Security March 9, 2001. 2 Security What is security?  Techniques that control access to use a shared resource  Uses of shared resource must be authorized.

Slides:

Advertisements

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

Computer Security Key Management

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Principles of Information Security, 2nd edition1 Cryptography.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Cryptographic Technologies

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Secure Socket Layer (SSL)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Cryptography, Authentication and Digital Signatures

Identity-Based Secure Distributed Data Storage Schemes.

Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.

A Survey of Authentication Protocol Literature: Version 1.0 Written by John Clark and Jeremy Jacob Presented by Brian Sierawski.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.

Lecture 2: Introduction to Cryptography

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.

Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Network Security Celia Li Computer Science and Engineering York University.

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.

Fall 2006CS 395: Computer Security1 Key Management.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

6.033 Quiz3 Review Spring How can we achieve security? Authenticate agent’s identity Verify the integrity of the request Check the agent’s authorization.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

The Secure Sockets Layer (SSL) Protocol

The Secure Sockets Layer (SSL) Protocol

Presentation transcript:

Security March 9, 2001

2 Security What is security?  Techniques that control access to use a shared resource  Uses of shared resource must be authorized  Authorized - who, what when, why  IRS agent authorized to access a tax evader’s files, but what about agent’s neighbor’s files?  Controlling access is a negative goal  Hard to prove that no unauthorized access occurred

3 Security, cont. Examples of Security Techniques  Tickets  Access Control Lists  Encryption (e.g., PGP)  EM shielding  Pad Locks  Independent certifications  Obscurity

4 Security Is Very Difficult  Suppose every message out of your computer is intercepted and read by a human  Can you nevertheless send out the contents of a 1 Gig file undetected, using ?  Yes, lots of ways  Use metadata to hide 1 Gig file  Much slower, but effective Time value of data varies Security, cont.

5 Design Principles  KISS - Keep It Small and Simple  Fail-safe defaults (e.g., permission, not exclusion)  Complete, systematic, and holistic approach  Open design  Explicit assumptions  Least authority  Human acceptability  Immediate feedback Security, cont.

6 Example: Virtual Memory  Distinct pages for data  Virtual page number must be in page map  Distinct memory spaces for processes  Hardware - page map address register points to a process's page map  Kernel/User bit  Authorizes access to page map address register  Can be set only to Kernel by user program and vice versa Security, cont.

7 Protecting Information - No Guarantees  Not practical to try to fully protect some information  e.g., Medical records from doctors, IRS data from IRS agents  To better protect, use authentication and log who did what, when, and why  Allow interested parties to audit the log Security, cont.

8 Protecting Information - Cryptography  Idea - Reversibly transform plaintext into seemingly random cipertext  Plaintext - the original text  Ciphertext - the encrypted text  6 main categories of attack:  Ciphertext-only, known plaintext, chosen plaintext, adaptive chosen plaintext, chosen ciphertext, adaptive ciphertext Security, cont.

9 Protecting Information - Public/Private Keys  An entity has a private (secret) key Ks, and a public key Kp  Ks and Kp are computed in private by an entity  No need to share Ks!  {{message}Ks}Kp = {{message}Kp}Ks = message Can be used for securing communication channels as well as for authentication Security, cont.

10 Server-Mediated Authentication  Two users want to communicate  Use a trusted server to connect them  Server can use public key encryption  No need to store user's private keys  Server responds to host1 comm. request with {{session-key, Khost1}Khost2, session- key}Khost1  Host 2 can now authenticate Host 1, and communicate on an encrypted channel Security, cont.

11 X.509 Certificates  Used by SSL  Issued by well-known certificate authorities (e.g., Verisign)  Contain the issuer's name + signature, issuee's name + issuee’s public key, valid dates, admin info  To verify, need to securely obtain certificate authority's public key  e.g., send {signature, nonce, Kclient}Kcert, receive {issuee name, public key, valid dates, nonce}Kclient Security, cont.

12 SSL  Step 1 - Exchange certificates  Certificate authenticates a user  Certificate-issuing service must be recognized by both parties  Step 2 - Establish cipher  Flexibility - can use different ciphers  Use a pre-master key to generate session keys Security, cont.