Lecture 5 Page 1 CS 236 Online Key Management Choosing long, random keys doesn’t do you any good if your clerk is selling them for $10 a pop at the back.

Slides:

Advertisements

Similar presentations

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Advertisements

Lecture 12 Page 1 CS 111 Online Devices and Device Drivers CS 111 On-Line MS Program Operating Systems Peter Reiher.

Caleb Stepanian, Cindy Rogers, Nilesh Patel

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Fine-Grained Access Control (FGAC) in the Cloud Robert Barton.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.

Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.

Lecture 5 Page 1 CS 136, Fall 2014 Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014.

Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.

Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.

Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

For brownies this PowerPoint will help you understand computer viruses and help stop them!!!!

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

Security CS Introduction to Operating Systems.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 5 Page 1 CS 136, Fall 2012 Cryptographic Keys CS 136 Computer Security Peter Reiher October 11, 2012.

Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.

Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Lecture 1 Page 1 CS 236 Online What Are Our Security Goals? CIA Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.

COMP 424 Computer Security Lecture 09 & 10. Protocol ● An orderly sequence of steps agreed upon by two or more parties in order to accomplish a task ●

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.

Lecture 5 Page 1 CS 236 Online Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E,P) P = D(K D,C) Often, works the.

Lecture 16 Page 1 CS 236 Online Exploiting Statelessness HTTP is designed to be stateless But many useful web interactions are stateful Various tricks.

Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.

Lecture 12 Page 1 CS 111 Summer 2014 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

1. Guard your privacy. What people know about you is up to you. 2. Protect your reputation. Self-reflect before you self-reveal. What’s funny or edgy.

Lecture 5 Page 1 CS 136, Fall 2013 Cryptographic Keys CS 136 Computer Security Peter Reiher October 8, 2013.

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

Lecture 7 Page 1 CS 236, Spring 2008 Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 5 Page 1 CS 136, Spring 2016 Cryptographic Keys CS 136 Computer Security Peter Reiher April 12, 2016.

Web Applications Security Cryptography 1

Password Management Limit login attempts Encrypt your passwords

Outline What does the OS protect? Authentication for operating systems

Outline What does the OS protect? Authentication for operating systems

Lecture 4 - Cryptography

Outline Properties of keys Key management Key servers Kerberos

Outline Properties of keys Key management Key servers Certificates.

Key Management CS 136 Computer Security Peter Reiher April 16, 2009

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Presentation transcript:

Lecture 5 Page 1 CS 236 Online Key Management Choosing long, random keys doesn’t do you any good if your clerk is selling them for $10 a pop at the back door Or if you keep a plaintext list of them on a computer on the net whose root password is “root” Proper key management is crucial

Lecture 5 Page 2 CS 236 Online Desirable Properties in a Key Management System Secure Fast Low overhead for users Scaleable Adaptable –Encryption algorithms –Applications –Key lengths

Lecture 5 Page 3 CS 236 Online Users and Keys Where are a user’s keys kept? Permanently on the user’s machine? –What happens if the machine is cracked? But people can’t remember random(ish) keys –Hash keys from passwords/passphrases? Keep keys on smart cards? Get them from key servers?

Lecture 5 Page 4 CS 236 Online Key Servers Special machines whose task is to generate, store and manage keys Generally for many parties Possibly Internet-wide Obviously, key servers are highly trusted

Lecture 5 Page 5 CS 236 Online Security of Key Servers The key server is the cracker’s holy grail –If they break the key server, everything else goes with it What can you do to protect it?

Lecture 5 Page 6 CS 236 Online Security for Key Servers Don’t run anything else on the machine Use extraordinary care in setting it up and administering it Watch it carefully Use a key server that stores as few keys permanently as possible –At odds with need for key storage Use a key server that handles revocation and security problems well

Lecture 5 Page 7 CS 236 Online Single Machine Key Servers Typically integrated into the web browser –Often called key chains or password vaults Stores single user’s keys or passwords for various web sites Usually protected with an overall access key Obvious, encrypted versions stored on local disk

Lecture 5 Page 8 CS 236 Online Security Issues for Single Machine Key Servers Don’t consider one that doesn’t store keys encrypted Issues of single sign-on –If computer left unattended –In case of remote hacking Anything done by your web browser is “you”

Lecture 5 Page 9 CS 236 Online Local Key Servers Can run your own key server machine –Stores copies of all keys you use Possibly creates keys when needed Uses careful methods to communicate with machines using it E.g., Sun StorageTek Crypto Key Management System

Lecture 5 Page 10 CS 236 Online Key Storage Services Third party stores your keys for you –In encrypted form they can’t read ANSI standard (X9.24) describes how third party services should work Not generally popular HyperSafe Remote Key System is one example Variants may become important for cloud computing

Lecture 5 Page 11 CS 236 Online The Dark Side of Key Storage Governments sometimes want your crypto keys Since they might not be able to read your secret data without them They’d often prefer you didn’t know they asked... Key escrow services can allow this

Lecture 5 Page 12 CS 236 Online Key Escrow, Clipper, and Skipjack In the 1990s, US government tried to mandate key escrow –For encrypted network communications Based on a new cipher (Skipjack) Implemented in a special chip (Clipper)

Lecture 5 Page 13 CS 236 Online Basic Idea Behind Clipper Encrypted messages would carry special information Privileged parties could use it to retrieve the crypto key used Governments would be among those parties But, of course, they’d never abuse it...

Lecture 5 Page 14 CS 236 Online What Happened to Clipper? Totally fried by academic security community –Experts united in their scorn for both idea and particular implementation Chips were built Nobody used them The idea is now dead, but... British PM Cameron just revived it (Jan 2015) –Attractive but bad ideas never disappear forever

Lecture 5 Page 15 CS 236 Online The NSA and Key Services Snowden revelations have shown that the NSA frequently goes after keys Will commercial key escrow services give keys to the NSA? If not, will the NSA try to get them, anyway? Key servers are a big, fat target for folks like the NSA