Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITIS 6200/8200: Principles of Information Security and Privacy Dr. Weichao Wang.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ITIS 6200/8200: Principles of Information Security and Privacy Dr. Weichao Wang."— Presentation transcript:

1 ITIS 6200/8200: Principles of Information Security and Privacy Dr. Weichao Wang

2 Syllabus See handout –Homework will usually has 4-5 questions and due in one week. It is due at the time that the class begins. –Late homework Within 24 hours: 50% of full score After that: 0% –Project For master students –Conduct some hands-on experiments –Or choose a security problem and write a survey paper –A reference question list will be provided For PhD students –Figure out a project that will help your thesis –Midterm and final exam –Misc: eating, drinking, and cell phone (text & twitter)

3 Before class An interesting question –Two companies each has some private data. They need to jointly calculate some result without disclosing their information. Secure multiparty computation Is this solution useful? –Zero knowledge proof: Can I prove to you that I know a secret without telling you anything? (practically) –Anonymously publishing data or information

4 Examples in real life Attack on Twitter –Hack into the victim’s email account –DDoS to paralyze Twitter, facebook, etc Data mining attacks on public database –In Tenn, a newspaper generates a database about all residents that have CCW permits. –In CA, there is a webpage listing all people that donate to Proposition 8 ballot measure Digital cash

5 Examples in real life Will Cloud computing solve every problem Worm attack on smart grid Use social network to detect disease breakout Code during the war –Navajo Code in WWII RFID:

6 –Computers have controlled our lives Medical, ATM, banking, business Air traffic control

7 Security overview Risks –Why there are risks Adversaries –Smart and dedicated –Many of them, considering the high employment rate –Hiding in the dark –From fun to profit (worm  self-changing  botnet -> target at specific systems)

8 Security overview Physical security is not enough (can you be sure that your physical security methods are sound and enough? Example in Las Vegas, supply chain attacks, attack on RSA chip, internal attacks) Networked computers can be accessed remotely

9 Security overview What can go wrong –Trojan war story (Trojan horse): USB keys (Digital photo frame and SCADA) –Corrupted internal worker –Vulnerabilities of protocols or security mechanisms (security patch has problems) –By-passing protection walls –Backdoors for systems (Linux password) –Known attacks ignored (push and poll)

10 Information security Encryption –You can read the information only when you know the key Authentication –You are who you claim you are Authorization –The role and the right

11 Information security Information integrity –The data has never be changed or changed in an inappropriate way Non-repudiation –Cannot deny your words (digital cash example) Privacy –Who should know, how much, how to use the information Your cell phone or medical records RFID Your smart meter

12 Security overview Defending methods –Prevention Prevent (password, salt, private salt, searching) Deter: raising the bar (password guessing, login slow) Deflect: making other target more attractive Diversify –Detection Monitoring (who, what, and how) Intrusion detection (signature based, anomaly based) IP telephony track Authenticity of the evidence (digital media)

13 Security Overview Recovery –Recover data (check point) –Identify the damage –Forensics –Confinement Tolerance –Maintain a decent service quality –Automatically degrade video quality while reserving bandwidth for voice

Download ppt "ITIS 6200/8200: Principles of Information Security and Privacy Dr. Weichao Wang."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CSE 5392By Dr. Donggang Liu1 CSE 5392 Sensor Network Security Course Introduction.

CSE 5392By Dr. Donggang Liu1 CSE 5392 Sensor Network Security Course Introduction.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Intro To Encryption Exercise 12. 2 Problem What may be the problem with a central KDC?

1 Intro To Encryption Exercise Problem What may be the problem with a central KDC?
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
ITIS 6167/8167: Network and Information Security Weichao Wang.

ITIS 6167/8167: Network and Information Security Weichao Wang.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google