Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Published byJarred Hoose Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”"— Presentation transcript:

1

2 Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”  Lewis Carroll, Alice in Wonderland

3 Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad “guy”  Trudy is our generic “intruder”

4 Chapter 1  Introduction 3 Alice’s Online Bank  Alice opens Alice’s Online Bank (AOB)  What are Alice’s security concerns?  If Bob is a customer of AOB, what are his security concerns?  How are Alice’s and Bob’s concerns similar? How are they different?  How does Trudy view the situation?

5 Chapter 1  Introduction 4 CIA  CIA == Confidentiality, Integrity, and Availability  AOB must prevent Trudy from learning Bob’s account balance  Confidentiality: prevent unauthorized reading of information o Cryptography used for confidentiality

6 Chapter 1  Introduction 5 CIA  Trudy must not be able to change Bob’s account balance  Bob must not be able to improperly change his own account balance  Integrity: detect unauthorized writing of information o Cryptography used for integrity

7 Chapter 1  Introduction 6 CIA  AOB’s information must be available whenever it’s needed  Alice must be able to make transaction o If not, she’ll take her business elsewhere  Availability: Data is available in a timely manner when needed  Availability is a “new” security concern o Denial of service (DoS) attacks

8 Chapter 1  Introduction 7 Beyond CIA: Crypto  How does Bob’s computer know that “Bob” is really Bob and not Trudy?  Bob’s password must be verified o This requires some clever cryptography  What are security concerns of pwds?  Are there alternatives to passwords?

9 Chapter 1  Introduction 8 Beyond CIA: Protocols  When Bob logs into AOB, how does AOB know that “Bob” is really Bob?  As before, Bob’s password is verified  Unlike the previous case, network security issues arise  How do we secure network transactions? o Protocols are critically important o Crypto plays a major role in security protocols

10 Chapter 1  Introduction 9 Beyond CIA: Access Control  Once Bob is authenticated by AOB, then AOB must restrict actions of Bob o Bob can’t view Charlie’s account info o Bob can’t install new software, and so on…  Enforcing these restrictions: authorization  Access control includes both authentication and authorization

11 Chapter 1  Introduction 10 Beyond CIA: Software  Cryptography, protocols, and access control are implemented in software o Software is foundation on which security rests  What are security issues of software? o Real-world software is complex and buggy o Software flaws lead to security flaws o How does Trudy attack software? o How to reduce flaws in software development? o And what about malware?

12 Chapter 1  Introduction 11 Your Textbook  The text consists of four major parts o Cryptography o Access control o Protocols o Software  We’ll focus on technical issues  But, people cause lots of problems…

13 The People Problem  People often break security o Both intentionally and unintentionally o Here, we consider an unintentional case  For example, suppose you want to buy something online o Say, Information Security: Principles and Practice, 2 nd edition from amazon.com Chapter 1  Introduction 12

14 The People Problem  To buy from amazon.com… o Your browser uses the SSL protocol o SSL relies on cryptography o Many access control issues arise o All security mechanisms are in software  Suppose all of this security stuff works perfectly o Then you would be safe, right? Chapter 1  Introduction 13

15 The People Problem  What could go wrong?  Trudy tries man-in-the-middle attack o SSL is secure, so attack does not “work” o But, Web browser warns of problem o What do you, the user, do?  If user ignores warning, attack works! o None of the security mechanisms failed o But user unintentionally broke security Chapter 1  Introduction 14

16 Chapter 1  Introduction 15 Cryptography  “Secret codes”  The book covers o Classic cryptography o Symmetric ciphers o Public key cryptography o Hash functions++ o Advanced cryptanalysis

17 Chapter 1  Introduction 16 Access Control  Authentication o Passwords o Biometrics o Other methods of authentication  Authorization o Access Control Lists/Capabilities o Multilevel security (MLS), security modeling, covert channel, inference control o Firewalls, intrusion detection (IDS)

18 Chapter 1  Introduction 17 Protocols  “Simple” authentication protocols o Focus on basics of security protocols o Lots of applied cryptography in protocols  Real-world security protocols o SSH, SSL, IPSec, Kerberos o Wireless: WEP, GSM

19 Chapter 1  Introduction 18 Software  Security-critical flaws in software o Buffer overflow o Race conditions, etc.  Malware o Examples of viruses and worms o Prevention and detection o Future of malware?

20 Chapter 1  Introduction 19 Software  Software reverse engineering (SRE) o How hackers “dissect” software  Digital rights management (DRM) o Shows difficulty of security in software o Also raises OS security issues  Software and testing o Open source, closed source, other topics

21 Chapter 1  Introduction 20 Software  Operating systems o Basic OS security issues o “Trusted OS” requirements o NGSCB: Microsoft’s trusted OS for the PC  Software is a BIG security topic o Lots of material to cover o Lots of security problems to consider o But not nearly enough time…

22 Chapter 1  Introduction 21 Think Like Trudy  In the past, no respectable sources talked about “hacking” in detail o After all, such info might help Trudy  Recently, this has changed o Lots of info on network hacking, malware, how to hack software, etc. o Classes teach virus writing, SRE, etc.

23 Chapter 1  Introduction 22 Think Like Trudy  Good guys must think like bad guys!  A police detective… o …must study and understand criminals  In information security o We want to understand Trudy’s methods o We might think about Trudy’s motives o We’ll often pretend to be Trudy

24 Chapter 1  Introduction 23 Think Like Trudy  Is it a good idea to discuss security problems and attacks?  Bruce Schneier, referring to Security Engineering, by Ross Anderson: o “It’s about time somebody wrote a book to teach the good guys what the bad guys already know.”

25 Chapter 1  Introduction 24 Think Like Trudy  We must try to think like Trudy  We must study Trudy’s methods  We can admire Trudy’s cleverness  Often, we can’t help but laugh at Alice’s and/or Bob’s stupidity  But, we cannot act like Trudy o Except in this class… o And even then, there are limits

26 Chapter 1  Introduction 25 In This Course…  Think like the bad guy  Always look for weaknesses o Find the weak link before Trudy does  It’s OK to break the rules o What rules?  Think like Trudy  But don’t do anything illegal!

Download ppt "Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”"

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lecture 1: Information Security Overview SYCS 653 – Fall 2009 Wayne Patterson.

Lecture 1: Information Security Overview SYCS 653 – Fall 2009 Wayne Patterson.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.

CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.

Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.

Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.

Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Similar presentations

Ads by Google