CSE 542: Operating Systems

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

Page 15/5/2015 CSE 542: Graduate Operating Systems Outline  Chapter 18: Protection  Chapter 19: Security  A Method for Obtaining Digital Signatures.
Digital Signatures. Anononymity and the Internet.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Cryptography Basic (cont)
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Page 19/15/2015 CSE 542: Graduate Operating Systems Virtual memory  separation of user logical memory from physical memory  Only part of the program.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Linux Networking and Security Chapter 8 Making Data Secure.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Mar 13, 2001CSCI {4,6}900: Ubiquitous Computing1 Announcements HW 4 due Thursday – 11:00 AM If you have any questions regarding HW3, Project Proposal and.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Public Key Encryption CS432 – Security in Computing Copyright © 2005, 2008 by Scott Orr and the Trustees of Indiana University.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Public Key Encryption.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Security Protecting information data confidentiality
Unit 3 Section 6.4: Internet Security
Chapter 40 Internet Security.
Key management issues in PGP
Web Applications Security Cryptography 1
Digital Signatures.
Chapter 15: Security.
Basics of Cryptography
Security Outline Encryption Algorithms Authentication Protocols
Cryptography and Network Security
Cryptography Why Cryptography Symmetric Encryption
Computer Communication & Networks
Secure Sockets Layer (SSL)
Public Key Encryption and Digital Signatures
Public-key Cryptography
The Security Problem Security must consider external environment of the system, and protect it from: unauthorized access. malicious modification or destruction.
Information Security message M one-way hash fingerprint f = H(M)
Cryptography and Network Security
Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure
Message Digest Cryptographic checksum One-way function Relevance
CSE 542: Operating Systems
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
The Secure Sockets Layer (SSL) Protocol
Security.
Public-Key, Digital Signatures, Management, Security
Security Outline Encryption Algorithms Authentication Protocols
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
CSE 542: Operating Systems
Advanced Computer Networks
Operating System Concepts
CSE 542: Operating Systems
Fluency with Information Technology Lawrence Snyder
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
Presentation transcript:

CSE 542: Operating Systems Outline Chapter 18: Protection Chapter 19: Security Paper: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. Communications of the ACM 21,2 (Feb. 1978) RSA Algorithm – First practical public key crypto system 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Protection Protect computer resources from being accessed by processes that should not have access Access Matrix defines protection Global table Access list for objects: easier to program Capability list for domains/users: Hybrid: lock-key mechanism Revocation of rights: Immediate vs delayed, selective vs general, partial vs total, temporary vs permanent 27-May-19 CSE 542: Operating Systems

Compiler/language based mechanism Compiler based enforcement Java VM Multiple threads within a single JVM have different access rights Enforced using stack inspection 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Security User authentication: Passwords Encrypted passwords One-time passwords Biometrics Threats: Trojan horse Trap door/stack and buffer overflow Worms/viruses Denial of service Intrusion and detection 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Risk analysis Important to understand threat and perform risk analysis No system is “secure”, systems usually trade security for performance, ease of use etc. If information is worth x and it costs y to break into system and if (x < y), then not worth encryption Wasteful to build a system that is more secure than is necessary Ssh in CSE dept – good Palm pilots may not require powerful encryption systems if they are expected to be physically secure 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Security Attacks Social engineering attacks Preys on people gullibility (good nature), hardest to defend E.g. I once got an unlisted number from a telephone operator because I sounded desperate (I was, but that was not the point) E.g. Anna kour*va virus E.g. If I walk in with coupla heavy looking boxes into the elevator to go to Fitz 3rd floor (at night) would you let me in? You can go into “secure” companies by looking like you “belong” there Denial of service attacks Network flooding, Distributed DOS, holding resources, viruses 27-May-19 CSE 542: Operating Systems

