Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.

Slides:



Advertisements
Similar presentations
Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
Advertisements

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
Cryptography Introduction Last Updated: Aug 20, 2013.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Cryptography and Network Security Chapter 17
Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.
Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.
Chapter 5 Cryptography Protecting principals communication in systems.
Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
Mid-term Review Network Security. Secure channel SSL (and many others:incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be covered)
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 8 Network Security 4/17/2017
Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011 Network Security Chapter 8.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)
@Yuan Xue Network Security Review and Beyond Network Security.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
CS 4/585: Cryptography Tom Shrimpton FAB
Protocols Part 3  Protocols 1.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Chapter 1  Introduction 1 Chapter 1: Introduction.
Class 5 Channels and Preview CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Exam Review for First Half of C430 2 May pm in Huxley 308 Michael Huth 2 May pm in Huxley 308 Michael Huth.
Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.
Chapter 7: Cryptographic Systems
Csci5233 computer security & integrity 1 Cryptography: an overview.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Exam 1 Review CS461/ECE422 Fall Exam guidelines A single page of supplementary notes is allowed  8.5x11. Both sides. Write as small as you like.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Potential vulnerabilities of IPsec-based VPN
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Network Security Chapter 8 Institute of Information Science and Technology. Chengdu University YiYong 2008 年 2 月 25 日.
Secure Sockets Layer (SSL)
Chapter 8 Network Security.
Chapter 8 Network Security.
Cryptography: an overview
Chapter 1: Introduction
Introduction Security Intro 1.
COEN 351 Authentication.
Presentation transcript:

Conclusion 1 Conclusion

Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access Control o Authentication, authorization, firewalls, IDS  Protocols o Simple authentication o Real-World: SSL, IPSec, Kerberos, WEP, GSM  Software o Flaws, malware, SRE, development, trusted OS

Conclusion 3 Crypto Basics  Terminology  Classic cipher o Simple substitution o Double transposition o Codebook o One-time pad  Basic cryptanalysis

Conclusion 4 Symmetric Key  Stream ciphers o A5/1 o RC4  Block ciphers o DES o AES, TEA, etc. o Modes of operation  Data integrity (MAC)

Conclusion 5 Public Key  Knapsack (insecure)  RSA  Diffie-Hellman  Elliptic curve crypto (ECC)  Digital signatures and non-repudiation  PKI

Conclusion 6 Hashing and Other  Birthday problem  Tiger Hash  HMAC  Clever uses: online bids, spam reduction  Other topics o Secret sharing o Random numbers o Information hiding (stego, watermarking)

Conclusion 7 Advanced Cryptanalysis  Linear and differential cryptanalysis  RSA side channel attack  Knapsack attack (lattice reduction)  Hellman’s TMTO attack on DES

Conclusion 8 Authentication  Passwords o Verification and storage (salt, etc.) o Cracking (math)  Biometrics o Fingerprint, hand geometry, iris scan, etc. o Error rates  Two-factor, single sign on, Web cookies

Conclusion 9 Authorization  ACLs and capabilities  MLS  BLP, Biba, compartments, covert channel, inference control  CAPTCHA  Firewalls  IDS

Conclusion 10 Simple Protocols  Authentication o Using symmetric key o Using public key o Establish session key o PFS o Timestamps  Authentication and TCP  Zero knowledge proof (Fiat-Shamir)

Conclusion 11 Real-World Protocols  SSL  IPSec o IKE o ESP/AH  Kerberos  GSM o Security flaws

Conclusion 12 Software Flaws and Malware  Flaws o Buffer overflow o Incomplete mediation, race condition, etc.  Malware o Brain, Morris Worm, Code Red, Slammer o Malware detection o Future of malware  Other software-based attacks o Salami, linearization, etc.

Conclusion 13 Insecurity in Software  Software reverse engineering (SRE) o Software protection  Digital rights management (DRM)  Software development o Open vs closed source o Finding flaws (math)

Conclusion 14 Operating Systems  OS security functions o Separation o Memory protection, access control  Trusted OS o MAC, DAC, trusted path, TCB, etc.  NGSCB o Technical issues o Criticisms

Conclusion 15 Crystal Ball  Cryptography o Well-established field o Don’t expect major changes o But some systems will be broken o ECC is a major “growth” area o Quantum crypto may prove worthwhile… o …but for now it is mostly hype

Conclusion 16 Crystal Ball  Authentication o Passwords will continue to be a problem o Biometrics should become more widely used o Smartcard/tokens will be used more  Authorization o ACLs, etc., well-established areas o CAPTCHA’s interesting new topic o IDS is a hot topic

Conclusion 17 Crystal Ball  Protocols are challenging  Very difficult to get protocols right  Protocol development often haphazard o Kerckhoffs’ Principle for protocols? o How much would it help?  Protocols will continue to be a significant source of security failure

Conclusion 18 Crystal Ball  Software is a huge security problem today o Buffer overflows should decrease… o …but race condition attacks might increase  Virus writers are getting smarter o Polymorphic, metamorphic, what’s next? o Future of malware detection?  Malware will continue to plague us

Conclusion 19 Crystal Ball  Other software issues o Reverse engineering will not go away o Secure development will remain hard o Open source is not a panacea  OS issues o NGSCB could change things… o …for better or for worse?

Conclusion 20 The Bottom Line  Security knowledge is needed today…  …and it will be needed in the future  Necessary to understand technical issues o The focus of this class  But technical knowledge is not enough o Human nature, legal issues, business issues, etc. o Experience also important

Conclusion 21 A True Story  The names have been changed…  “Bob” took my undergrad security class  Bob then got an intern position o At a major company that does security  One meeting, an important customer asked o “Why do we need signed certificates?” o “After all, they cost money!”  The silence was deafening

Conclusion 22 A True Story  Bob’s boss remembered that Bob had taken a security class o So he asked Bob, the lowly intern, to answer o Bob mentioned “man-in-the-middle” attack  Customer wanted to hear more o Bob explained MiM attack in some detail  The next day, “Bob the lowly intern” became “Bob the fulltime employee”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.