Security

CIA Model Confidentiality means private data can be kept private Integrity means messages cannot be changed (without detection) Availability means resources can be kept available against a determined attacker Security analysis often assumes all communications can be seen by an attacker and all methods are open. Risk Analysis must be done to balance the costs of security with the costs of a failure in security, Not related to Central Intelligence Agency. Just the tip of the iceberg -- consider a setup where a general is either going to send an “Stay vigilant” (do nothing message) or a battle plan, with a map, etc. -- the message can be perfectly unbreakable (confidential), unmodifiable (integrity), and unblockable (available) -- an attacker can still infer just from the size alone critical informaton. Security analysis is deep and requires thinking through many (infinite?) possibilities. As an aside, what’s the fix?

Authentication Authentication is a process that validates a user or device is who they claim to be Many Attacks are threats against authentication Passwords are a form of Authentication Digital Signatures offer another (upcoming)

Hashes (brief aside) There are many hash functions -- functions that take data and return some sort of value that describes the data Network packets have CRC (Cyclic Redundancy Checks) which are designed to check for bit-flips (0->1, 1->0) and many other types of alterations. There’s a third type, a cryptographic hash function, which returns a number and is quite robust to modification of the data -- it’s very hard to change data in a way that will yield an identical hash value. Also, parity check ( or mod 2)

Passwords, Good and Bad Passwords provide Authentication Length is important (to a limit) Randomness is Better, both in selection and unrelated to you Password Reuse is problematic -- your password is only as strong as the weakest site you used it on. Hackers often target password lists -- they are valuable by themselves because of reuse Passwords should not ever be stored (they are hashed)

Typical Password Criteria Contain six or more characters Contain at least one uppercase and one lowercase letter Contain at least one digit Contain at least one special character No dictionary words, No names or part of names

Symmetric Encryption Sender and Receiver have same Key Problem with having a pre-shared key?

Substitution Cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Substitute the letters in the second row for the letters in the top row to encrypt a message Encrypt(COMPUTER) gives FRPSXWHU Substitute the letters in the first row for the letters in the second row to decrypt a message Decrypt(Encrypt(COMPUTER)) gives COMPUTER Above is just a Caesar cipher

(D)DOS, (Distributed Denial of Service) Attack What happens if you send more data than a connection can handle? Answer: Packets get dropped If you flood a connection then it is possible to take down or seriously degrade a connection. Normally requires many uploading computer (1000s or more) Most major sites have a lot of connections and redundancy What CIA trait does this violate?

Attack: Social Engineering and Phishing It is possible to have perfect (computer) security but still be vulnerable: If users can reduce security and be fooled into doing so, then the security is imperfect. Many hacks involve social engineering, which is the process of convincing a user to violate a security rule. Phishing is just social engineering through e-mail.

Malicious Code A computer program that attempts to bypass appropriate authorization and/or perform unauthorized functions Worm stands alone, targets network resources and servers Trojan horse disguised as benevolent resource Virus self-replicating Logic bomb set up to execute at system event (date or otherwise) (Vulnerabilities (Plain Old Mistakes):https://xkcd.com/1354/ ) Word/Excel files can have code embedded. (vulnerabilites aren’t malicious, just dangerous)

Asymmetric Encryption It is possible to send information one-way without a pre- shared secret key Often requires “obscure” math -- relies on problems that are known to be hard that can be made easy given extra knowledge, such as prime factorization

Asymmetric Key Generation

Asymmetric Encryption and Decryption

Digital Signatures and Certificates (okay, now forget the lockbox and key metaphor for this…) It is possible to run some of the Asymmetric Key Algorithms backwards -- “sign” something with the private key and then check the signature by running the public key to get the result One problem remains: how do we know we have the public key of the person we believe we’re communicating with? (Imperfect) Solution: We get the public keys from “Certificate Authorities” who sign things on behalf of others -- the CA will verify the identity of the entity through more rigorous means decrypt(encrypt(msg)) == encrpyt(decrypt(message)) for some algorithms. Can sign programs and communications. Also, we generally sign the hash of the data… since it’s much smaller.

References [parts of slides and images from Textbook]: Dale, Nell B., and John Lewis. Computer science illuminated. Jones & Bartlett Learning, 2007.