating to plain text,
using same hash functions.
DOD de r pts the digital sig ature ith XYZs pu li
key.
If the two values match, DOD is assured that:
a. The originator of the message is XYZ and no
other person.
b. Message contents have not been tampered
with.
Digital Signatures- How & Why
Integrity, Authentication and Non Repudiation
1. Achieved by use of Digital Signatures
2. If a message can be decrypted by using a particular
se ders pu li ke it a e safel presu ed that
the message was encrypted with that particular
se ders pri ate ke .
3. A message digest is generated by passing the
message through a one-way cryptographic
function-i.e it cannot be reversed.
Digital Signatures- How & Why
4. When combined with message digest,
encryption using private key allows users to
digitally sign a message.
5. When digest of the message is encrypted using
senders private key and is appended to the
original message,the result is known as Digital
Signature of the message.
6. Changing one character of the message changes
message digest in an unpredictable way.
7. Recipient can be sure that the message was not
changed after message digest was generated if
message digest remains unaltered.
Digital Signatures
Central Government is conferred with powers to
make rules in respect of Digital Signatures. Rules
would prescribe Type of Digital Signature, Manner
and form in which Digital Signature shall be affixed
and procedure for identifying the person affixing
the Digital Signature.
Enabling Principles of Electronic
Commerce
Legal Recognition of Electronic Record.
Legal requirement of Information to be in writing
shall be deemed to be satisfied if it is:
a. Rendered or made available in an electronic
form.
b. Accessible so as to be usable for subsequent
reference.
RETENTION OF ELECTRONIC RECORDS.
Requirements of law as regards retention of

records met even if in electronic form and if the:
Information therein is accessible and usable.
In original format or ensure accuracy
Details as to Origin, Destination, Date and Time of
Dispatch and Receipt of Electronic records are
maintained.
Applicability of the Act
Does not apply to:
Negotiable Instrument Act
Power of Attorney Act
Trusts
Will
Contract for sale/conveyance of immovable property.
Any other transactions that may be notified.
Public Key Infrastructure
CERTIFYING AUTHORITIES
CA is a person who has been granted a license to
issue Digital Signature Certificate by the Controller.
CA are licensed by the Controller on satisfaction of
certain conditions and an approved Certification
Practice Statement.
CERTIFICATION PRACTICE STATEMENT
CAs shall generate and manage Digital Certificates

and signatures in accordance with approved CPS.
The controller shall issue a guide for preparation of
Certification Practice Statement and any changes
require approval.
KEY MANAGEMENT
Cryptographic keys provide the basis for the
functioning of Digital certificate and Authentication
of Digital Signatures.
Keys must be adequately secured at every stage.
Key generation, distribution, storage, usage,
backup, Archival
CAs should take necessary precautions to prevent
loss,disclosure,modification or unauthorised use.
CA should use trustworthy Hardware, Software and
encryption techniques approved by the controller
for all operations requiring use of private key.
Information Technology Security
Procedure and Guideline
Rules prescribe
Physical and operational security
Information Management
Systems Integrity, risks and integrity controls
Audit trail and verifications
Data centre operations security
Change Management Guidelines.
Offences
Without permission
Accesses or secures access to computer, computer
system or computer network
Downloads,copies or extracts any data, computer
data base or information from such computer
resource.
Introduces or causes to be introduced any
computer containment or computer virus into any
computer resources
Damages or causes to be damaged any computer
resource.
Offences Under the Act
Tampering with Computer Source Documents
Hacking with computer System
Publishing of information which is obscene in
Electronic form.
Who is liable
Every person who,
At the time of contravention was committed
Was in charge of, and was responsible to, the
company for the conduct of business.
Shall be guilty of the contravention and shall be
liable to be proceeded against and punished.
Penalties
Upto Rupees Two lakh with Imprisonment.
Upto rupees one crore in case of impersonation
and masquerading crimes involving Legal bodies-
Adjudicating officer,The Cyber Regulations
Appellate Tribunal.
Unit III
3/31/2015 Ravi Sandhu 202

