Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITR3 lecture 5: Free software, Cryptogaphy, Linux Thomas Krichel 2002-10-16.

Published bySilvester Fletcher Modified over 9 years ago

Similar presentations

Presentation on theme: "ITR3 lecture 5: Free software, Cryptogaphy, Linux Thomas Krichel 2002-10-16."— Presentation transcript:

1 ITR3 lecture 5: Free software, Cryptogaphy, Linux Thomas Krichel 2002-10-16

2 Structure Principles of cryptography –ssh –putty Playing around with Linux Free Software

3 Cryptography

4 Introduction A subject with a very colorful history. In the past cryptography mainly used by military, diplomatic corps, diarists and lovers. For the military, difficulty of encryption in the battlefield was main problem. Original data, called “plaintext” is transformed by a function parameterized by a “key”, to get “cyphertext”. The art of finding the way to get from the cyphertext to the plain text is called cryptanalysis. We assume that the cryptanalyst knows the general method, but does not know the key. Cryptanalysts one of three types of problems –cyphertext only –known plaintext –chosen plaintext

5 Tradition methods Substitution ciphers keep letters in the same position but replace each letter of the alphabet with another. Transposition ciphers keep each letter as it is but shovels the letters around. We need some redundant data in the ciphertext in order to deter active intruders from generating bogus message but the more redundant data in the plain text makes it easier for passive intruders. Main problem: keeping the key secret.

6 Diffie and Hellman (1978) Let P be the plaintext, C be the cyphertext. E() is the encryption key and D() is the decryption key. Then we have public key cryptography if –1. D(E(P))=P –2. E() can not be broken by chosen plaintext attack –3. Knowing E() will give you no clue about D(). E can then be made public and is referred to as the public key, D() is the private key. It is possible to find key pairs that have these properties.

7 Authentication I want to securely login to a host machine. I send the hast an encrypted message ``hey, I am Thomas, my public key is blahblahblah.'' Machine then knows how to send me messages that other people can not decode. But it can not be sure that it was me who sent the message. Lynn may have done that since me public key is public. It therefore encodes a random number, and challenges me to decode that number. This is a challenge-response system.

8 After challenge/response My software and the host will agree on a session key to use to encrypt all communication. Thus the communication is encoded using simple cryptography because that is less intensive.

9 If Lynn is really evil Then she operates a clone of the host I want to talk to, and redirects my communication to the clone, rather than to the host that I want to talk to. This is called a “man-in-the-middle” attack. Therefore hosts issues a key, too. I can compare the host key issued with a list of keys that I already know, and challenge any host. But on first connection, I do not know the host key, so I have to take it on trust.

10 Ssh, an implementation The secure shell ssh is an implementation of public-key cryptography mainly on UNIX and Co systems. Version 1 and 2 exist. ssh-keygen –t rsa generate a public and private key in.ssh/.ssh/authorized_keys is a list of keys that are allowed to login to the account without password

11 putty Is a free ssh client for windows machines. Get it and install it.

12 Why is buying software different than buying a car?

13 Software anatomy Software can be distributed in two ways –Binary code –Source code Sometimes both are available

14 Binary code Looks like this ^?ELF^A^A^A^@^@^@^@^@^@^@^@^@^B^@^C^@ ^A^@^@^@p ^4^@^@^@X=^G^@^@^@^@^@4^ @@^F^@(^@^_^@^\^@^F^@^@^@4^@^@^@4 ^ 4 ^À^@^@^@À^@^@^@^E^@^@^@^D^@^@^@^ C^@^@^@ô^@^@^@ô ^ô ^^S^@^@^@^S^@ ^@^@^D^@^@^@^A^@^@^@^A^@^@^@^@^@^@^ @^@ ^^@ ^òÞ^B^@òÞ^B^@^E^@^@^@^@^ P^@^@^A^@^@^@øÞ^B^@øn^øn^¨^K^@^@ìÈ^@^@^ F^@^@^@^@^P^@^@^B^@^@^@$è^B^@$x^$x^Ð^@ ^@^@Ð^@^@^@^F^@^@^@^D

15 Binary code It will run on a compute with one operating system, may not run on a computer with another. It can not be modified. It is difficult to find out what it does.

16 Source code /* For now, don't try to include termcap.h. On some systems, configure finds a non-standard termcap.h that the main build won't find. */ #if defined HAVE_TERMCAP_H && 0 #include #else extern void tputs P_ ((const char *, int, int (*)(int))); extern int tgetent P_ ((char *, const char *)); extern int tgetflag P_ ((char *id)); extern int tgetnum P_ ((char *id)); #endif

17 Source code This is human (geek) readable code. May be understood by humans. Can be changed. Needs a compiler software to translate it to translate it to binary code, for every type of machine where it needs to run.

18 One upon a time Early 80s, MIT lab get a printer as a shared resource, but with faulty driver software that leads the printer to be jammed. Richard Stallman tries to get the source code to change the driver software, but can not get it. Decides to work for software freedom. Founds Free Software Foundation FSF. Resigns from MIT AI lab to work on a free replacement of UNIX. Wrote important parts of UNIX replacement

19 Stallman’s theory of 4 freedoms Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software. It implies –The freedom to run the program, for any purpose (freedom 0). –The freedom to study how the program works, and adapt it to your needs (freedom 1). –The freedom to redistribute copies so you can help your neighbor (freedom 2). –The freedom to improve the program, and release your improvements to the public, so that the whole community benefits. (freedom 3). Access to the source code is a precondition for freedom 1 and 3. For that reason, some people refer to free software as open source software.

