Lecture 8 Page 1 CS 236 Online Prolog to Lecture 8 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Slides:



Advertisements
Similar presentations
Chapter 1  Introduction 1 Chapter 1: Introduction.
Advertisements

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
Lecture 10 Page 1 CS 236 Online Prolog to Lecture 10 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 3 Page 1 Advanced Network Security Review of Cryptography Advanced Network Security Peter Reiher August, 2014.
G53SEC 1 Authentication and Identification Who? What? Where?
Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 16 Page 1 CS 236 Online Secure Programming, Continued CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
2/16/001 E-commerce Systems Electronic Payment Systems.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 14 Page 1 CS 236 Online Race Conditions A common cause of security bugs Usually involve multiprogramming or multithreaded programs Caused by different.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
G53SEC 1 Authentication and Identification Who? What? Where?
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.
Lecture 9 Page 1 CS 136, Spring 2009 Operating System Security CS 136 Computer Security Peter Reiher April 28, 2009.
Lecture 15 Page 1 CS 236 Online Prolog to Lecture 15 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 2 Page 1 CS 236 Online Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 5 Page 1 CS 236 Online Key Management Choosing long, random keys doesn’t do you any good if your clerk is selling them for $10 a pop at the back.
Lecture 17 Page 1 CS 236 Online Prolog to Lecture 17 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.
Lecture 16 Page 1 CS 236 Online Exploiting Statelessness HTTP is designed to be stateless But many useful web interactions are stateful Various tricks.
Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Lecture 19 Page 1 CS 236 Online Prolog to Lecture 19 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Lecture 8 Page 1 CS 236 Online Protecting Interprocess Communications Operating systems provide various kinds of interprocess communications –Messages.
Fall 2006CS 395: Computer Security1 Key Management.
Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 13 Page 1 CS 236 Online Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Lecture 7 Page 1 CS 236, Spring 2008 Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Lecture 18 Page 1 CS 236 Online Prolog to Lecture 18 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Outline The basic authentication problem
Outline Basic concepts in computer security
DDoS In the Real World Do DDoS attacks really happen?
Android Access Control
Outline Properties of keys Key management Key servers Certificates.
Protecting Interprocess Communications
Secure Software and the Law
Outline What does the OS protect? Authentication for operating systems
DDoS In the Real World Do DDoS attacks really happen?
Where Malware Lives Most people expect malware in only one place –
Outline What does the OS protect? Authentication for operating systems
Outline Using cryptography in networks IPSec SSL and TLS.
ELC 200 DAY 25 & 26.
Outline Introduction Basic authentication mechanisms.
Outline Introduction Basic authentication mechanisms.
Mandatory Access Control and the Real World
Android Access Control
Presentation transcript:

Lecture 8 Page 1 CS 236 Online Prolog to Lecture 8 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Lecture 8 Page 2 CS 236 Online Smart Cards in Trouble Smart cards are used for authentication But they’re also used for other things –Like electronic cash –Or public transit payments These uses are problematic Why?

Lecture 8 Page 3 CS 236 Online A Problem With Smart Cards Smart cards are in the physical possession of users If it’s in the user’s interest to alter the smart card’s behavior, he might –E.g., free rides on the subway Preventing this is one of the hard problems in security

Lecture 8 Page 4 CS 236 Online What’s the Real Problem? Ultimately, the smart card’s security is based on keeping a secret But the secret is on the card And the card is in the user’s wallet How do you keep the secret from the user? Similar problem to DRM technologies

Lecture 8 Page 5 CS 236 Online An Example of the Problem The Mifare card Used by Netherlands, Britain, Boston for public transport Reverse engineering of the card uncovered the crypto algorithm Weaknesses in that algorithm allow attackers to guess the key –They can then clone the card

Lecture 8 Page 6 CS 236 Online Effect of the Attack Attackers can create cards that were never paid for –So you ride the Tube or the MTA for free Same cards can also be used for building access –Cloning allows you to pretend to be someone else

Lecture 8 Page 7 CS 236 Online What the Attack Does and Doesn’t Mean These cards are too weak for public transit systems But if attacker can’t get hold of your card, he can’t clone it –So maybe OK for authenticating you –Unless other mechanism gives attacker access to your card

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.