Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 201 Introduction to Information Security Fall 2010 Data Protection.

Published byBarbara Stanley Modified over 9 years ago

Similar presentations

Presentation on theme: "CSCE 201 Introduction to Information Security Fall 2010 Data Protection."— Presentation transcript:

1 CSCE 201 Introduction to Information Security Fall 2010 Data Protection

2 CSCE 201 - Farkas22 Reading assignments Required for this class: – D. Cross, Data Protection and Recovery in Windows XP, http://technet.microsoft.com/en-us/library/bb457020.aspx http://technet.microsoft.com/en-us/library/bb457020.aspx – M. Horowitz The Safest Way to Protect Sensitive Computing Files, August 24, 2009, http://www.esecurityplanet.com/views/article.php/38358 61/article.htm http://www.esecurityplanet.com/views/article.php/38358 61/article.htm – Wikipedia, Encryption, http://en.wikipedia.org/wiki/Encryption http://en.wikipedia.org/wiki/Encryption

3 CSCE 201 - Farkas3 Sensitive Files Must be protected from – Hackers – Other users What to protect and at what level  security policy How to protect  security policy

4 CSCE 201 - Farkas4 Security Mechanism Several alternatives Which one to choose? – Level of assurance – User’s preferences (familiarity, ease of use, recommendations, etc.) – User’s technical knowledge – Availability – Financial considerations – Etc.

5 CSCE 201 - Farkas5 Data Protection via Operating System Microsoft® Windows® XP provides many enhancements in the area of data protection – Encrypting File System (EFS) – Data Recovery Agents (DRA) Best Practices Note: EFS is only available on Windows XP Professional; it is not supported on Windows XP Home Edition

6 What is Encryption? How secure it is? Can you decrypt the followings? HAY?OROWEU How are you? Hello

7 CSCE 201 - Farkas7 Insecure communications Sender Snooper Recipient Insecure channel Confidential

8 CSCE 201 - Farkas8 Terminology  Plaintext (cleartext): a message in its original form  Ciphertext (cyphertext): an encrypted message  Encryption: transformation of a message to hide its meaning  Cipher: cryptographic algorithm. A mathematical function used for encryption (encryption algorithm) and decryption (decryption algorithm).

9 CSCE 201 - Farkas9 Terminology  Decryption: recovering meaning from ciphertext  Cryptography: art and science of keeping messages secure  Cryptanalysis: art and science of breaking ciphertext  Cryptology: study of both cryptography and cryptanalysis

10 CSCE 201 - Farkas10 Lecture 4 Encryption and Decryption Plaintext EncryptionDecryption Ciphertext Additional requirements : Authentication Between communicating parties Third-party authentication Non-repudiation Integrity verification Key distribution Secret key (secure distribution) Public key (reliable distribution)

11 CSCE 201 - Farkas11 Lecture 4 Cryptanalysis Cryptanalyst’s goal: – Break message – Break key – Break algorithm

12 Secret Key Encryption (Symmetric key, Traditional)

13 CSCE 201 - Farkas13 Lecture 4 Secret Key Cryptosystem Encryption Decryption Plaintext Ciphertext K SenderRecipient C=E(K,M) M=D(K,C) K needs secure channel

14 CSCE 201 - Farkas14 Lecture 4 Basic Encryption Techniques Substitution (confusion) Permutation (diffusion) Combinations and iterations of these

15 CSCE 201 - Farkas15 Lecture 4 Simple Alphabetic Substitution Assign a new symbol to each plain text symbol randomly or by key, e.g., C  k, A  h, B  l M=CAB C =k h l  Advantages: large key space 26!  Disadvantages: trivially broken for known plaintext attack, repeated pattern, letter frequency distributions unchanged

16 CSCE 201 - Farkas16 Lecture 4 Transposition Letters of the message are rearranged Break patterns, e.g., columnar transposition Plaintext: this is a test t h i s i s a ttiehssiatst! e s t ! Advantages: easy to implement Disadvantages:  Trivially broken for known plaintext attack  Easily broken for cipher only attack

