1 / 13

ITIS 6200/8200: Principles of Information Security and Privacy

ITIS 6200/8200: Principles of Information Security and Privacy. Dr. Weichao Wang. Syllabus. See handout Homework will usually has 4-5 questions and due in one week. It is due at the time that the class begins. Late homework Within 24 hours: 50% of full score After that: 0% Project

billywright
Download Presentation

ITIS 6200/8200: Principles of Information Security and Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITIS 6200/8200:Principles of Information Security and Privacy Dr. Weichao Wang

  2. Syllabus • See handout • Homework will usually has 4-5 questions and due in one week. It is due at the time that the class begins. • Late homework • Within 24 hours: 50% of full score • After that: 0% • Project • For master students • Conduct some hands-on experiments • Or choose a security problem and write a survey paper • A reference question list will be provided • For PhD students • Figure out a project that will help your thesis • Midterm and final exam • Misc: eating, drinking, and cell phone (text & twitter)

  3. Before class • An interesting question • Two companies each has some private data. They need to jointly calculate some result without disclosing their information. • Secure multiparty computation • Is this solution useful? • Zero knowledge proof: • Can I prove to you that I know a secret without telling you anything? (practically) • Anonymously publishing data or information

  4. Examples in real life • Attack on Twitter • Hack into the victim’s email account • DDoS to paralyze Twitter, facebook, etc • Data mining attacks on public database • In Tenn, a newspaper generates a database about all residents that have CCW permits. • In CA, there is a webpage listing all people that donate to Proposition 8 ballot measure • Digital cash

  5. Examples in real life • Will Cloud computing solve every problem • Worm attack on smart grid • Use social network to detect disease breakout • Code during the war • Navajo Code in WWII • RFID:

  6. Computers have controlled our lives • Medical, ATM, banking, business • Air traffic control

  7. Security overview • Risks • Why there are risks • Adversaries • Smart and dedicated • Many of them, considering the high employment rate • Hiding in the dark • From fun to profit (worm self-changing  botnet -> target at specific systems)

  8. Security overview • Physical security is not enough (can you be sure that your physical security methods are sound and enough? Example in Las Vegas, supply chain attacks, attack on RSA chip, internal attacks) • Networked computers can be accessed remotely

  9. Security overview • What can go wrong • Trojan war story (Trojan horse): USB keys (Digital photo frame and SCADA) • Corrupted internal worker • Vulnerabilities of protocols or security mechanisms (security patch has problems) • By-passing protection walls • Backdoors for systems (Linux password) • Known attacks ignored (push and poll)

  10. Information security • Encryption • You can read the information only when you know the key • Authentication • You are who you claim you are • Authorization • The role and the right

  11. Information security • Information integrity • The data has never be changed or changed in an inappropriate way • Non-repudiation • Cannot deny your words (digital cash example) • Privacy • Who should know, how much, how to use the information • Your cell phone or medical records • RFID • Your smart meter

  12. Security overview • Defending methods • Prevention • Prevent (password, salt, private salt, searching) • Deter: raising the bar (password guessing, login slow) • Deflect: making other target more attractive • Diversify • Detection • Monitoring (who, what, and how) • Intrusion detection (signature based, anomaly based) • IP telephony track • Authenticity of the evidence (digital media)

  13. Security Overview • Recovery • Recover data (check point) • Identify the damage • Forensics • Confinement • Tolerance • Maintain a decent service quality • Automatically degrade video quality while reserving bandwidth for voice

More Related