110 likes | 237 Views
Today’s topics. Computer Applications Computer Security Upcoming Operating Systems ( Great Ideas, Chapter 10) Reading Great Ideas, Chapter 11. Computer Security: Problem. The Problem: Billions in Losses Outright theft Online scams Viruses / Worms Actual damage
E N D
Today’s topics Computer Applications Computer Security Upcoming Operating Systems (Great Ideas, Chapter 10) Reading Great Ideas, Chapter 11
Computer Security: Problem • The Problem: Billions in Losses • Outright theft • Online scams • Viruses / Worms • Actual damage • Actions to avoid damage • Denial of Service • Etc. • Possible Traps (Public Systems ! ! ! ) • Trojan Horse • Onlooker • Cameras
Computer Security: Defenses • Passwords • Using Secure Passwords • Keeping them Secure • Encryption • Simple • Strong • Good Practices • Like all fields, doing something stupid … • Tradeoffs • Is the cure worse than the disease? • Long Live Common Sense!
Good Passwords and Cracking • Briefcase (style) Combination Locks • Brute force methods: Try allcombinations • Number of wheels • Number of position per wheel • Time per trial • How long does it take? • Contrast to BRUTE brute force method (Always Consider!) • Password on a computer • + More possibilities per “wheel” • + More “wheels” (often up to user) • - Computer based cracking faster! • - Dictionary attacks • Picking a good UNIX password
Encryption • When passwords fail, encryption can be fallback • Also provides extra level of difficulty • Security vs. Privacy • Many levels of encryption sophistication: Go through some of them • Single Alphabetic Substitution • Caesar: L FDPH, L VDZ, L FRQTXHUHG • Magic decoder ring? • Cryptoquote • Cracking single alphabetic substitution • Character frequency • (Length of text)
Encryption • Polyalphabetic Substitution • The Vignere Cypher • The Babbit Solution • Cypher Reuse ! • One Time Pads • Can be Absolutely Secure • Computers and Random Number Generators ?! • The Key Exchange Problem • Threats • Using your “secure” channel • A padlock analogy • Diffie, Hellman, and Merkle solution
Public Key Encryption • Publishing the Key! • Another padlock analogy • Diffie Proposal (1975) • Rivest, Shamir, and Adleman (RSA) • Finally came up with a practical method that met the proposed specs • Widely used now • Based on factoring (not being able to factor!) • Primes and Factoring • Examples of primes • How to factor into primes • For large numbers it is very hard
Public Key Encryption • Going through an RSA example • Public key: N, K Private key: G Message: M • RSA: C = (M^K)%N M = (C^G)%N • Remainder operator (modulus) % • Wrap around property • Clock or odometer analogy • Follow example in Text . . . • Breaking the Code • Factoring • Digital Signatures • Using Private Key and Public Key • Replay attack ! • Time (analogy: newspaper in hostage picture)
Politics of Strong Encryption • These unbreakable* methods called Strong Encryption • *more or less • Is any method perfect? • Government tried to keep methods from getting out • Encryption classified as a munition • Export restrictions . . . • Anecdotes • PGP – Pretty Good Privacy • Zimmerman • Legal challenges • Cat out of the bag • Recent silence from government • Has the NSA cracked it?
Other Attacks (buzz words) • Many leave no trace • Password Cracking • Considered earlier • IP Spoofing • Weakness in TCP/IP; modern code deals with it • Replay Attack • Saw in Digital Signature discussion • Applies in many situations • (copy of your key made at hardware store) • Man in the Middle • Typically hardware attack • Denial of Service
Whom can you trust? • How to avoid Viruses and Worms • Most infections occur when trying to run unknown • Mail or other communications programs the vector • Trapdoors • Free software may have its price • Common Sense • Consider alternatives • The human factor • Gun to the head method • The Strong Encryption Trap • Forget that password? • Bye – bye (;-(