Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security.

Published byJob Richards Modified over 6 years ago

Similar presentations

Presentation on theme: "Security."— Presentation transcript:

1 Security

2 CIA Model Confidentiality means private data can be kept private
Integrity means messages cannot be changed (without detection) Availability means resources can be kept available against a determined attacker Security analysis often assumes all communications can be seen by an attacker and all methods are open. Risk Analysis must be done to balance the costs of security with the costs of a failure in security, Not related to Central Intelligence Agency. Just the tip of the iceberg -- consider a setup where a general is either going to send an “Stay vigilant” (do nothing message) or a battle plan, with a map, etc. -- the message can be perfectly unbreakable (confidential), unmodifiable (integrity), and unblockable (available) -- an attacker can still infer just from the size alone critical informaton. Security analysis is deep and requires thinking through many (infinite?) possibilities. As an aside, what’s the fix?

3 Authentication Authentication is a process that validates a user or device is who they claim to be Many Attacks are threats against authentication Passwords are a form of Authentication Digital Signatures offer another (upcoming)

4 Hashes (brief aside) There are many hash functions -- functions that take data and return some sort of value that describes the data Network packets have CRC (Cyclic Redundancy Checks) which are designed to check for bit-flips (0->1, 1->0) and many other types of alterations. There’s a third type, a cryptographic hash function, which returns a number and is quite robust to modification of the data -- it’s very hard to change data in a way that will yield an identical hash value. Also, parity check ( or mod 2)

5 Passwords, Good and Bad Passwords provide Authentication
Length is important (to a limit) Randomness is Better, both in selection and unrelated to you Password Reuse is problematic -- your password is only as strong as the weakest site you used it on. Hackers often target password lists -- they are valuable by themselves because of reuse Passwords should not ever be stored (they are hashed)

6 Typical Password Criteria
Contain six or more characters Contain at least one uppercase and one lowercase letter Contain at least one digit Contain at least one special character No dictionary words, No names or part of names

7 Symmetric Encryption Sender and Receiver have same Key
Problem with having a pre-shared key?

8 Substitution Cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Substitute the letters in the second row for the letters in the top row to encrypt a message Encrypt(COMPUTER) gives FRPSXWHU Substitute the letters in the first row for the letters in the second row to decrypt a message Decrypt(Encrypt(COMPUTER)) gives COMPUTER Above is just a Caesar cipher

9 (D)DOS, (Distributed Denial of Service) Attack
What happens if you send more data than a connection can handle? Answer: Packets get dropped If you flood a connection then it is possible to take down or seriously degrade a connection. Normally requires many uploading computer (1000s or more) Most major sites have a lot of connections and redundancy What CIA trait does this violate?

10 Attack: Social Engineering and Phishing
It is possible to have perfect (computer) security but still be vulnerable: If users can reduce security and be fooled into doing so, then the security is imperfect. Many hacks involve social engineering, which is the process of convincing a user to violate a security rule. Phishing is just social engineering through .

11 Malicious Code A computer program that attempts to bypass appropriate authorization and/or perform unauthorized functions Worm stands alone, targets network resources and servers Trojan horse disguised as benevolent resource Virus self-replicating Logic bomb set up to execute at system event (date or otherwise) (Vulnerabilities (Plain Old Mistakes): ) Word/Excel files can have code embedded. (vulnerabilites aren’t malicious, just dangerous)

12 Asymmetric Encryption
It is possible to send information one-way without a pre- shared secret key Often requires “obscure” math -- relies on problems that are known to be hard that can be made easy given extra knowledge, such as prime factorization

13 Asymmetric Key Generation

14 Asymmetric Encryption and Decryption

15 Digital Signatures and Certificates
(okay, now forget the lockbox and key metaphor for this…) It is possible to run some of the Asymmetric Key Algorithms backwards -- “sign” something with the private key and then check the signature by running the public key to get the result One problem remains: how do we know we have the public key of the person we believe we’re communicating with? (Imperfect) Solution: We get the public keys from “Certificate Authorities” who sign things on behalf of others -- the CA will verify the identity of the entity through more rigorous means decrypt(encrypt(msg)) == encrpyt(decrypt(message)) for some algorithms. Can sign programs and communications. Also, we generally sign the hash of the data… since it’s much smaller.

16 References [parts of slides and images from Textbook]: Dale, Nell B., and John Lewis. Computer science illuminated. Jones & Bartlett Learning, 2007.

Download ppt "Security."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Chapter 17 Computer Security. Chapter Goals Discuss the CIA triad List three types of authentication credentials Create secure passwords and assess the.

Chapter 17 Computer Security. Chapter Goals Discuss the CIA triad List three types of authentication credentials Create secure passwords and assess the.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.

Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
Types of Electronic Infection

Types of Electronic Infection
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.

Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Chapter 1 – Introduction Part 4 1. Message Authentication Codes Allows for Alice and Bob to have data integrity, if they share a secret key. Given a message.

Chapter 1 – Introduction Part 4 1. Message Authentication Codes Allows for Alice and Bob to have data integrity, if they share a secret key. Given a message.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.

Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Similar presentations

Ads by Google