Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 1  Introduction 1 Chapter 1: Introduction.

Published byMallory Dooling Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 1  Introduction 1 Chapter 1: Introduction."— Presentation transcript:

1

2 Chapter 1  Introduction 1 Chapter 1: Introduction

3 2 Organization  Lectures  Homework o Several homeworks with a few correction sessions  Quiz o Several quizzes  Mid-term exam  Final Exam  Grading

4 3 Exams and Grading  Mid-term: 35%  Final exam: 40%  Homeworkes : 20%  Quizzes (bonus): 10% Note: The number of quizzes vastly exceeds the required minimum. There is no replacement for the quizzes.

5 Chapter 1  Introduction 4 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad “guy”  Trudy is our generic “intruder”

6 Chapter 1  Introduction 5 Alice’s Online Bank  Alice opens Alice’s Online Bank (AOB)  What are Alice’s security concerns?  If Bob is a customer of AOB, what are his security concerns?  How are Alice’s and Bob’s concerns similar? How are they different?  How does Trudy view the situation?

7 Chapter 1  Introduction 6 CIA  CIA == Confidentiality, Integrity, and Availability  AOB must prevent Trudy from learning Bob’s account balance  Confidentiality: prevent unauthorized reading of information o Cryptography used for confidentiality

8 Chapter 1  Introduction 7 CIA  Trudy must not be able to change Bob’s account balance  Bob must not be able to improperly change his own account balance  Integrity: detect unauthorized writing of information o Cryptography used for integrity

9 Chapter 1  Introduction 8 CIA  AOB’s information must be available whenever it’s needed  Alice must be able to make transaction o If not, she’ll take her business elsewhere  Availability: Data is available in a timely manner when needed  Availability is a “new” security concern o Denial of service (DoS) attacks

10 Chapter 1  Introduction 9 Beyond CIA: Crypto  How does Bob’s computer know that “Bob” is really Bob and not Trudy?  Bob’s password must be verified o This requires some clever cryptography  What are security concerns of pwds?  Are there alternatives to passwords?

11 Chapter 1  Introduction 10 Beyond CIA: Protocols  When Bob logs into AOB, how does AOB know that “Bob” is really Bob?  As before, Bob’s password is verified  Unlike the previous case, network security issues arise  How do we secure network transactions? o Protocols are critically important o Crypto plays critical role in protocols

12 Chapter 1  Introduction 11 Beyond CIA: Access Control  Once Bob is authenticated by AOB, then AOB must restrict actions of Bob o Bob can’t view Charlie’s account info o Bob can’t install new software, etc.  Enforcing these restrictions: authorization  Access control includes both authentication and authorization

13 Chapter 1  Introduction 12 Beyond CIA: Software  Cryptography, protocols, and access control are implemented in software  What are security issues of software? o Real world software is complex and buggy o Software flaws lead to security flaws o How does Trudy attack software? o How to reduce flaws in software development? o And what about malware?

14 Chapter 1  Introduction 13 Your Textbook  The text consists of four major parts o Cryptography o Access control o Protocols o Software  Note: Our focus is on technical issues

15 The People Problem  People often break security o Both intentionally and unintentionally o Here, we consider the unintentional  For example, suppose you want to buy something online o To make it concrete, suppose you want to buy Information Security: Principles and Practice, 2 nd edition from amazon.com Chapter 1  Introduction 14

16 The People Problem  To buy from amazon.com… o Your Web browser uses SSL protocol o SSL relies on cryptography o Access control issues arise o All security mechanisms are in software  Suppose all of this security stuff works perfectly o Then you would be safe, right? Chapter 1  Introduction 15

17 The People Problem  What could go wrong?  Trudy tries man-in-the-middle attack o SSL is secure, so attack doesn’t “work” o But, Web browser issues a warning o What do you, the user, do?  If user ignores warning, attack works! o None of the security mechanisms failed o But user unintentionally broke security Chapter 1  Introduction 16

18 Chapter 1  Introduction 17 Cryptography  “Secret codes”  The book covers o Classic cryptography o Symmetric ciphers o Public key cryptography o Hash functions++ o Advanced cryptanalysis

19 Chapter 1  Introduction 18 Access Control  Authentication o Passwords o Biometrics o Other methods of authentication  Authorization o Access Control Lists/Capabilities o Multilevel security (MLS), security modeling, covert channel, inference control o Firewalls, intrusion detection (IDS)

20 Chapter 1  Introduction 19 Protocols  “Simple” authentication protocols o Focus on basics of security protocols o Lots of applied cryptography in protocols  Real-world security protocols o SSH, SSL, IPSec, Kerberos o Wireless: WEP, GSM

21 Chapter 1  Introduction 20 Software  Security-critical flaws in software o Buffer overflow o Race conditions, etc.  Malware o Examples of viruses and worms o Prevention and detection o Future of malware?

22 Chapter 1  Introduction 21 Software  Software reverse engineering (SRE) o How hackers “dissect” software  Software and testing o Open source, closed source, other topics

23 Chapter 1  Introduction 22 Software  Operating systems o Basic OS security issues o “Trusted OS” requirements  Software is a BIG security topic o Lots of material to cover o Lots of security problems to consider o But not nearly enough time available…

24 Chapter 1  Introduction 23 Think Like Trudy  In the past, no respectable sources talked about “hacking” in detail o After all, such info might help Trudy  Recently, this has changed o Lots of books on network hacking, evil software, how to hack software, etc. o Classes teach virus writing, SRE, etc.

25 Chapter 1  Introduction 24 Think Like Trudy  Good guys must think like bad guys!  A police detective… o …must study and understand criminals  In information security o We want to understand Trudy’s methods o Might think about Trudy’s motives o We’ll often pretend to be Trudy

26 Chapter 1  Introduction 25 Think Like Trudy  We must try to think like Trudy  We must study Trudy’s methods  We can admire Trudy’s cleverness  Often, we can’t help but laugh at Alice’s and/or Bob’s stupidity  But, we cannot act like Trudy o Except in this class…

27 Chapter 1  Introduction 26 In This Course…  Think like the bad guy  Always look for weaknesses o Find the weak link before Trudy does  It’s OK to break the rules o What rules?  Think like Trudy  But don’t do anything illegal!

Download ppt "Chapter 1  Introduction 1 Chapter 1: Introduction."

Similar presentations

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lecture 1: Information Security Overview SYCS 653 – Fall 2009 Wayne Patterson.

Lecture 1: Information Security Overview SYCS 653 – Fall 2009 Wayne Patterson.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.

CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.

Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.

Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Data Security 101 Part 1: PKI and SSL. Reading First, read the VeriSign case, –page 294-297 Second, read section 5.3 –pages 268-279 Finally, briefly skim.

Data Security 101 Part 1: PKI and SSL. Reading First, read the VeriSign case, –page Second, read section 5.3 –pages Finally, briefly skim.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.

Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
CMSC 414 Computer (and Network) Security Jonathan Katz.

CMSC 414 Computer (and Network) Security Jonathan Katz.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

Similar presentations

Ads by Google