1 / 11

Today’s topics

Today’s topics. Computer Applications Computer Security Upcoming Operating Systems ( Great Ideas, Chapter 10) Reading Great Ideas, Chapter 11. Computer Security: Problem. The Problem: Billions in Losses Outright theft Online scams Viruses / Worms Actual damage

babu
Download Presentation

Today’s topics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Today’s topics Computer Applications Computer Security Upcoming Operating Systems (Great Ideas, Chapter 10) Reading Great Ideas, Chapter 11

  2. Computer Security: Problem • The Problem: Billions in Losses • Outright theft • Online scams • Viruses / Worms • Actual damage • Actions to avoid damage • Denial of Service • Etc. • Possible Traps (Public Systems ! ! ! ) • Trojan Horse • Onlooker • Cameras

  3. Computer Security: Defenses • Passwords • Using Secure Passwords • Keeping them Secure • Encryption • Simple • Strong • Good Practices • Like all fields, doing something stupid … • Tradeoffs • Is the cure worse than the disease? • Long Live Common Sense!

  4. Good Passwords and Cracking • Briefcase (style) Combination Locks • Brute force methods: Try allcombinations • Number of wheels • Number of position per wheel • Time per trial • How long does it take? • Contrast to BRUTE brute force method (Always Consider!) • Password on a computer • + More possibilities per “wheel” • + More “wheels” (often up to user) • - Computer based cracking faster! • - Dictionary attacks • Picking a good UNIX password

  5. Encryption • When passwords fail, encryption can be fallback • Also provides extra level of difficulty • Security vs. Privacy • Many levels of encryption sophistication: Go through some of them • Single Alphabetic Substitution • Caesar: L FDPH, L VDZ, L FRQTXHUHG • Magic decoder ring? • Cryptoquote • Cracking single alphabetic substitution • Character frequency • (Length of text)

  6. Encryption • Polyalphabetic Substitution • The Vignere Cypher • The Babbit Solution • Cypher Reuse ! • One Time Pads • Can be Absolutely Secure • Computers and Random Number Generators ?! • The Key Exchange Problem • Threats • Using your “secure” channel • A padlock analogy • Diffie, Hellman, and Merkle solution

  7. Public Key Encryption • Publishing the Key! • Another padlock analogy • Diffie Proposal (1975) • Rivest, Shamir, and Adleman (RSA) • Finally came up with a practical method that met the proposed specs • Widely used now • Based on factoring (not being able to factor!) • Primes and Factoring • Examples of primes • How to factor into primes • For large numbers it is very hard

  8. Public Key Encryption • Going through an RSA example • Public key: N, K Private key: G Message: M • RSA: C = (M^K)%N M = (C^G)%N • Remainder operator (modulus) % • Wrap around property • Clock or odometer analogy • Follow example in Text . . . • Breaking the Code • Factoring • Digital Signatures • Using Private Key and Public Key • Replay attack ! • Time (analogy: newspaper in hostage picture)

  9. Politics of Strong Encryption • These unbreakable* methods called Strong Encryption • *more or less • Is any method perfect? • Government tried to keep methods from getting out • Encryption classified as a munition • Export restrictions . . . • Anecdotes • PGP – Pretty Good Privacy • Zimmerman • Legal challenges • Cat out of the bag • Recent silence from government • Has the NSA cracked it?

  10. Other Attacks (buzz words) • Many leave no trace • Password Cracking • Considered earlier • IP Spoofing • Weakness in TCP/IP; modern code deals with it • Replay Attack • Saw in Digital Signature discussion • Applies in many situations • (copy of your key made at hardware store) • Man in the Middle • Typically hardware attack • Denial of Service

  11. Whom can you trust? • How to avoid Viruses and Worms • Most infections occur when trying to run unknown • Mail or other communications programs the vector • Trapdoors • Free software may have its price • Common Sense • Consider alternatives • The human factor • Gun to the head method • The Strong Encryption Trap • Forget that password? • Bye – bye (;-(

More Related