Cyber Forensics
The Fascinating World of Digital Evidence
203
Introduction
204
Caveat
This lecture is designed to provide an introduction
to this field from both a theoretical and practical
perspective.
Digital forensics is a maturing scientific field with
many sub-disciplines.
205
Computer Forensics
Fundamentals
Computer Forensics
Military Law Enforcement Private Sector
Standards & Guidelines
Investigation Rules of Evidence Presentation
Criminal Civil
Acquisition FRYE Federal Rules of Civil Procedure Expert Witness
Analysis FRE 702 Sedona Friend of the Court
Examination Daubert/Kumho Rowe Technical Expert
Report
206
Digital Forensic Science
Digital Forensic Science (DFS):
The use of scientifically derived and proven methods toward

the preservation, collection, validation, identification, analysis,
interpretation, documentation and presentation of digital
evidence derived from digital sources for the purpose of
facilitating or furthering the reconstruction of events found to
be criminal, or helping to anticipate unauthorized actions
shown to be disruptive to planned operations.
Source: (2001). Digital Forensic Research Workshop (DFRWS)
207
Communities
There at least 3 distinct communities within
Digital Forensics
Law Enforcement
Military
Business & Industry
Possibly a 4th Academia
208
Digital Forensic Science
209
Community Objectives
210
Cyber Forensics
Includes:
Networks (Network Forensics)
Small Scale Digital Devices
Storage Media (Computer forensics)
Code Analysis
211
Cyber Forensics
The scientific examination and analysis of
digital evidence in such a way that the
information can be used as evidence in a court
of law.
212
Cyber Forensic Activities
Cyber forensics activities commonly include:

the secure collection of computer data
the identification of suspect data
the examination of suspect data to determine
details such as origin and content
the presentation of computer-based information
to courts of law
the application of a country's laws to computer
practice.
213
The 3 As
The basic methodology consists of the 3

As:
Acquire the evidence without altering or
damaging the original
Authenticate the image
Analyze the data without modifying it
214
Context of Cyber Forensics
Homeland Security
Information Security
Corporate Espionage
White Collar Crime
Digital Forensics
Child Pornography
Traditional Crime Cyber Forensics
Incident Response
Employee Monitoring
Privacy Issues
????
215
1970s
Cyber Crime
Legislation
1980s
LE Investigative
Units
International LE
A Brief Timeline
1990s
Meeting
1st International
Conference on
CE
IOCE Formed
IOCE &
SWGDE
2000
RCFL in USA
COE
2001
Convention on
Cyber Crime
DFRWS
2003
ASCLD/LAB-DE
USA
ISO 17025
Journals
Conferences
2008
AAFS
Subsection?
Crime Scenes
Physical Crime Scenes vs. Cyber/Digital Crime
Scenes
Overlapping principals
The basics of criminalistics are constant across
both physical and cyber/digital
Lo ards Pri iple applies
Whe a perso o its a ri e so ethi g is al a s
left at the scene of the crime that was not present when
the perso arri ed
217
Digital Crime Scene
Digital Evidence
Digital data that establish that a crime has been
committed, can provide a link between a crime and its
victim, or can provide a link between a crime and the
perpetrator (Carrier & Spafford, 2003)
Digital Crime Scene
The electronic environment where digital evidence can
potentially exist (Rogers, 2005)
Primary & Secondary Digital Scene(s) as well
218
Forensic Principles
Digital/ Electronic evidence is extremely volatile!
Once the evidence is contaminated it cannot be de-
contaminated!
The courts acceptance is based on the best evidence
principle
With computer data, printouts or other output readable by
sight, and bit stream copies adhere to this principle.
Chain of Custody is crucial
219
Cyber Forensic Principles
The 6 Principles are:
1. When dealing with digital evidence, all of the general forensic and
procedural principles must be applied.
2. Upon seizing digital evidence, actions taken should not change that
evidence.
3. When it is necessary for a person to access original digital evidence, that
person should be trained for the purpose.
4. All activity relating to the seizure, access, storage or transfer of digital
evidence must be fully documented, preserved and available for review.
5. An Individual is responsible for all actions taken with respect to digital
evidence whilst the digital evidence is in their possession.
6. Any agency, which is responsible for seizing, accessing, storing or
transferring digital evidence is responsible for compliance with these
principles.
220
Process/Phases
Identification
Collection
Bag & Tag
Preservation
Examination
Analysis
Presentation/Report
221
Identification
The first step is identifying evidence
and potential containers of evidence
More difficult than it sounds
Small scale devices
Non-traditional storage media
Multiple possible crime scenes
222
Devices Identification
223
Identification
Context of the investigation is very
important
Do not operate in a vacuum!
Do not overlook non-electronic
sources of evidence
Manuals, papers, printouts, etc.
224
Collection
Care must be taken to minimize
contamination
Collect or seize the system(s)
Create forensic image
Live or Static?
Do you own the system
What does your policy say?
225
226
Collection: Documentation
227
Take detailed photos and notes of the computer / monitor
If the o puter is o , take photos of hat is displa ed o the o itor DO
NOT ALTER THE SCENE
228
Make sure to take photos and notes of all
connections to the computer/other devices
229
Collection: Imaging
Rule of Thu : ake opies a d do t ork
from the original (if possible)
A file copy does not recover all data areas of the
device for examination
Working from a duplicate image
Preserves the original evidence
Prevents inadvertent alteration of original evidence
during examination
Allows recreation of the duplicate image if necessary
230
Collection: Imaging
Digital evidence can be duplicated with no
degradation from copy to copy
This is not the case with most other forms of evidence
231
Collection: Imaging
Write blockers
Software
Hardware
Hardware write blockers are becoming the industry standard
USB, SATA, IDE, SCSI, SIM, Memory Cards
Not BIOS dependent
But still verify prior to usage!
232
Collection: Imaging
Forensic Copies (Bitstream)
Bit for Bit copying captures all the data on the copied
media including hidden and residual data (e.g., slack space,
swap, residue, unused space, deleted files etc.)
Ofte the s oki g gu is fou d i the residual data.
Imaging from a disk (drive) to a file is becoming the
norm
Multiple cases stored on same media
No risk of data leakage from underlying media
Remember avoid working for original
Use a write blocker even when examining a copy!
233
Imaging: Authenticity & Integrity
How do we demonstrate that the image is a true unaltered copy of
the original?
-Hashing (MD5, SHA 256)
A mathematical algorithm that produces a unique value (128 Bit, 512
Bit)
Can be performed on various types of data (files, partitions, physical drive)
The value can be used to demonstrate the integrity of your data
Changes made to data will result in a different value
The same process can be used to demonstrate the image has not
changed from time-1 to time-n
234
Examination
Higher level look at the file system representation of the data on
the media
Verify integrity of image
MD5, SHA1 etc.
Recover deleted files & folders
Determine keyword list
What are you searching for
Determine time lines
What is the timezone setting of the suspect system
What time frame is of importance
Graphical representation is very useful
235
Examine directory
tree
Examination
What looks out of place
Stego tools installed Search for relevant
Evidence Scrubbers evidence types
Perform keyword Hash sets can be useful
searches Graphics
Indexed
Slack & unallocated Spreadsheets
space Hacking tools
Etc.
Look for the obvious

