2 The Security Environment Threats Security goals and threats
3 Basics of Cryptography Relationship between the plaintext and the ciphertext
4 Monoalphabetic substitution –each letter replaced by different letter Given the encryption key, –easy to find decryption key Secret-key crypto called symmetric-key crypto Secret-Key Cryptography
5 Public-Key Cryptography All users pick a public key/private key pair –publish the public key –private key not published Public key is the encryption key –private key is the decryption key
6 Digital Signatures Computing a signature block What the receiver gets (b)
7 Authentication Using Passwords The use of salt to defeat precomputation of encrypted passwords Salt Password,,,,
8 Authentication Using a Physical Object Magnetic cards –magnetic stripe cards –chip cards: stored value cards, smart cards
9 Authentication Using Biometrics A device for measuring finger length.
10 Countermeasures Limiting times when someone can log in Automatic callback at number prespecified Limited number of login tries A database of all logins Simple login name/password as a trap –security personnel notified when attacker bites
11 Mobile Code Sandboxing Applets can be interpreted by a Web browser
12 Protection Mechanisms Protection Domains (1) Examples of three protection domains
19 Windows NT(W2K) Security Access Control Scheme –name/password –access token associated with each process object indicating privileges associated with a user –security descriptor access control list used to compare with access control list for object
20 Access Token (per user/subject) Security ID (SID) Group SIDs Privileges Default Owner Default ACL
21 Security Descriptor (per Object) Flags Owner System Access Control List (SACL) Discretionary Access Control List (DACL)
22 Access Control List ACL Header ACE Header Access Mask SID ACE Header Access Mask SID......
23 Access Mask Generic All Generic Execute Generic Write Generic Read Access System Security Maximum allowed Delete Read Control Write DAC Write Owner Synchronize Generic Access Types Standard Access Types Specific Access Types
24 Access Control Using ACLs When a process attempts to access an object, the object manager in W2K executive reads the SID and group SIDs from the access token and scans down the object’s DACL.W2K If a match is found in SID, then the corresponding ACE Access Mask provides the access rights available to the process.