ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

Slides:

Advertisements

Similar presentations

CSE 5392By Dr. Donggang Liu1 CSE 5392 Sensor Network Security Course Introduction.

Advertisements

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Chapter 9: Privacy, Crime, and Security

Security+ Guide to Network Security Fundamentals

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

1 Intro To Encryption Exercise Problem What may be the problem with a central KDC?

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

ITIS 6167/8167: Network and Information Security Weichao Wang.

ITIS 6200/8200: Principles of Information Security and Privacy Dr. Weichao Wang.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

CYBER CRIME AND SECURITY TRENDS

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Securing Information Systems

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

ISEC0511 Programming for Information System Security

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

BUSINESS B1 Information Security.

Staying Safe Online Keep your Information Secure.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Introduction to Network Security J. H. Wang Feb. 24, 2011.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Network Security by Behzad Akbari Spring 2012 In the Name of the Most High.

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.

ECE Lecture 1 Security Services.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.

Session 7 LBSC 690 Information Technology Security.

Types of Electronic Infection

Chapter 21 Distributed System Security Copyright © 2008.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,

Jan 11 Encryption and Hacking. Your Answer Data encryption is used to keep information safe from unauthorised users. Data encryption software makes the.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

1 Introduction to Malcode, DoS Attack, Traceback, RFID Security Cliff C. Zou 03/02/06.

Introduction to Information Security J. H. Wang Sep. 18, 2012.

The Security Circus MPICT Summer Conference, June, 2011.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Information Management System Ali Saeed Khan 29 th April, 2016.

Cyber crimes is the most popular news we come across daily In good olden days there were no development in the usage of computers as we have now As.

PRESENTED BY Raju. What is information security?  Information security is the process of protecting information. It protects its availability, privacy.

Security Issues in Information Technology

Working at a Small-to-Medium Business or ISP – Chapter 8

Information Security.

ITIS 6200/8200: HCIP 6200 Principles of Information Security and Privacy Dr. Weichao Wang.

Network Security Mark Creighton GBA 576 6/4/2019.

Introduction to Internet Worm

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Presentation transcript:

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang

Syllabus See handout –Homework will usually has 4-5 questions and due in one week. It is due at the time that the class begins. –Late homework Within 24 hours: 50% of full score After that: 0% –Project Individual project –Conduct some hands-on experiments –Or choose a security problem and write a survey paper –A reference question list will be provided –Midterm and final exam –Misc: eating, drinking, and cell phone (text & twitter)

Before class An interesting question –Two companies each has some private data. They need to jointly calculate some result without disclosing their information. Secure multiparty computation Is this solution useful? –Zero knowledge proof: Can I prove to you that I know a secret without telling you anything? (practically) –Anonymously publishing data or information

Examples in real life Attack on Twitter –Hack into the victim’s account –DDoS to paralyze Twitter, facebook, etc Data mining attacks on public database –In Tenn, a newspaper generates a database about all residents that have CCW permits. –In CA, there is a webpage listing all people that donate to Proposition 8 ballot measure

Examples in real life Worm attack on smart grid Use social network to detect disease breakout Code during the war –Navajo Code in WWII – 266R.jpghttp:// 266R.jpg

–Computers have controlled our lives Medical, ATM, banking, business Air traffic control

Security overview Risks –Why there are risks Adversaries –Smart and dedicated –Many of them, considering the high employment rate –Hiding in the dark –From fun to profit (worm  self-changing  botnet -> target at specific systems)

Security overview Physical security is not enough (can you be sure that your physical security methods are sound and enough? Example in Las Vegas, supply chain attacks, internal attacks) Networked computers can be accessed remotely

Security overview What can go wrong –Trojan war story (trojan horse): USB keys –Corrupted internal worker –Vulnerabilities of protocols or security mechanisms (security patch has problems too) –By-passing protection walls –Backdoors for systems (Linux password) –Known attacks ignored (push and poll)

Information security Encryption –You can read the information only when you know the key Authentication –You are who you claim you are Authorization –The role and the right

Information security Information integrity –The data has never be changed or changed in an inappropriate way Non-repudiation –Cannot deny your words (digital cash example) Privacy –Who should know, how much, how to use the information Your cell phone or medical records RFID Your smart meter

Security overview Defending methods –Prevention Prevent (password, salt, private salt, searching) Deter: raising the bar (password guessing, login slow) Deflect: making other target more attractive Diversify –Detection Monitoring (who, what, and how) Intrusion detection (signature based, anomaly based) IP telephony track Authenticity of the evidence (digital media)

Security Overview Recovery –Recover data (check point) –Identify the damage –Forensics –Confinement Tolerance –Maintain a decent service quality –Automatically degrade video quality while reserving bandwidth for voice