first
When is enough
enough??
236
Issues
lack of certification for tools
Lack of standards
lack of certification for professionals
lack of understanding by Judiciary
lack of curriculum accreditation
Rapid changes in technology!
Immature Scientific Discipline
237
Careers
One of the fastest
growing job
markets!
238
Paths to Careers in CF
Certifications
Associate Degree
Bachelor Degree
Post Grad Certificate
Masters
Doctorate
239
Job Functions
CF Technician
CF Investigator
CF Analyst/Examiner (lab)
CF Lab Director
CF Scientist
240
Professional Opportunities
Law Enforcement
Private Sector
Intelligence Community
Military
Academia
241
Summary
Cyber Forensics is a maturing forensic Science
AAFS new section Feb 2008
Excellent career opportunities
Proper education & training is paramount!
242
QUestions???
243
Contact Information
cyberforensics@mac.com
http://www.cyberforensics.purdue.edu
765-494-2561
244
Unit V
3/31/2015 Ravi Sandhu 245

Ethical issues and data protection
Ethical issues concerned with personal information
ownership have been usefully summarized by Mason
(1986) into four areas:
1. Privacy what information is held about the individual?
2. Accuracy is it correct?
3. Property who owns it and how can ownership be
transferred?
4. Accessibility who is allowed to access this information,
and under which conditions?
Ethics Flet hers ie
Fletcher (2001) provides an alternative perspective,
raising these issues of concern for both the
individual and the marketer:
1.Transparency who is collecting what information?
2.Security how is information protected once
collected by a company?
3.Liability who is responsible if data is abused?
The eight principles for data protection
Fairly and lawfully processed;
Processed for limited purposes;
Adequate, relevant and not excessive;
Accurate;
Not kept longer than necessary;
Processed in accordance with the data subject's rights;
Secure;
Not transferred to countries without adequate
protection.
www.dataprotection.gov.uk
Information flows that need to be understood for compliance with data
Figure 4.7
protection legislation
Legal Sparrows eight areas
1. Marketing your e-commerce business
2. Forming an electronic contract
3. Making and accepting payment
4. Authenticating contracts concluded over the
Internet
5. E-mail risks
6. Protecting Intellectual Property
7. Advertising on the Internet
8. Data protection.
Major issues
General Ethical Issues
Categories of Public Policy and Politcal Issues
Privacy
Intellectual Property Rights
Free Speech
Taxation
Copyright 2004 Pearson

Education, Inc.
Understanding Ethical, Social, and Political: Models and Frameworks
Internet technology and its use in e-commerce disrupts existing social
and business relationships and understandings: Many categories of
laws have been re-written to deal with new technology. These include
how to manage the Telecommunications Industry. Other areas talked
about here are on Intellectual Property.
While the legal system is one means of protecting rights, new
technologies bring new costs and benefits structures of industries. For
example, it is easier to access the content of books for example. Using
technology to protect rights must also be carefully considered,
especially when there are as yet no clear-cut legal or cultural
guidelines.

