Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security and Cryptography Partha Dasgupta, Arizona State University.

Published byAubrie Watkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Security and Cryptography Partha Dasgupta, Arizona State University."— Presentation transcript:

1 Computer Security and Cryptography Partha Dasgupta, Arizona State University

2 2 The Problem If I didn't wake up, I'd still be sleeping.

3 3 Not just hype + paranoia u Internet hosts are under constant attack u Financial losses are mounting u Miscreants are getting smarter  (and so are consumers) u “National Security” risks were stated and then underplayed u Data loss threatens normal users, corporations, financial institutions, government and more u Questions: HOW? WHY? and What can we do?

4 4 Overview u Part 1: Security Basics u Part 2: Attacks u Part 3: Countermeasures u Part 4: Cryptography u Part 5: Network Security u Part 6: System Security u Part 7: State of the Art and Future

5 5 Part 1: Security Basics u Computer and Network Security basics u Hacking u Attacks and Risks u Countermeasures u Secrets and Authentication u Paranoia

6 6 Computer and Network Security u Keep computers safe from program execution that is not authorized u Keep data storage free from corruption u Keep data storage free from leaks u Keep data transmissions on the network private and un- tampered with u Ensure the authenticity of the transactions (or executions) u Ensure that the identification of the human, computer, resources are established  With a high degree of confidence  Do not get stolen, misused or misrepresented

7 7 Hacking or Cracking u Plain old crime u Phone Phreaking u Credit cards, the old fashioned way u Technology Hacks  Design deficiencies and other vulnerabilite  ATM, Coke Machines, Credit Cards, Social Engineering  Software hacks  Second channel attacks  RFID issues  Cell phone vulnerabilities  Grocery cards?

8 8 Attacks and Risks u “Attacks”  An attack is a method that compromises one or more of: - privacy (or confidentiality) - data integrity - execution integrity u Attacks can originate in many ways  System based attacks  Network based attacks  “Unintended Consequences” u Risk – a successful attack leads to “compromise”  Data can be stolen, changed or “spoofed”  Computer can be used for unauthorized purposes  Identity can be stolen  RISK can be financial

9 9 Attack Types u System based attacks  Virus, Trojan, rootkit  Adware, spyware, sniffers u A program has potentially infinite power  Can execute, spawn, update, communicate  Can mimic a human being  Can invade the operating system u Network based attacks  Eavesdropping  Packet modifications, packet replay  Denial of Service u Network attacks can lead to data loss and system attacks

10 10 Countermeasures u System Integrity Checks  Virus detectors  Intrusion detection systems  Software signatures u Network Integrity checks  Encryption  Signatures and digital certificates  Firewalls  Packet integrity, hashes and other cryptographic protocols u Bottom Line:  We have an arsenal for much of the network attacks  System security is still not well solved

11 11 What is at Risk? u Financial Infrastructure u Communication Infrastructure u Corporate Infrastructure u Confidentiality and Privacy at many levels u Economy u Personal Safety

12 12 The Shared Secret Fiasco u Our authentication systems (personal, financial, computing, communications) are all based on “shared secrets”  ID numbers, Account numbers, passwords, SS#, DOB u When secrets are shared, they are not secrets  They will leak! u Given the ability of computers to disseminate information, all shared secret schemes are at extreme risk  Media reports of stolen data is rampant The Fake ATM attack The check attack The extortion attack

13 13 How do secrets leak? u Malicious reasons u Simple mistakes u Oversight u Bad human trust management u Bad computer trust management u “Nothing can go wrong”  Please believe in Murphy!

14 14 Keeping Secrets? u Simple answer, not possible. u Encryption is good, but data has to be unencrypted somewhere u “Disappearing Ink”? u Use paper based documents, not scanned. u Public Key Encryption has much promise (PKI systems) u Shared secrets need to be eliminated as much as possible u Separate out of band communications  Phone, postal mail, person-to-person

15 15 Authentication u Shared secrets are used for authentication  Username/passwords u Multi-factor authentication  What you know  What you have  What you are, what you can do. u Most of the authentication methods are quite broken  Designed when networking was not around  PKI systems are better, but not deployed  Too many false solutions (dangerous, gives a feeling of security)

16 16 Passwords u The password is known to the host and the client  Under some password schemes the host does not know the password (e.g. Unix) u Passwords can leak from host or from client u Same password is used for multiple sites u Password managers are not too effective u “Good passwords” are not as good as you think u Invented for a completely different purpose, using passwords on the web, even with SSL encryption, is a bad idea

17 17 False Solutions u Biometrics  A digital bit string, or password that cannot be changed  Plenty of attacks possible, including framing u RFID identification  Plenty of attacks possible u Multi-Factor authentication  Better, but still not good u Smart cards (the not-so-smart ones)  Again, based on shared secrets, have attacks and limitations

18 18 Paranoia? u A large number of computers (consumer, business) are compromised or used for fraud  Viral infections, zombies  Many web servers are for fraudulent reasons u Spam is an indicator  Unprecedented lying, cheating u Adware, popups, spyware  All attempting to mislead, steer, and victimize u Identity theft, financial theft, cheating  Probably at an all time high u Security Awareness is often coupled with paranoia  It is necessary to be paranoid!

19 19 What is the point of an attack? u Get your shared secrets for financial gain u Espionage u Disruption Personal Corporate Financial System Identification

20 20 Computer Security u Software needs to be verifiably untampered and trusted u Networks need to be free from tampering/sniffing u Data has to be secure from stealing and tampering u End user protection u A coalescing of software, hardware and cryptography along with human intervention and multi-band communication.

Download ppt "Computer Security and Cryptography Partha Dasgupta, Arizona State University."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.

Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Similar presentations

Ads by Google