1. CPS 001 32.1 Today’s topics Computer Applications Computer Security Upcoming Operating Systems ( Great Ideas, Chapter 10) Reading Great Ideas, Chapter 11

2. CPS 001 32.2 Computer Security: Problem  The Problem: Billions in Losses  Outright theft  Online scams  Viruses / Worms o Actual damage o Actions to avoid damage  Denial of Service  Etc.  Possible Traps (Public Systems ! ! ! )  Trojan Horse  Onlooker  Cameras

3. CPS 001 32.3 Computer Security: Defenses  Passwords  Using Secure Passwords  Keeping them Secure  Encryption  Simple  Strong  Good Practices  Like all fields, doing something stupid …  Tradeoffs  Is the cure worse than the disease?  Long Live Common Sense!

4. CPS 001 32.4 Good Passwords and Cracking  Briefcase (style) Combination Locks  Brute force methods: Try all combinations 1. Number of wheels 2. Number of position per wheel 3. Time per trial 4. How long does it take?  Contrast to BRUTE brute force method (Always Consider!)  Password on a computer  + More possibilities per “wheel”  + More “wheels” (often up to user)  - Computer based cracking faster!  - Dictionary attacks  Picking a good UNIX password

5. CPS 001 32.5 Encryption  When passwords fail, encryption can be fallback  Also provides extra level of difficulty  Security vs. Privacy  Many levels of encryption: Go through some of them  Single Alphabetic Substitution  Caesar: L FDPH, L VDZ, L FRQTXHUHG  Magic decoder ring?  Cryptoquote  Cracking single alphabetic substitution  Character frequency  (Length of text)

6. CPS 001 32.6 Encryption  Polyalphabetic Substitution  The Vignere Cypher  The Babbit Solution  Cypher Reuse !  One Time Pads  Can be Absolutely Secure  Computers and Random Number Generators ?!  The Key Exchange Problem  Threats  Using your “secure” channel  A padlock analogy  Diffie, Hellman, and Merkle solution

7. CPS 001 32.7 Public Key Encryption  Publishing the Key!  Another padlock analogy  Diffie Proposal (1975)  Rivest, Shamir, and Adleman (RSA)  Finally came up with a practical method that met the proposed specs  Widely used now  Based on factoring (not being able to factor!)  Primes and Factoring  Examples of primes  How to factor into primes  For large numbers it is very hard

8. CPS 001 32.8 Public Key Encryption  Going through an RSA example  Public key: N, K Private key: G Message: M  RSA : C = (M^K)%N M = (C^G)%N  Remainder operator (modulus) % o Wrap around property o Clock or odometer analogy  Follow example in Text...  Breaking the Code  Factoring  Digital Signatures  Using Private Key and Public Key  Replay attack !  Time (analogy: newspaper in hostage picture)

9. CPS 001 32.9 Politics of Strong Encryption  These unbreakable* methods called Strong Encryption  *more or less  Is any method perfect?  Government tried to keep them from getting out  Encryption classified as a munition  Export restrictions...  Anecdotes  PGP – Pretty Good Privacy  Zimmerman  Legal challenges  Cat out of the bag  Recent silence from government  Has the NSA cracked it?

10. CPS 001 32.10 Other Attacks (buzz words)  Many leave no trace  Password Cracking  Considered earlier  IP Spoofing  Weakness in TCP/IP; modern code deals with it  Replay Attack  Saw in Digital Signature discussion  Applies in many situations  (copy of your key made at hardware store)  Man in the Middle  Typically hardware attack  Denial of Service

11. CPS 001 32.11 Whom can you trust?  How to avoid Viruses and Worms  Most infections occur when trying to run unknown  Mail or other communications programs the vector  Trapdoors  Free software may have its price  Common Sense  Consider alternatives  The human factor  Gun to the head method  The Strong Encryption Trap  Forget that password?  Bye – bye !