Education, Inc.
A Model for Organizing the Issues
Issues raised by Internet and e-commerce can be viewed at
individual, social and political levels
Four major categories of issues
Information rights: What rights do individuals have to
control their own personal information when Internet
technologies make information collection so pervasive and
efficient
Property rights: How can traditional intellectual property
rights be enforced when perfect copies of protected works
can be easily made and distributed
Governance: Should the Internet and e-commerce be
subject to public laws, and if so, who has jurisdiction
Public safety and welfare
Education, Inc.
Moral Dimensions of an Internet Society
Figure 9.1, Page 498

Slide 9-254
Education, Inc.
Basic Ethical Concepts
Ethics: Study of principles that individuals and organizations
can use to determine right and wrong courses of action
Responsibility: As free moral agents, individuals, organizations
and societies are responsible for the actions they take
Accountability: Individuals, organizations and societies should
be held accountable to others for the consequences of their
actions
Liability: Extends the concepts of responsibility and
accountability to area of law
Due process: Refers to process by which laws are known and
understood, with ability to appeal to higher authorities to
ensure that laws have been correctly applied

Education, Inc.
Analyzing Ethical Dilemmas
Dilemma: Situation in which there are at least two

diametrically opposed actions, each of which supports a
desirable outcome
Process for analyzing ethical dilemmas:
1. Identify and describe clearly the facts
2. Define the conflict or dilemma and identify the higher-
order values involved
3. Identify the stakeholders
4. Identify the options that you can reasonably take
5. Identify the potential consequences of your options

Education, Inc.
E-commerce and Privacy
Major ethical issue related to e-commerce and

privacy: Under what conditions should we
invade privacy of others
Major social issue: Development of
e pe tatio s of pri a a d pri a or s
Major political issue: Development of statutes
that govern relations between recordkeepers
and individuals

Education, Inc.
The Concept of Privacy
Privacy: The moral right of individuals to be left

alone, free from surveillance or interference
from other individuals or organizations
Information privacy: Includes both the claim
that certain information should not be collected
at all, as well as the claim of individuals to
control the use of whatever information is
collected about them

Education, Inc.
Information Collected at E-commerce Sites
Personally identifiable information (PII): Data that
can be used to identify, locate or contact an
individual
Anonymous information: Demographic and
behavioral information that does not include any
personal identifiers
Almost all e-commerce companies collect PII and
use cookies to track clickstream behavior

Education, Inc.
Personal Information Collected
by E-Commerce Sites
Table 9.2, Page 505

Slide 9-260
Education, Inc.
The I ter ets Major Perso all Ide tifia le I for atio Gatheri g
Tools
Table 9.3, Page 505

Slide 9-261
Education, Inc.
Profiling: Privacy and Advertising Networks
Profiling: Creation of digital images that characterize online
individual and group behavior
Anonymous profiles: Identify people as belonging to highly
specific and targeted groups
Personal profiles: Add personal identifiers
Advertising networks can:
Track both consumer behavior and browsing behavior on
the Web
Dynamically adjust what the user sees on screen
Build and refresh high-resolution data images or
behavior profiles of consumers

Education, Inc.
Informed Consent
Consent given with knowledge of all the material facts
needed to make a rational decision
Two models:
Opt-in: Requires an affirmative action by the consumer
to allow collection and use of information
Opt-out: Default is to collect information unless
consumer takes an affirmative action to prevent the
collection of data
Many U.S. e-commerce firms merely publish information
practices as part of privacy policy without providing for any
form of informed consent
Mi rosofts .Net Passport pri a poli illustrates so e of
difficulties of understanding privacy policies and risks

Education, Inc.
E erpts fro Mi rosofts .NET Passports Pri a Poli ies
Table 9.4, Page 511

Slide 9-264
Education, Inc.
ears s. Yahoos Opt-In/Opt-Out Privacy Policy
Table 9.5, Page 513

Slide 9-265
Education, Inc.
Legal Protections for Privacy
May be explicitly granted or derived from

constitutions (U.S., Canada, Germany)
May also be found in common law (U.S,
England)
In U.S, also found in federal and state laws and
regulations

Education, Inc.
Statutory and Regulatory Protections of Online Privacy
In U.S., Federal Trade Commission has taken lead in

conducting research and recommending legislation to
Congress
FTC Fair Information Practice Principles (1998):
Notice/Awareness (Core)
Choice/Consent (Core)
Access/Participation
Security
Enforcement

