Presentation is loading. Please wait.

Presentation is loading. Please wait.

INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 14 Prof. Crista Lopes.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 14 Prof. Crista Lopes."— Presentation transcript:

1 INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 14 Prof. Crista Lopes

2 Objectives  Understanding threats to security in decentralized systems  Understanding basic mechanisms for security on the Internet  Firewalls  SSL/TLS  HTTPS

3 Decentralization  No centralized authority to coordinate and control entities  Independent peers, with possibly conflicting goals, interact with each other and make local autonomous decisions  Presence of malicious peers in open decentralized applications  Need for measures to protect peers against malicious attacks

4 Security  “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”  National Institute of Standards and Technology

5 Security Computer systems include the people using the computers. Many security threats exploit the human [good] nature.

6 Security  Confidentiality  Preserving the confidentiality of information means preventing unauthorized parties from accessing the information or perhaps even being aware of the existence of the information. I.e., secrecy.  Integrity  Maintaining the integrity of information means that only authorized parties can manipulate the information and do so only in authorized ways.  Availability  Resources are available if they are accessible by authorized parties on all appropriate occasions.

7 Trust  Who do you trust? For what functions?  Trust is not a binary concept! Nor static!  If trust is high  Security measures can be lowered  If trust is low  Security measures must be ramped up No trust Blind trust

8 Trust & Security  What security measures?  Security is not necessarily machine-bound  Depending on many tradeoffs  Security measures can be technological  Upon limited trust  Security measures may be social Punitive measures for breach of trust Computer measures Social measures

9 Well-Known Threats Well-Known Solutions Computer Security

10 Computer Security in Practice  A never-ending game of Vulnerability; Attack; Fix; Repeat  There’s no such thing as a completely secure system  Know your system’s goals and requirements, set security investment accordingly

11 Integrity of Computer Systems  Firewalls  “part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria.”  Basic task is to regulate some of the flow of traffic between computer networks of different trust levels.  Software and/or hardware

12 Firewalls: The problem  Computers inside a local area network (LAN) run applications that assume a high-level of trust within that LAN, but that trust does not hold wrt the rest of the Internet

13 Types of Firewalls  Packet filters: Operate at UDP/TCP/IP level  Traffic filtering based on properties such as: Source IP address & port, Destination IP address & port Application-level protocols, …  Application-layer  Knowledge of services (WWW, FTP, Naspter)  May have knowledge of users  On inspecting all packets for improper content, firewalls can restrict or prevent the spread of networked computer worms and trojans

14 Integrity Threat: Botnets Bots are installed on victims’ computers via unsuspecting acts like installing goodies, unziping files, etc. Bots talk to master using unsuspecting channels such as IRC, Twitter, IM, etc. Very hard to fight

15 Confidentiality of Data  Cryptography  Steganography  On the Internet  Secure Socket Layer / Transport Layer Security  HTTPS

16 Cryptography  Encryption: converts human-parseable information into unintelligible gibberish  Decryption: the opposite  Cypher: pair of algorithms for encrypting and decrypting information  Ancient “art” used prominently in WWII

17 MD5 Hashes  Message Digest algorithm 5  Transforms an arbitrary-length message into a 128-bit value  One way function  Used widely for everyday cryptography  Proved not very secure, collisions

18 MD5 Hashes  MD5(" The quick brown fox jumps over the lazy dog ") = 9e107d9d372bb6826bd81d3542a419d6  MD5(" The quick brown fox jumps over the lazy dog. ") = e4d909c290d0fb1ca068ffaddf22cbd0

19 Typical MD5 use  Password encryption for storage and network  Example: OpenSim passwords  http://beta.opensimulator.org/node/56 http://beta.opensimulator.org/node/56

20 Dictionary Attack  Attempt at deciphering passwords by using words from a dictionary  Brute-force or probabilistic  Given 9e107d9d372bb6826bd81d3542a419d6  Try MD5(words) and compare the hash

21 Dictionary Attack Counter-Measure  Salts: append MD5(password) with an arbitrary (long) number, and hash that  Result = MD5(MD5(password) : salt)  Need to keep the salt around for password verification  Example: OpenSim passwords

22 Main Lesson about Passwords  Avoid transmitting and storing naked passwords!  Next: transmitting confidential data over the Internet

23 Remember Wifi? POST /wifi/login HTTP/1.1 Hostname: … Content-Type: … Content-Length: … METHOD=login&firstname=foo&lastname=bar&password=hereismypassword Naked transmission!

24 Attacks  Eavesdropping  Remember all routing that happens on the Internet  Man-in-the-middle  Malicious server pretends to be target server

25 Encryption of data  JavaScript-encrypt before sending  Application overhead  Use Transport Layer Security (TLS)

26 SSL/TLS  Extra pieces of transport-layer protocol for negotiating cyphers and ensuring authentication of the server  Bottom line:  Payload data is encrypted before sending, decrypted upon reception

27 HTTPS = HTTP + SSL/TLS POST /wifi/login HTTP/1.1 Hostname: … Content-Type: … Content-Length: … METHOD=login&firstname=foo&lastname=bar &password=hereismypassword Unintelligible gibberish

28 HTTPS = HTTP + SSL/TLS  https:// instead of http://  Uses port 443 by default instead of port 80

Download ppt "INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 14 Prof. Crista Lopes."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 19 Prof. Crista Lopes.

INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 19 Prof. Crista Lopes.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 17 Prof. Crista Lopes.

INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 17 Prof. Crista Lopes.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Security potpourri INF 123 – Software architecture (Slides from Dick Taylor and Crista Lopes) 1.

Security potpourri INF 123 – Software architecture (Slides from Dick Taylor and Crista Lopes) 1.

Similar presentations

Ads by Google