17 CSCE 201 - Farkas17 Symmetric Key Encryption Algorithms Data Encryption Standard (DES) Advanced Encryption Standard (AES)

18 CSCE 201 - Farkas18 Public-Key Encryption Two keys – one is private one is public Solves the key distribution problem (but need reliable channel) Provides electronic signatures Slower than secret-key encryption

19 CSCE 201 - Farkas19 Public-Key Encryption Needed for security: – One of the keys must be kept secret – Impossible (at least impractical) to decipher message if no other information is available – Knowledge of algorithm, one of the keys, and samples of ciphertext must be insufficient to determine the other key

20 CSCE 201 - Farkas20 Confidentiality A Sender B Recipient Insecure channel Plaintext Ciphertext Encryption Alg. Decryption Alg. B’s public key B’s private key (need reliable channel)

21 CSCE 201 - Farkas21 Public Key Cryptosystem Concept conceived by Diffie and Hellman in 1976 Rivest, Shamir, and Adleman (RSA) describe a public key system in 1978 Many proposals have been broken e.g., Merkle-Hellman proposal broken by Shamir Serious candidates (public domain) – RSA – El Gamal

22 CSCE 201 - Farkas22 Digital Signatures in RSA A B Insecure channel Plaintext Signed plaintext Encryption Alg. Decryption Alg. A’s public keyA’s private key (need reliable channel) SignVerify

23 CSCE 201 - Farkas23 Signature and Encryption D EDE A B Plaintext Signed Plaintext Signed Plaintext Encrypted Signed Plaintext A’s private key B’s public key B’s private key A’s public key

24 CSCE 201 - Farkas24 Hash Functions Hash function h maps an input x of arbitrary length to a fixed length output h(x) (compression) Accidental or intentional change to the data will change the hash value Given h and x, h(x) is easy to compute (ease of computation)

25 CSCE 201 - Farkas25 Hash functions Preimage resistant (one-way): if for all specified outputs, it is computationally infeasible to find any input that hashes to that output Second-preimage resistent (weak collision resistant): if it is computationally infeasible to find any second input which has the same output as any specified input Collision resistant (strong collision resistant): if it is computationally infeasible to find any two distinct inputs that has the same output

26 CSCE 201 - Farkas26 Attacks First preimage attack: given a hash h, find a message m such that hash(m) = h Second preimage attack: given a fixed message m1, find a different message m2 such that hash(m2) = hash(m1) Attack complexity: 2 n (considered too high for a typical output size of n=160 bits) Practical attacks: Collision attack

27 Use of Encryption for Data Protection

28 CSCE 201 - Farkas28 Data Recovery A process by which individual data elements such as files or folders are encrypted for more than one person or entity Windows XP operating system: symmetrically encrypted data blocks The symmetric key being protected by one or more public keys of a public/private key pair

29 CSCE 201 - Farkas29 Encrypting File System (EFS) Provides file system-level encryption Enables files to be transparently encrypted on NTFS file systems Protects confidential data from attackers with physical access to the computer While the operating system is running: User authentication and access control lists Attacker gains physical access to the computer: need protection of harddrive

30 CSCE 201 - Farkas30 File system-level encryption Individual files or directories are encrypted by the file system itself Advantages: – Flexible file-based key management – Individual management of encrypted files – Access control can be enforced through the use of public-key cryptography – Cryptographic keys are only held in memory while the file that is decrypted by them is held open

31 CSCE 201 - Farkas31 Next Class Malicious code

Download ppt "CSCE 201 Introduction to Information Security Fall 2010 Data Protection."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Cryptography Ch-1 prepared by: Diwan.

Cryptography Ch-1 prepared by: Diwan.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.

CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

Similar presentations

Ads by Google