Education, Inc.
FTCs Fair I for atio Pra ti e Pri iples
Table 9.7, Page 515

Slide 9-268
Education, Inc.
FTC Recommendations Regarding Online Profiling
Table 9.8, Page 516

Slide 9-269
Education, Inc.
Privacy
US Federal privacy (and privacy-affecting) laws include:
Federal Trade Commission Act (1914)
Fair Credit Reporting Act (1970)
Privacy Act (1974)
Freedom of Information Act (1974)
Family Educational Rights and Privacy Act (1974)
Foreign Intelligence Surveillance Act (1978)
Right to Financial Privacy Act (1978)
Privacy Protection Act (1980)
Cable Communications Policy Act (1984)
Electronic Communications Privacy Act (1986)
Video Privacy Protection Act (1988)
Employee Polygraph Protection Act (1988)
Telephone Consumer Protection Act (1991)
Driver's Privacy Protection Act (1994)
Health Insurance Portability and Accountability Act (1996)
Telecommunications Act (1996)
Children's Online Privacy Protection Act (1998)
Financial Modernization Services Act (1999)
USA Patriot Act (2001)
Education, Inc.
Example 1: Health Insurance Portability and Accountability Act
of 1996 (HIPAA)
HIPAA is the federal law that establishes standards for the privacy and security of
health information, as well as standards for electronic data interchange (EDI) of
health information.
HIPAA has two main goals, as its name implies:
making health insurance more portable when persons change employers, and
making the health care system more accountable for costs -- trying especially
to reduce waste and fraud.
HIPAA as implemented has four health information standards, and four associated
sets of regulations or "rules":
standardized formats for all computer-to-computer information exchanges
(the "transaction standard");
standardized "identifiers" for health providers, health plans and (maybe)
patients;
information system security standards; and
privacy standards.

Education, Inc.
Example 2: USA Patriot Act (USAPA)
The Uniting and Strengthening America by Providing Appropriate Tools

Required to Intercept and Obstruct Terrorism Act (Public Law 107-56) is
usually referenced by its short name, USA Patriot Act. Or, just as USAPA.
Passed shortly after the events of Sept. 11, USAPA is best labelled as anti-
privacy law; it restricts, reduces or eliminates the protections of many
federal privacy laws. Whether it does so appropriately or excessively is, to
put it mildly, a matter of some controversy.
See also:
Electronic Privacy Information Center, USAPA information
Electronic Frontier Foundation, Analysis of USAPA
Slate/Lithwick analyis of USAPA -- part 1, part 2, part 3 and part 4

Education, Inc.
Private Industry Self-Regulation
Safe harbor: Private, self-regulating policy and enforcement

mechanism that meets objectives of government
regulations and legislation, but does not involve
government regulation or enforcement
Example: Privacy seal programs such as TRUSTe Internet
privacy protection program
Industry associations include:
Online Privacy Alliance
Network Advertising Initiative

Education, Inc.
u ar of Dou le li ks Pri a Poli
Table 9.10, Page 519

Slide 9-274
Education, Inc.
Privacy Advocacy Groups

Slide 9-275
Education, Inc.
Technological Solutions totechnologies
Many privacy-enhancing Privacy Invasion
beingondeveloped
the Web
emphasize security
Platform for Privacy Preferences (P3P): Comprehensive
technological privacy protection effort sponsored by W3C
Is a standard designed to communicate to Internet users a
We sites pri a poli , a d to o pare that poli agai st
users prefere es or to other sta dards su h as FTCs FIP
guideli es or EUs Data Prote tio Dire ti e

Education, Inc.
Technological Protections for Online Privacy

Slide 9-277
Education, Inc.
IE . s I ple e tatio of P P
Figure 9.3(B), Page 525

Slide 9-278
Education, Inc.
Case: The Privacy Tug of War
Some technologies being used to invade privacy:
Experian.com, ThinkDirectMarekting.com provide names and
addresses of visitors to Web sites in real time
TIAN: monitors online behavior of visitors from 16 different
perspectives
Some technologies being used to protect privacy:
iPrivacy.com provides proxy server to anonymize consumer
Persona, McAfee: programs that allow user to control and
manage cookies
PGP 8.0: uses encryption to protect e-mail