Common technology - firewalls Firewalls are used to restrict the kinds of network traffic in/out of companies Application level proxies Packet level firewalls Does not prevent end-to-end security violations People sometimes email list of internal computer users outside firewall to scrupulous “researchers” Emails viruses exploit certain vulnerabilities in VBS to get around firewalls 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Encryption methods Symmetric cryptography Sender and receiver know the secret key (apriori ) Fast encryption, but key exchange should happen outside the system Asymmetric cryptography Each person maintains two keys, public and private M  PrivateKey(PublicKey(M)) M  PublicKey (PrivateKey(M)) Public part is available to anyone, private part is only known to the sender E.g. Pretty Good Privacy (PGP), RSA 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems My Public Key -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>   mQGiBDqtLPwRBADnG0+9IkDvI8t/3wdL3CSO4DytEH0NjrNwAYYIaewp3MklsxkP p6iVblwiiCH4T4Nqkaru+kaEQ1hSTa7E/F9yQCWN5J0u1U7mtgTKFyt7VG0txAVx tV7TuyxNogJkpm2BqoKqqUdCdbm+GurX/G2ynbINjEOvhcy0i1ttxgyDrwCg/8HZ tM0i06VVNcR/QCmA+JdHGwMEAIjXLVV97huEtpuWDiq4J53ecV3HXQm6XoUZq4Sc n+nsvXe4UD+6ldub/riOqBy22fBBAKhUsM3lGFgr7h19X3RGdw/yBVox+BLajpW+ F+ddjJAVSFeTvNanhnXL9a3nwCThb4aEUTdD61kgoUWJl2BnsK1DUSo2X6AsZYo+ GknOA/92dUNYUzspPLkXvPjOo+uJErZA4aN+UYsJwD3AlYugVLkc3nQBQySO4bAR XitjnN0DA6Kz/j6e+cqReCyEuBnPtaY/Nn/dAn1lgUlJ/EtKQ9J4krI3+RxRmlpY UtWyTaakV/QCXkB/yB9i6iAfsCprlcRSpmZAGuNXr+pHTHB0ILQmU3VyZW5kYXIg Q2hhbmRyYSA8c3VyZW5kYXJAY3MudWdhLmVkdT6JAFgEEBECABgFAjqtLPwICwMJ CAcCAQoCGQEFGwMAAAAACgkQlU7dFVWfeisqTACfXxU9a1mbouW2nbWdx6MHatQ6 TOgAoM9W1PBRW8Iz3BIgcnSsZ2UPNJHDuQINBDqtLPwQCAD2Qle3CH8IF3Kiutap QvMF6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfU odNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7H AarTW56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxb LY7288kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyE pwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1Xp Mgs7AAICCACLxNC3Vth553Y90JCVyM9mPWzvrkjfEGfBiCFDZ0HONW81ywUyV6jT O/1sUsgR7jGB26XBsnIY96a9WTpUoI+20YstFLRj8sXOVXuaP/YTmgSLv82O6SWd Bze1S0YJcU31/zdCftsz67UWT8vg39yeGyQ5KQP83p9DKpi4Z5K4M29p8eCt9BY+ kid94h9+16ZT8JLF0iEwGapZvpaTucCNoC8t6CKPto0dGpkYp7uBYoSzLgNvUh2n BjGVEmLuioabqbOaomDErITY2iNcW3CCgjjYvgg/Hnu7HB2xKzuVUN1NTGogcuNI Yx88mi+d/HxTY6YNr9xNW0f0pWkZDVB0iQBMBBgRAgAMBQI6rSz8BRsMAAAAAAoJ EJVO3RVVn3orYhIAoIQPxGvHmX8c6kaAZqko1zYCeixcAJ9tp5h/KQZrIN/BpyTW 9Xgv4qxKEA== =Pv5O -----END PGP PUBLIC KEY BLOCK----- 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems RSA Named after Rivest, Shamir and Adleman Only receiver receives message: Encode message using receivers public key Only sender could’ve sent the message Encode message using sender’s private key Only sender could’ve sent the message and only receiver can read the message Encode message using receivers public key and then encode using our private key 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Strength Strength of crypto system depends on the strengths of the keys Computers get faster – keys have to become harder to keep up If it takes more effort to break a code than is worth, it is okay Transferring money from my bank to my credit card and Citibank transferring billions of dollars with another bank should not have the same key strength 27-May-19 CSE 542: Operating Systems

