1 / 31

The Secure Environment

The Secure Environment. The Secure Environment. Security goals (C.I.A.) and threats. Intruders. Common Categories Casual prying by nontechnical users Snooping by insiders Determined attempt to make money Commercial or military espionage Others (such as cyber wars).

nina-york
Download Presentation

The Secure Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Secure Environment Security

  2. The Secure Environment Security goals (C.I.A.) and threats Security

  3. Intruders • Common Categories • Casual prying by nontechnical users • Snooping by insiders • Determined attempt to make money • Commercial or military espionage • Others (such as cyber wars) Security

  4. Basics of Cryptography Security

  5. Network Is NOT Secure ABC ABC ABC ABC ABC A D B C Security

  6. Encrypt Your Information ~!@ ~!@ ~!@ ~!@ ~!@ A D B C Security

  7. Data Encryption Process KEY KEY Plaintext Plaintext Ciphertext Decryption Encryption Network Security

  8. Two Types of Cryptography KEY Plaintext Plaintext Ciphertext Decryption Encryption Network (a) Conventional two-way Cryptography KEY1 KEY2 Plaintext Plaintext Ciphertext Decryption Encryption Network (b) Public Key Cryptography Security

  9. Conventional two-way Cryptography KEY Plaintext Plaintext Ciphertext Decryption Encryption Network treaty impossible wuhdwb lpsrvvleoh treaty impossible abcdefghijklmnopqrstuvwxyz defghijklmnopqrstuvwxyzabc KEY: Caesar Cipher Encryption: ci=E(pi) = pi + 3 Decryption: pi=D(ci) = ci - 3 Security

  10. Conventional two-way Cryptography • Substitution Cipher • Caesar Cipher • Playfair Cipher • Etc. Security

  11. Conventional two-way Cryptography: Problems A D B C Security

  12. Public Key Cryptography KEY1 KEY2 Plaintext Plaintext Ciphertext Decryption Encryption Network Public Private Security

  13. Public Key Cryptography: Advantages Private key A A Private key D D Public key A Public key B Public key C Public key D Private key B B Private key C C Security

  14. PKI: Certification Authority • What is a certificate? Why do we need Certification Authorities (CA) or trusted third party? A certificate is a digitally signed statement by a CA that provides independent confirmation of an attribute claimed by a person proffering a digital signature. More formally, a certificate is a computer-based record which: (1) identifies the CA issuing it, (2) names, identifies, or describes an attribute of the subscriber, (3) contains the subscriber's public key, and (4) is digitally signed by the CA issuing it. Security

  15. Trapdoor function Prime1 * Prime2 = Composite Composite = Prime1 * Prime2 Public Key Cryptography: Some Roads Are One-Way Easy N5 Difficulty N1/5 Trapdoor characteristics: (1) It is easy to compute f(x) from x. (2) Computation of x from f(x) is likely to be intractable. Security

  16. An Example : Encryption EB(p) DB(EB(p)) = p Network User A User B A encrypts message p using B’s public key B decrypts the ciphertext using its own private key Security

  17. Another Example : Digital Signature EA(DB(EB(DA(p)))) = EA(DA(p)) = p EB(DA(p)) Network User B User A A signs message p using its own private key and encrypts it using B’s public key B decrypts the ciphertext using its own private key and verifies it using A’s public key Security

  18. Hash functions ………. ………. ………. ……….. ………. ……… Message Digest Hash • The basic requirements for a cryptographic hash function H(x)are as follows. • The input can be of any length. • The output has a fixed length. • H(x) is relatively easy to compute for any given x. • H(x) is one-way. • H(x) is collision-free. Security

  19. More on Digital Signature ………. ………. ………. ……….. ………. ……… Message Digest Hash Sign (decrypt) Using Private Key ………. ………. ………. ……….. Append Signature Signature Security

  20. More on Digital Signature ………. ………. ………. ……….. Message Digest Hash Verify (Encrypt operation) Using Public Key Message Digest Signature Security

  21. User Authentication Security

  22. User Authentication • Basic Principles. Authentication must identify: • Something the user knows • Something the user has • Something the user is • This is done before user can use the system Security

  23. Authentication Using Passwords Note: be careful when failed several times. (a) A successful login (b) Login rejected after name entered (c) Login rejected after name and password typed Security

  24. Authentication Using Passwords • How a cracker broke into LBL (source: A.S.Tanenbaum “Modern Operating System” course materials) • a U.S. Dept. of Energy research lab Security

  25. Login Spoofing % Login: % Login: (b) Phony login screen (a) Correct login screen Security

  26. Authentication Using Passwords • The use of salt to defeat precomputation of encrypted passwords , , , , Password Salt Security

  27. Authentication Using a Physical Object • Magnetic cards • magnetic stripe cards • chip cards: stored value cards, smart cards Security

  28. Authentication Using Biometrics A device for measuring finger length. Security

  29. Countermeasures • Limiting times when someone can log in • Automatic callback at number prespecified • Limited number of login tries • A database of all logins • Simple login name/password as a trap • security personnel notified when attacker bites Security

  30. Secure Communications Over Insecure Channels • R. C. Merkle’s Puzzle • “secure Communications over Insecure Channels” • Communications of the ACM, 1978, Vol. 21, No. 4. Security

  31. One-way Hash Chain and TESLA • Adrian Perrig, Ran Canetti, Dawn Song, and J. D. Tygar. Efficient and secure source authentication for multicast. In Network and Distributed System Security Symposium, NDSS '01, February 2001. Security

More Related