Education, Inc.
Intellectual Property Rights
Intellectual property: Encompasses all tangible and
intangible products of human mind
Major ethical issue: How should we treat property that
belongs to others
Major social issue: Is there continued value in protecting
intellectual property in the Internet age?
Major political issue: If, and if so, how, should Internet and
e-commerce be regulated/governed to protect intellectual
property
Main types of intellectual property protection:
Copyright
Patent
Trademark law
Education, Inc.
Intellectual Property Rights Policy
Copyrights protects forms of expression
Patents protects ideas behind invention
Trademarks protects against dilution of the
mark, blurring or tarnishing meaning.
Digital Media rights:
http://cit.cornell.edu/oit/ucpl/DigMedia_1006041.p
pt (by John Palfrey)
http://cit.cornell.edu/oit/ucpl/Palfrey2.ram (video
by John Palfrey)

Education, Inc.
Copyright
What is a Copyright?
Copyright is a protection that covers published and unpublished literary,
scientific and artistic works, whatever the form of expression, provided
such works are fixed in a tangible or material form. This means that if
you can see it, hear it and/or touch it - it may be protected. If it is an
essay, if it is a play, if it is a song, if it is a funky original dance move, if it
is a photograph, HTML coding or a computer graphic that can be set on
paper, recorded on tape or saved to a hard drive, it may be protected.
Copyright laws grant the creator the exclusive right to reproduce,
prepare derivative works, distribute, perform and display the work
publicly. Exclusive means only the creator of such work, not anybody
who has access to it and decides to grab it.
http://www.whatiscopyright.org/

Education, Inc.
What is Copyright protection?
Copyright protection begins when any of the above described work is actually created and
fixed in a tangible form.
For example, my brother is a musician and he lives in the United States. When he writes new
lyrics, he prints them out on paper, signs his name at the bottom with the Copyright
symbol to show that he is the author, places it in an envelope and mails it to himself without
opening it. His copyright begins at the moment he puts his idea in a tangible form by printing
the lyrics out on paper. He creates proof when he mails it to himself - the postmark
establishes the date of creation. He then registers his copyright with the U.S. Copyright Office
which is a requirement in order to sue for monetary damages should a violation of his
copyright arise. However, if somebody copies and redistributes his lyrics without permission
before his copyright is registered, he still has the right to assert a copyright claim as the true
author.
The above applies to digital art and graphics. Open a gif, jpg or png file that you created and
look at the properties. It states the date that you saved it to your hard drive as the date of
creation. If somebody copies a graphic from your web site I assure you that the date of
creation on your copy of the file is earlier than the copy taken off your web site. If that still
doesn't feel like enough proof for you, save everything to a floppy disk and mail it to yourself
via certified mail. Keep the envelope sealed, wrap it in protective plastic and put it in a safe
place.

Education, Inc.
Copyright protection how long?
The Berne Convention establishes a general and minimum
period that lasts the life of the author and fifty years after
his (or her) death. Cinematographic works and
photographic works have a minimum period of protection
of 50 and 25 years upon the date of creation, respectively.
This applies to any country that has signed the Berne
Convention, and these are just the minimum periods of
protection. A member country is entitled to establish
greater periods of protection, but never less than what has
been established by the Berne Convention.

Education, Inc.
Copyright: The Problem of Perfect Copies and Encryption
Copyright law: Protects original forms of expression (but not
ideas) from being copied by others for a period of time
Look and feel copyright infringement lawsuits involve
distinction between an idea and its expression
Fair use doctrine: Under certain circumstances, permits use of
copyrighted materials without permission
Digital Millennium Copyright Act of 1998 (DMCA): First major
effort to adjust copyright laws to Internet age
DMCA implements WIPO treaty that makes it illegal to make,
distribute, or use devices that circumvent technology-based
protections of copyrighted materials

Education, Inc.
The Digital Millennium Copyright Act

Slide 9-286
Education, Inc.
Patent
A patent is a set of exclusive rights granted by a state to a
person for a fixed period of time in exchange for the
regulated, public disclosure of certain details of a device,
method, process or composition of matter (substance)
(known as an invention) which is new, inventive, and useful
or industrially applicable.
Source: http://en.wikipedia.org/wiki/Patent
Term 20 years.

Education, Inc.
Patents: Business Methods and Processes
Patent: Grants owner a 20-year exclusive monopoly on
ideas behind an invention
Most of early inventions that made Internet and e-
commerce possible were not patented by their inventors
With commercial development of Internet, came desire for
patents
Business methods patents have been widely sought by
Internet and e-commerce companies
Many business methods Internet patents granted are
overbroad, and if enforced, would significantly impact e-
commerce

Education, Inc.
Explosion in Internet and E-Commerce Patents
Figure 9.4, Page 535