Public Key Infrastructure (PKI) Process of issuing, delivering, managing and revoking public keys E.g. Secure Sockey Layer (SSL) Client C connects to Server S C requests server certificate from S S sends server certificate with Spublic to C C verifies validity of Spublic C generate symmetric key for session C encrypts Csymmetric using Spublic C transmits Csymmetric(data) and Spublic(Csymmetric) to S 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Authentication Identification verification process E.g. kerberos certificates, digital certificates, smart cards Used to grant resources to authorized users 27-May-19 CSE 542: Operating Systems

Practical Public Key Cryptosystem Decrypt(Encrypt(Message)) = Message Encrypt() and Decrypt() are easy to compute Encrypt() does not reveal Decrypt() Encrypt(Decrypt(Message)) = Message Function satisfying 1-3: Trap-door one-way function One way: easy to compute in one direction, difficult in the other direction Trap-door: Inverse functions are easy to compute once certain private “trap-door” information is known. 1-4: permutation 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Signature Encrypt using private key of sender. Anyone can decrypt using the public key of sender to verify signature -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello world!! -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOq8LO5VO3RVVn3orEQLFZwCdGi9AWvlhollaYmr9TPvtdbKoe20AoLLr vbJ8SgkIZ73lCy6SXDi91osd =L3Sh -----END PGP SIGNATURE----- 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Privacy Encrypt with receivers public key -----BEGIN PGP MESSAGE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> qANQR1DBwU4D30m79rqmjHMQB/4q1mu3IP8AsMBYSUW6udXZnF0/LVL51eYzVnAW IxgbxhHmBoZf9YEltoXw82gkgVebz+3Xfj6T5mLNy5FA6cgKKw57AY9Bl3aEKlJK /nV5qR8E/VZOhaPoog8dtV1Hpi5Z0vNCI7s5Ibp3C2tlrgYtvyYfe86bqCNe3yAI btTUT+bA9HL3pXqhOoWlRB+N58T9ybn/9FyonYYfGuPdMTj+ZciK37R+ezWg5YmZ jdDMf/CxgllMF/Tv2jQ8KgmrKIyi6gWQmEtWzFUlAPgdpOC7TQC3sQqVjK4GyOY6 WnrXiWqO3895ukBGyHzqyssUTJFe5qnclkrmCvA3tph+uc7pCACKrYaGLSWWoQSB L6zch2GnhG4+JpDCVKF/poJ1URkB2Odd9/OCReR0sFXZFvW14IJQznu3HOhjtA+y g7Nn736fqMD9jpBZFfUtKv/v4JMyWcRdp3R3icm03zi24n+244r1DQj+cVlFYPfd zRAGTLORVjXH2amGqilKyxqMU7ZYXIMI43bFIviu4tabKYnZJxpM8keUKA3u+vPs X9ksSoBSiT6Kow3Lac2t3Qo5TimYlS5ODFnC6Pp9aRZzNcBOKmiYO4IIbdFH2jta RbcmesEjH5RpbDV4BfcOMdm2UGWZe6kAaKkSdxHlUVZAJnesbT+lQf4AZjXkmsOM 8qnBKi5xyS/wrhS4zamV/Mp+5qIGNASXUHPsp3rukovaZANdZ/Y6zNQQVim0kphd 5ECybmVrHQ== =S9ph -----END PGP MESSAGE----- 27-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Algorithm To break their algorithm requires that you factor a large prime Computationally very hard. Can’t be “proven” yet With present technology, 512 bit key takes a few months to factor using “super computers”, 1024 takes a long time and 2048 takes a very long time Takes 2 seconds to generate a 2048 bit key on a 933 Mhz Pentium Algorithm has remained secure for the past 17 years One of the most successful public key system 27-May-19 CSE 542: Operating Systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.