Software Engineering 3156 31-Oct-01 #17: Integration and Crypto Phil Gross.

Slides:



Advertisements
Similar presentations
Slide 15.1 © The McGraw-Hill Companies, 2002 Object-Oriented and Classical Software Engineering Fifth Edition, WCB/McGraw-Hill, 2002 Stephen R. Schach.
Advertisements

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Copyright Justin Klein Keane InfoSec Training Encryption.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Cryptography Basic (cont)
Chapter 5 Cryptography Protecting principals communication in systems.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Software Testing & Strategies
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Implementation & Integration Phase Implementation, then integration: Implementation, then integration:  Each module is implemented by member of programmer.
Masud Hasan Secue VS Hushmail Project 2.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
Cryptography, Authentication and Digital Signatures
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Day 18. Concepts Plaintext: the original message Ciphertext: the transformed message Encryption: transformation of plaintext into ciphertext Decryption:
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
Digital Signatures, Message Digest and Authentication Week-9.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
By Sandeep Gadi 12/20/  Design choices for securing a system affect performance, scalability and usability. There is usually a tradeoff between.
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
BZUPAGES.COM Cryptography Cryptography is the technique of converting a message into unintelligible or non-understandable form such that even if some unauthorized.
CS451 Software Implementation and Integration Yugi Lee STB #555 (816) Note: This lecture was designed.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.
Network Security Celia Li Computer Science and Engineering York University.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Software Engineering Zhang Shuang
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
ENGR 101 Compression and Encryption. Todays Lecture  Encryption  Symmetric Ciphers  Public Key Cryptography  Hashing.
Computer Communication & Networks
Outline Using cryptography in networks IPSec SSL and TLS.
Presentation transcript:

Software Engineering Oct-01 #17: Integration and Crypto Phil Gross

2 Administrivia There will be group reorganization Got a problem? Let us know ASAP Samples coming soon…

3 Requirements Tweaking Vision range Portal format Default Actor

4 Integration? Not really separate from Implementation, but traditionally thought of as such Schach calls it the “Implementation and Integration phase” Why? (2 reasons)

5 Implementation needs integration (I) Here, a calls b, c, and d You can’t test a until you attempt to integrate with b, c, and d Code stubs of b, c, and d For b: need driver for a, stub for e

6 Stubs and drivers Essentially empty modules Usually prints debugging info Stubs – Get called upon – Might return a canned answer Drivers – Call others – Also prints some debugging

7 Implementation needs integration (II) Consider a really complex set of modules Each time you integrate, fault isolation becomes harder Additionally, possibility for faults increase Can’t work completely independently until the last day Even with OO Need to combine module and integration testing

8 Top-down I&I Implement and integrate starting from the top Create stubs for subsidiary components Fill in the stubs later Good: major fundamental flaws shown early: better to test logic first

9 Problems with top-down Difficult to test actual low-level functions (reusable components) – The top-level gets tested n times – Bottom-level gets tested once – Defensive programming a liability? if (x >= 0) computeSquareRoot

10 Bottom-up I&I Build drivers, fill them in later Design flaws not shown early, but low-level components very well tested – Huge cost to redesign Conclusion: need to combine both

11 Sandwich I&I Simple idea: work from both ends Tests logic, as well as reusable components Schach claims infinite upside from this model – Reality: a bit more complex to organize – Need both stubs and drivers

12 OO I&I Needed to include in a “Object Oriented Software Engineering” book Basically, works the same as classical I&I

13 Management issues during I&I What if the pieces don’t fit together? What do Phil and I do if server and client don’t talk? – Happens more often than you think… Have integration run by SQA – One well-contained group to integrate

14 Testing I&I Incremental testing: as each new module is integrated, must already be tested separately, then continue testing GUI: can’t use simple test cases – Special CASE tools actually record mouse clicks, etc. Product testing when integration is complete, followed by acceptance testing

15 Product testing SQA has to do extra testing, especially with COTS software – Alpha and beta phases With custom software, make sure acceptance test won’t fail: would be bad – Black-box tests for whole product – Robustness (crash?) – Constraints met (such as time bounds) – Documentation review Use “scenarios”

16 Acceptance testing Does product satisfy client requirements/developer specifications? Supervised/independent SQA or client does this Must be performed on actual data Often, new product run in parallel with old for a while

17 CASE tools Versioning and configuration management Build tools Environments: UI integration, tool integration, process integration: these support/automate the manual process – CMM levels needed Others

18 Metrics Complexity metrics Total number of test cases and failures Number of faults/types of faults

19 Key Security Concepts Privacy Authentication Authorization Non-repudiability Symmetric vs. Asymmetric keys Key management One-way hashes

20 Privacy Social issues Carnivore, Echelon Linking of databases Surveillance Control over computer records

21 Encryption What we usually associate with crypto Scrambling plaintext so that it’s unreadable Should be resistant to attacks – Even if attacker has unlimited access to plaintext/encrypted text pairs – Even if (especially if) encryption algorithm is known Do not try to invent one on your own – Rot-13

22 One-way Hashes Also called Message Digests Like hash function, but less predictable Given a message and its digest, computationally infeasible to alter the message without changing the digest Encrypt digest with private key = electronic signature

23 Public key crypto challenges Asymmetric encryption is very slow – Need large keys (128-bit or more) so that guessing private key is difficult – Solution: use a symmetric key to encode message, and then encrypt the symmetric key using asymmetric keys – Attach said symmetric key to rest of message Keys need to be trusted – Public key: man-in-the-middle attack – Private key: local machine compromise – Solutions exist for both

24 Implications of public key Internet-scale cryptography possible Allowed for creation of tools like SSL, PGP – Encryption more powerful than government can decrypt – Significant social implications now Still, some problems – Government wants backdoors – Key trust: people do, blindly (including me!)

25 One-way hashes Also called “message digests” Like a hash function, but less predictable Take a message and generate this “garbage” out of it If message changes, garbage will as well Difficult (impossible?) to reverse engineer garbage to original message Simpler and faster than encryption

26 Applications of one-way hashes As long as you don’t need to know the original message… or already know it Signatures: create a digest of stuff to be encrypted, and encrypt it with private key – Crypt-ing passwords – You don’t care what the password is – If someone grabs the crypt, they can use it, but much more limited – Not at all foolproof, just limits damage

27 One-time passwords Two mechanisms: – On an insecure link, once you log in, server changes password to the “next” one that you will know (or turns it off) Backdoor for emergencies, less used today with tools like ssh – Client and server generate unique digests

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.