Slide 9-289
Education, Inc.
Selected E-Commerce Business Methods Patents

Slide 9-290
Education, Inc.
World Intellectual Property Organization (WIPO) 183 member states
WIPO-Administered Treaties- The links below provide detailed information
on all 23 treaties administered by WIPO and the WIPO Convention.
Global Protection Classification
IP Protection System
- Berne Convention - Budapest Treaty - Locarno Agreement

- Brussels Convention - Hague Agreement - Nice Agreement
- Film Register Treaty - Lisbon Agreement - Strasbourg Agreement
- Madrid Agreement (Source) - Madrid Agreement (Marks) - Vienna Agreement
- Nairobi Treaty - Madrid Protocol
- Paris Convention - PCT
- Patent Law Treaty
- Phonograms Convention
- Rome Convention
- Trademark Law Treaty
- Washington Treaty
- WCT
- WPPT

Education, Inc.
Issues in Intellectual Property Rights
Fear from film/music industry of one copy getting out. (600M people use
Internet)
Disobediance by all people, society wide.
Law is complicated (like online privacy). Hard to coordinate enforcing rights
and policies across boarders. (But possible: Dow Jones vs. Gutnik, editors defamation case took up in
Australia. A business cannot ignore a case from a big market.)
Law (Copyright Law, Dig.Mill.Copy.Act) does not impact as much as Digital
Rights Management (DRM) technology (temporary access). The architecture
of the technology. 36 state laws (anti-spam) hassel for small business
marketing. Can Spam Act 2003 wiped out the 36 state laws, preempted
them. Says header info must be accurate, must give receiver the right to op-
out of email.
Other ways: Markets (market power), Social norms (what is accepted).

Education, Inc.
Digital Copyright
Napster (1999) easy to copy MP3 on P2P networks. Lawsuits arise. Courts
shutdown the technology itself. Then other technologies are developed that
get rid of the central server.
Video industry is next (but the files are bigger). Broadcasters worry about
techologies that let you replay the broadcast content and skip commercials).
ITunes contract law you agree to terms, can sign away your Fair Use rights.
Do you read click-through agreements? (EU says you must be able to save
the click-through agreements.) They are not negotiable, take-it or leave-it.
(99c song, or airline ticket).
First Sale doctrine does not hold online. In physical world you no longer have
the copy if you give it to another.
Fair Use allowable copies (?) EU more consumer rights than in US.

Education, Inc.
On Oct.12, 1998, the U.S. Congress passed it. Oct. 28th, President Clinton signed the
Act into law.
The Act is designed to implement the treaties signed in December 1996 at the World
Intellectual Property Organization (WIPO) Geneva conference, but also contains
additional provisions addressing related matters.
Highlights Generally:
Makes it a crime to circumvent anti-piracy measures built into most commercial
software.
Outlaws the manufacture, sale, or distribution of code-cracking devices used to
illegally copy software.
Does permit the cracking of copyright protection devices, however, to conduct
encryption research, assess product interoperability, and test computer security
systems.
Provides exemptions from anti-circumvention provisions for nonprofit libraries,
archives, and educational institutions under certain circumstances.
In general, limits Internet service providers from copyright infringement liability for
simply transmitting information over the Internet. (carriers not content providers)
Service providers, however, are expected to remove material from users' web sites
that appears to constitute copyright infringement.

Education, Inc.
Limits liability of nonprofit institutions of higher education -- when they serve as
online service providers and under certain circumstances -- for copyright
infringement by faculty members or graduate students.
Requires that "webcasters" pay licensing fees to record companies.
Requires that the Register of Copyrights, after consultation with relevant parties,
submit to Congress recommendations regarding how to promote distance
education through digital technologies while "maintaining an appropriate balance
between the rights of copyright owners and the needs of users."
States explicitly that "[n]othing in this section shall affect rights, remedies,
limitations, or defenses to copyright infringement, including fair use..."
Full Text of the Digital Millennium Copyright Act
The WIPO Copyright Treaty - Geneva - December 2-20, 1996
Copyright Laws are accepted internationally through treaties.

Education, Inc.
Warez Hackers End Up in the Slammer
Super uploaders enable the sharing of copyrighted movies, music and
software.
David Fish, Cgirayu Patel, Willam Veyna, and Nathaniel Lovell, had
been arrested on felony charges and jailed for violating federal
copyright laws including: Digital Millennium Copyright Act of 1998
(DCMA) and the No Electronic Theft Act (Net Act) of 1997. They may
face 5 years in prison.
They were involved in large scale (more than 10 copies, even without
profit motive) distribution and copying of copyrighted materials.
Organized uploaders of digital works involve an entire supply chain of
actors: suppliers, crackers, cammers, and couriers.
Legally it costs more to go after the individual downloaders than to go
after the organized uploaders.