20 GNU public license GNU is not UNIX Its license is the most famous among a group of licenses for free software. License to implement the four freedoms. Key idea: The licensee is not allowed to impose restrictions on the code that (s)he has developed from the code that she received. Such software is know as “copylefted” software.

21 Free speech and free beer “Public domain software”, not copyrighted, but modified copies may not be free. “Copy-lefted free software”, comes with the permission to use and modify, but prohibits adding further restrictions to the distribution. “Non-copylefted free software”, comes with the permission to use, modify and add restrictions of distribution. “Semi-free software” comes with permission for individuals to use, copy, distribute, and modify (including distribution of modified versions) for non-profit purposes. “Proprietary software”, is not free or semi-free. “Shareware”, comes with a permission to distribute but users have to pay a fee. “Freeware” has no agreed meaning. “Commercial software” is software written to make a profit from its use. There is such a thing as commercial free software.

22 Debian Is a distribution of free software that provides an operating system and application programs Named after Deborah and Ian Jackson Uses the Linux kernel, but could run with other kernels Uses mainly GNU software Therefore also called Debian GNU/Linux

23 Debian social contact Debian Will Remain 100% Free Software We Will Give Back to the Free Software Community We Won't Hide Problems Our Priorities are Our Users and Free Software Programs That Don't Meet Our Free- Software Standards –Are distributed as well

24 Debian free software license Free Redistribution –The license of a Debian component may not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. – The license may not require a royalty or other fee for such sale. Source Code –The program must include source code, and must allow distribution in source code as well as compiled form. Derived Works –The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software. Integrity of The Author's Source Code –The license may restrict source-code from being distributed in modified form _only_ if the license allows the distribution of "patch files" with the source code for the purpose of modifying the program at build time. – The license must explicitly permit distribution of software built from modified source code. – The license may require derived works to carry a different name or version number from the original software.

25 Debian free software guidelines No Discrimination Against Persons or Groups –The license must not discriminate against any person or group of persons. No Discrimination Against Fields of Endeavor –The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research. Distribution of License –The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties. License Must Not Be Specific to Debian –The rights attached to the program must not depend on the program's being part of a Debian system. If the program is extracted from Debian and used or distributed without Debian but otherwise within the terms of the program's license, all parties to whom the program is redistributed should have the same rights as those that are granted in conjunction with the Debian system. License Must Not Contaminate Other Software –The license must not place restrictions on other software that is distributed along with the licensed software. For example, the license must not insist that all other programs distributed on the same medium must be free software. Example Licenses –The "GPL", "BSD", and "Artistic" licenses are examples of licenses that we consider "free".GPLBSDArtistic

26 Debian releases Debian always has at least three releases in active maintenance: “stable”, “testing” and ``unstable”. stable –The “stable” distribution contains the latest officially released distribution of Debian. This is the production release of Debian, the one which we primarily recommend using. testing –The “testing” distribution contains packages that haven't been accepted into a ``stable'' release yet, but they are in the queue for that. The main advantage of using this distribution is that it has more recent versions of software, and the main disadvantage is that it's not completely tested and has no official support from Debian security team. See the Debian FAQ for more information on what is ``testing'' and how it becomes ``stable''.Debian FAQwhat is ``testing''how it becomes ``stable'' unstable –The ``unstable'' distribution is where active development of Debian occurs. Generally, this distribution is run by developers and those who like to live on the edge. Each release has a name, usually from the toy story, an animation movie picture.

27 http://openlib.org/home/krichel Thank you for your attention!

Download ppt "ITR3 lecture 5: Free software, Cryptogaphy, Linux Thomas Krichel 2002-10-16."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
The Web Wizards Guide to Freeware/Shareware Chapter Six Open Source Software.

The Web Wizards Guide to Freeware/Shareware Chapter Six Open Source Software.
Free Beer and Free Speech Thomas Krichel

Free Beer and Free Speech Thomas Krichel
A Lawyer Looks at the Open Source Revolution Robert W. Gomulkiewicz Director, Intellectual Property Law & Policy Program Associate Professor of Law University.

A Lawyer Looks at the Open Source Revolution Robert W. Gomulkiewicz Director, Intellectual Property Law & Policy Program Associate Professor of Law University.
What is GNU/Linux (Not Linux!)? David Sudjiman davidsudjiman (at) yahoo (dot) com The latest version of this document can.

What is GNU/Linux (Not Linux!)? David Sudjiman davidsudjiman (at) yahoo (dot) com The latest version of this document can.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
Copyleft and cathedrals How the counterculture is changing the way we do business.

Copyleft and cathedrals How the counterculture is changing the way we do business.
GNU, Linux and Open Source GNUKernel GNU/ Linux OpenSource.

GNU, Linux and Open Source GNUKernel GNU/ Linux OpenSource.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Introduction to Linux Chapter 1. Operating Systems Operating System (OS) - most basic and important software on a computer Performs core tasks Organize.

Introduction to Linux Chapter 1. Operating Systems Operating System (OS) - most basic and important software on a computer Performs core tasks Organize.
How Is Open Source Affecting Software Development? Je-Loon Yang.

How Is Open Source Affecting Software Development? Je-Loon Yang.
Open Source Software Licensing: Software And it’s Components SEAN KENEFICK.

Open Source Software Licensing: Software And it’s Components SEAN KENEFICK.
COMP 6005 An Introduction To Computing Session Two: Computer Software Acquiring Software.

COMP 6005 An Introduction To Computing Session Two: Computer Software Acquiring Software.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
CHAPTER 6 OPEN SOURCE SOFTWARE AND FREE SOFTWARE

CHAPTER 6 OPEN SOURCE SOFTWARE AND FREE SOFTWARE
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.

OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.

Similar presentations

Ads by Google