Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSIT324 OS &WEB INTERFACE SECURITY Introduction. C OURSE O UTLINE Concepts Security environment: Threats, intruders, accidental data loss. Cryptography.

Published byCynthia Hart Modified over 9 years ago

Similar presentations

Presentation on theme: "CSIT324 OS &WEB INTERFACE SECURITY Introduction. C OURSE O UTLINE Concepts Security environment: Threats, intruders, accidental data loss. Cryptography."— Presentation transcript:

1 CSIT324 OS &WEB INTERFACE SECURITY Introduction

2 C OURSE O UTLINE Concepts Security environment: Threats, intruders, accidental data loss. Cryptography basics: types Protection mechanisms Authentication Insider attacks, Code bug exploitation plus defenses.

3 A SSESSMENT Course works, test – 30% Final Exam – 70%

4 R EFERENCE Modern OS by Andrew S. Tanenbaum

5 S ECURITY E NVIRONMENT OS - Security – Protection mechanisms – the specific OS mechanisms used to safeguard information in the PC.

6 S ECURITY F ACETS 1. Threats PC has 4 general goals with corresponding threats to them: Data confidentiality – concerned with having secret data remain secret. Data integrity – unauthorized users should not be able to modify any data without the owner’s permission. Data modification includes changing data, removing data and adding false data. System availability – nobody can disturb the system to make it unusable. Denial of service attacks. Privacy – protecting individuals from misuse of information about them

7 2. I NTRUDERS /A DVERSARIES People who are nosing around places where they have no business. Forms: Passive intruders – want to read files they are not authorized to read. Active intruders – more malicious (want to make unauthorized changes to data).

8 C ATEGORIES OF I NTRUDERS Casual prying by nontechnical users: people reading other users’ email &other files if no barriers are placed in the way. Snooping by insiders. Determined attempts to make money: bank programmers have attempted to steal from the bank they are working for. Commercial/military espionage: espionage is a serious &well-funded attempt by a competitor/a foreign country to steal programs, trade secrets, patentable ideas, technology, circuits designs, business plans e.t.c.

9 3. A CCIDENTAL DATA LOSS Valuable data can be lost by accident. Causes: Act of God – fires, floods, earthquakes, wars, riots. Hardware/software errors – CPU malfunctions, unreadable disks, telecom errors, program bugs. Human errors – incorrect data entry, wrong program run, lost disk. Solutions: Maintain adequate backups far away from the original data.

10 C RYPTOGRAPHY B ASICS. Cryptography refers to the process of converting plaintext into ciphertext (encrypt) in that only authorized people know how to convert it back to plaintext. Ciphertext is an incomprehensible pile of bits. Encryption &decryption algorithms (functions) should always be public.

11 F ORMS OF C RYPTOGRAPHY Secret-key cryptography – mono-alphabetic substitution. Also referred to as symmetric cryptography. Advantage: Efficient because the amount of computation required to encrypt/decrypt a message is manageable. Drawback : Sender &receiver must both be in possession of the shared secret key. Public-key cryptography – private (decryption key) and public key pair but the public key (encryption key) is published.

12 P UBLIC KEY ENCRYPTION …. Key generation is automated with a user-selected password fed into the algorithm. The correspondent encrypts the message with the receiver’s public key. Since only the receiver has the private key, only the receiver can decrypt the message.

13 D IGITAL S IGNATURES Digital signatures – sign a document digitally. Make it possible to sign emails &other digital documents in such a way that they can’t be repudiated by the sender later. One way is to first run the document through a one-way cryptographic hashing algorithm which very hard to invert. Hashing function produces a fixed length result independent of the original document size. Common hash functions: Message Digest 5 (MD5) that produces a 16byte result, Secure Hash Algorithm (SHA-1) that produces a 20-byte result.

14 H ASHING PROCESS.. S ENDER ’ S END. The document owner applies his private key to the hash to get D(hash). This value, called the Signature block, is appended to the document &sent to the receiver. The application of D to the hash is also referred to as decrypting the hash though its not really a decryption because the hash has not been encrypted. It just a mathematical transformation on the hash.

15 R ECEIVER ’ S END.. When the doc and hash arrive, the receiver first computes the hash of the doc using MD5 or SHA. The receiver then applies the sender’s public key to the signature block to get E{D(hash)}. It encrypts the decrypted hash, canceling it out &getting the hash back. If the computed hash doesn’t match the hash from the signature block, the doc, the signature block, or both have been tampered with or changed by accident. NB: the value of this scheme is that it applies public-key cryptography only to a relatively small piece of data, called the hash.

16 T RUSTED P LATFORM M ODULE (TPM) TPM is crypto-processor with some nonvolatile storage inside it for keys. TPM can perform cryptographic operations such as encrypting blocks of plaintext or decrypting blocks of ciphertext in main memory. TPM can also verify digital signatures. According to Microsoft, operating system controls the TPM to prevent unauthorized software from being run.

17 TPM APPLICATIONS … If the TPM is involved in the booting process, it will start only operating systems signed by a secret key placed inside the TPM by the manufacturer &disclosed only to selected OS vendors e.g. Microsoft. Thus TPM can be used to limit users’ choices of software to those approved by the computer manufacturer.

18 TPM APPLICATIONS … Music &movie industries are very keen on TPM as it could be used to prevent piracy of the content. It also open up new business models such as renting songs/movies for a specific period of time by refusing to decrypt them after the expiration date. TPM drawback: Doesn’t make PCs more secure against external attacks. It only focuses on using cryptography to prevent users from doing anything not approved directly or indirectly by the TPM controllers.

19 R ESEARCH ON : Certificate Authorities PKI Next Lecture: Protection Mechanisms. End!

Download ppt "CSIT324 OS &WEB INTERFACE SECURITY Introduction. C OURSE O UTLINE Concepts Security environment: Threats, intruders, accidental data loss. Cryptography."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 9 Security 9.1 - 9.3 Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

Chapter 9 Security Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

Similar presentations

Ads by Google