Education, Inc.
Trademarks: Online Infringement and Dilution
Trademark: Mark used to identify and distinguish goods, and
indicate their source
Trademarks protect public by ensuring it gets what it pays
for/expects to receive; protects trademark owner against piracy
and misappropriation
Infringement: Use of a trademark that creates confusion with
existing marks, causes consumers to make market mistakes or
misrepresents origins of goods
Anticybersquatting Consumer Protection Act (ACPA): Creates
civil liabilities for anyone who attempts in bad faith to profit
from an existing famous or distinctive trademark by registering
an Internet domain name that is identical or confusingly similar

Education, Inc.
Types of Trademark Abuse on Internet
Cybersquatting: Registration of infringing domain name, or other
Internet use, of existing trademark, for purpose of extorting
payments from legitimate owners
Cyberpiracy: Involves same behavior as cybersquatting, but with
intent of diverting traffic from legitimate site to infringing site
Metataggi g: Usi g a others trade arks as etatags i a
misleading or confusing manner
Ke ordi g: Usi g a others trade arks as ke ords o sear h
engines in a misleading or confusing manner
Deep li ki g: B passi g target sites ho e page a d goi g dire tl
to content page
Framing: Displaying content of another site within frame or
window
Education, Inc.
Internet and Trademark Law Examples

Slide 9-299
Education, Inc.
Free Speech, Spam and Fraud
http://cit.cornell.edu/oit/ucpl/Cyberspace_1006
041.ppt (John Palfrey, fromHarvard Law School.,
2004)
http://cit.cornell.edu/oit/ucpl/Palfrey1.ram
(John Palfrey lecture on Law in Cyberspace.)
Student study on Spam at HSM

Education, Inc.
Technology against spam
Filtering (client side)
Challenge and response (must prove you are who you say
you are). (White list who is in your mail book. Must know
them first.)
Blacklisting (on ISP servers) List of bad spammers or relays.
Universities subscribe. Get listed, for days cannot send and
receive email. Problem, HSM gets listed often.
IETF system tried to develop an authentication system on
Internet, but gave up.
(Ne t Le tureTa atio a d e-Government.)

Education, Inc.

Cyber Law and Forensic

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Cyber Law and Forensic

Transféré par

Droits d'auteur :

Formats disponibles

Cyber Law and Forensic

1% of the attacks are difficult and expensive to defend or detect

A serious threat to be taken seriously

NATIONAL AND CORPORATE SECURITY

INTEGRITY USAGE AVAILABILITY

Innovation will continue

OLD: Cyberspace is a supporting infrastructure

OLD: Its all defe se, o atta k a k or pree pti e atta k

OLD: Defend the entire network to the same degree

OLD: Blame and harass the end user

OLD: Defe d agai st esterda s atta ks

data in electronic form attached to, or logically connected with, other

What different things can you think of that might

an electronic signature that is:

Data origin authentication of the signer

True digital signature Public key encryption

Anyone can verify that a Only the holder of some secret

1. Condenses arbitrary long inputs into a fixed

Consider the following two mathematical functions and explain whether

Multiplying two prime numbers together

Reducing a number modulo n

Password storage: hash-functions are sometimes used to store highly confidential

Cryptographic protocols: hash-functions are often used within cryptographic

Hash-functions can be used as components from which to construct other

Is a MAC a hash function?

Although we only describe in detail how to implement digital signatures

Suppose that you receive a digitally signed message that

There are two reasons why a message is hashed before it is signed

What are they?

You cannot obtain a public key cipher system by swapping

The reason is that good key management follows a principle known

signature Signature Verification verification

Persuade others that so eo e else s pu li

Because a hash is shorter than the message, collisions are inevitable

How long does a hash have to be before finding collisions is hard?

What is the probability that:

1000 requests for 200 1000 request for 8000

Digital signatures are in some senses a complimentary

Whoever invents or discovers any new

Whoever invents any new, original, and

Life of utility patent - 17 years from date

35 USC Section 101

Whats a Har ard Mouse?

Whats a ethod of doi g usi ess ith a

Trade & Service

There is no requirement for novelty or uniqueness

Must originate with author.

Participants are able to leverage Resources:

Paris Union 1883

International Bureau combined 1893

WIPO Convention 1967

UN Specialized Agency 1974

184 Member States (as of end of

Status: An intl intergovernmental organization

Challenge: facilitate use by developing countries of IP for

45 agreed proposals (6 clusters of activities)

Committee on Development and Intellectual Property

142 Contracting Parties

All 169,939 100.00%

> 500 marks

I. Classical Arbitration & Mediation Services

A cost-effective and expeditious procedure

Budget 2010-2011: CHF 618 million

Awareness raising and Training