Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 1  Introduction 1 Chapter 1: Introduction.

Published byAllyson Richards Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 1  Introduction 1 Chapter 1: Introduction."— Presentation transcript:

1

2 Chapter 1  Introduction 1 Chapter 1: Introduction

3 Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad “guy”  Trudy is our generic “intruder”

4 Chapter 1  Introduction 3 Alice’s Online Bank  Alice opens Alice’s Online Bank (AOB)  What are Alice’s security concerns?  If Bob is a customer of AOB, what are his security concerns?  How are Alice’s and Bob’s concerns similar? How are they different?  How does Trudy view the situation?

5 Chapter 1  Introduction 4 CIA  CIA == Confidentiality, Integrity, and Availability  AOB must prevent Trudy from learning Bob’s account balance  Confidentiality: prevent unauthorized reading of information o Cryptography used for confidentiality

6 Chapter 1  Introduction 5 CIA  Trudy must not be able to change Bob’s account balance  Bob must not be able to improperly change his own account balance  Integrity: detect unauthorized writing of information o Cryptography used for integrity

7 Chapter 1  Introduction 6 CIA  AOB’s information must be available whenever it’s needed  Alice must be able to make transaction o If not, she’ll take her business elsewhere  Availability: Data is available in a timely manner when needed  Availability is a “new” security concern o Denial of service (DoS) attacks

8 Chapter 1  Introduction 7 Beyond CIA: Authentication  How does Bob’s computer know that “Bob” is really Bob and not Trudy?  Bob’s password must be verified o This requires some clever cryptography  What are security concerns of pwds?  Are there alternatives to passwords?

9 Chapter 1  Introduction 8 Beyond CIA: Authentication Protocols  When Bob logs into AOB, how does AOB know that “Bob” is really Bob?  As before, Bob’s password is verified  Unlike the previous case, network security issues arise  How do we secure network transactions? o Protocols are critically important o Crypto plays critical role in protocols

10 Chapter 1  Introduction 9 Beyond CIA: Access Control  Once Bob is authenticated by AOB, then AOB must restrict actions of Bob o Bob can’t view Charlie’s account info o Bob can’t install new software, etc.  Enforcing these restrictions: authorization  Access control includes both authentication and authorization

11 Beyond CIA: non-repudiation  Suppose that Bob withdrew $10,000, but later he denied the withdrawal of that money.  AOB must have the way of proving that he withdraw the money.  Preventing from false denial of previous action: non-repudiation Chapter 1  Introduction 10

12 IEC 61850 environment Chapter 1  Introduction 11 Intra-Substation Communications Substation LAN Substations Router (from: SISCO)

13 Chapter 1  Introduction 12 Substation LAN Substations Router Inter-substation Control Center-to-Substation (from: SISCO)

14 Chapter 1  Introduction 13 Substation LAN Substations Router Customer to Substation (from: SISCO)

15 Security concerns for 61850  Intra-substation  Inter-substation  Center-to-substaton  Customer-to-substation Chapter 1  Introduction 14

16 Chapter 1  Introduction 15 Beyond CIA: Software  Cryptography, protocols, and access control are implemented in software o Software is foundation on which security rests  What are security issues of software? o Real world software is complex and buggy o Software flaws lead to security flaws o How does Trudy attack software? o How to reduce flaws in software development? o And what about malware?

17 Beyond CIA: physical security  Network(communication) security is not all that matters.  How we can protect all facilities from physical(or human) intrusion or intervention is as important as the communication security. Chapter 1  Introduction 16

18 Chapter 1  Introduction 17 Our topics  The topics consist of four major parts o Cryptography o Access control o Protocols o Software  Note: Our focus is on technical issues

19 Chapter 1  Introduction 18 Cryptography  “Secret codes”  The book covers o Classic cryptography o Symmetric ciphers o Public key cryptography o Hash functions++ o Advanced cryptanalysis

20 Chapter 1  Introduction 19 Access Control  Authentication o Passwords o Biometrics o Other methods of authentication  Authorization o Access Control Lists/Capabilities o Multilevel security (MLS), security modeling, covert channel, inference control o Firewalls, intrusion detection (IDS)

21 Chapter 1  Introduction 20 Protocols  “Simple” authentication protocols o Focus on basics of security protocols o Lots of applied cryptography in protocols  Real-world security protocols o SSH, SSL, IPSec, Kerberos o Wireless: WEP, GSM

22 Chapter 1  Introduction 21 Software  Security-critical flaws in software o Buffer overflow o Race conditions, etc.  Malware o Examples of viruses and worms o Prevention and detection o Future of malware?

23 Chapter 1  Introduction 22 Software  Software reverse engineering (SRE) o How hackers “dissect” software  Digital rights management (DRM) o Shows difficulty of security in software o Also raises OS security issues  Software and testing o Open source, closed source, other topics

24 Chapter 1  Introduction 23 Software  Operating systems o Basic OS security issues o “Trusted OS” requirements o NGSCB: Microsoft’s trusted OS for the PC  Software is a BIG security topic o Lots of material to cover o Lots of security problems to consider o But not nearly enough time available…

25 Chapter 1  Introduction 24 Think Like Trudy  In the past, no respectable sources talked about “hacking” in detail o After all, such info might help Trudy  Recently, this has changed o Lots of books on network hacking, evil software, how to hack software, etc. o Classes teach virus writing, SRE, etc.

26 Chapter 1  Introduction 25 Think Like Trudy  Good guys must think like bad guys!  A police detective… o …must study and understand criminals  In information security o We want to understand Trudy’s methods o Might think about Trudy’s motives o We’ll often pretend to be Trudy

27 Chapter 1  Introduction 26 Think Like Trudy  Is all of this security information a good idea?  Bruce Schneier (referring to Security Engineering, by Ross Anderson): o “It’s about time somebody wrote a book to teach the good guys what the bad guys already know.”

28 Chapter 1  Introduction 27 Think Like Trudy  We must try to think like Trudy  We must study Trudy’s methods  We can admire Trudy’s cleverness  Often, we can’t help but laugh at Alice’s and/or Bob’s stupidity  But, we cannot act like Trudy o Except in this class…

29 Chapter 1  Introduction 28 In This Course…  Think like the bad guy  Always look for weaknesses o Find the weak link before Trudy does  It’s OK to break the rules o What rules?  Think like Trudy  But don’t do anything illegal!

Download ppt "Chapter 1  Introduction 1 Chapter 1: Introduction."

Similar presentations

Computer Security CIS326 Dr Rachel Shipsey.

Computer Security CIS326 Dr Rachel Shipsey.
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Lecture 1: Information Security Overview SYCS 653 – Fall 2009 Wayne Patterson.

Lecture 1: Information Security Overview SYCS 653 – Fall 2009 Wayne Patterson.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.

CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.

Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.

Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Similar presentations

Ads by Google