Presentation is loading. Please wait.

Presentation is loading. Please wait.

Source: Hutter, Stephan Sicherheit Sicherheit Stammvorlesung Sommersemester 2003 Dieter Hutter, Werner Stephan.

Similar presentations


Presentation on theme: "Source: Hutter, Stephan Sicherheit Sicherheit Stammvorlesung Sommersemester 2003 Dieter Hutter, Werner Stephan."— Presentation transcript:

1

2 Source: Hutter, Stephan Sicherheit Sicherheit Stammvorlesung Sommersemester 2003 Dieter Hutter, Werner Stephan

3 Source: Hutter, Stephan Sicherheit Important Information Stammvorlesung: 9 credit points Monday, Wednesday: 11am – 1 pm (c.t.) Room: HS 001 (Geb. 45) Exercises starting begin of June Exams: presumably end of July Homepage: Contact: –Dieter Hutter, Room –1.11 (Geb. 43.1, DFKI) Tel –Werner Stephan, Room 1.28 (Geb. 43.8, DFKI) Tel

4 Source: Hutter, Stephan Sicherheit Literature Cryptography –Johannes Buchmann: Einführung in die Kryptographie (Springer), 2001 (also available in English (Springer) ) IT-Security –Ross Anderson: Security Engineering (Wiley & Sons), 2001 –Claudia Eckert: IT-Sicherheit (Oldenbourg), 2001 –Bruce Schneider: Secrets & Lies –Edward Amoroso: Fundamentals of Computer Security Technology (Prentice Hall), 1994 –Josef Pieprzy et al. Fundamentals of Computer Security (Springer)

5 Source: Hutter, Stephan Sicherheit Overview Introduction –Important Information –Overview –Motivation –Basic Notions Confidentiality, Integrity, Authentication,..., Multilateral Security

6 Source: Hutter, Stephan Sicherheit Overview Cryptography –Types of Systems Symmetric - Asymmetric Encryption One-Way Functions, Hash-Functions, Random Generators - Analysis of Cryptographic Techniques Attacks Properties - Concrete Techniques DES, RSA, El Gamal, Diffie-Hellman,...

7 Source: Hutter, Stephan Sicherheit Overview Security Protocols (Cryptographic Protocols) - Constituents of Protocols (Protocol Notation) Keys, Encryption, Nonces, Timestamps - Problems with Protocols Goals, Attacks, Failures - Formal Analysis of Protocols Data-Types, Traces, Inductive Proofs

8 Source: Hutter, Stephan Sicherheit Overview Security Policies -Access Control Basic Concepts Systems: Chinese-Wall, Bell-La Padula, Biba, … -Information Flow Control Basic Notions of Non-Interference Systems with Structured States Multilevel Security Policies Intransitive Policies

9 Source: Hutter, Stephan Sicherheit Overview Technology –Secure Operating Systems Secure Devices –Network Security Firewalls, IDS, Mixes,… -Media Security CSA, CSS,… –Systems Digital Signatures, E-Payment, …

10 Source: Hutter, Stephan Sicherheit Overview Security Engineering (Development of Secure Systems) –Risk Analysis Identification of Threats –Requirements Engineering Security Objectives, Security Functions and mechanisms –Assessment of IT-Systems Quality Criteria (Common Criteria), Evaluation

11 Source: Hutter, Stephan Sicherheit Owners countermeasures Threat agents vulnerabilities risk assets threats to reduce leading to that increase that may be reduced by that may possess to impose give rise to wish to abuse and/or may damage may be aware of that exploit Wish to minimize value to Security (according to Common Criteria)

12 Source: Hutter, Stephan Sicherheit Critical Infrastructure Applications E-Commerce –payment systems –orders / contracts – auctions E-Administration –public administration –e-voting

13 Source: Hutter, Stephan Sicherheit Critical Infrastructure Applications Information Systems –military –company Important General Services: –Digital Signatures –Public Key Infrastructures –Time Stamps

14 Source: Hutter, Stephan Sicherheit Security vs. Safety Safety: –Avoid system states that endanger users –Fail–Safe Concepts, Fault-Tolerance Threats from inside Malfunctioning of the system Security: –Threats from outside –Attacks of malevolent participants –Problem: Attacker Model

15 Source: Hutter, Stephan Sicherheit Some Other Notions Data Protection –Preventing unauthorized access –Preventing loss of data: backup of data Privacy –Controlled access to personal data (Informelles Selbstbestimmungsrecht)

16 Source: Hutter, Stephan Sicherheit Security Objectives Privacy : –Confidentiality (of data) –Anonymity (of participants) Integrity : –Integrity (of data) –Authentication (of participants) Liability : –Availability (of resources) –Accountability (of participants)

17 Source: Hutter, Stephan Sicherheit Confidentiality Confidentiality of users data. No unauthorized user can discover content of data or communication Encryption of data (Cryptography) Hiding of data (Steganography) Restricting (read) access to data Who is allowed to read which data under which conditions ? (Security policies)

18 Source: Hutter, Stephan Sicherheit Anonymity Anonymity ensures that a user can use resources or services without disclosing his/her identity Pseudonyms Network: Proxy-server, Mixes Who communicates with whom or reads which data ?

19 Source: Hutter, Stephan Sicherheit GSM Location System Syslog XP 3.7 Location Retrieval: Participant: Koch Contacting... Mapping: zooming... Participant Koch in City: Hamburg Area: Inner City Jungfernstieg / Neuer Wall MSISDN: Häuble Starting... Locked

20 Source: Hutter, Stephan Sicherheit GSM Location System Syslog XP 3.7 Participant Koch arrested !

21 Source: Hutter, Stephan Sicherheit Integrity Protecting data from unauthorized manipulation Signatures and digital signatures Hash functions Restricting (write) access to data Who is allowed to change which data under which conditions ? (Security policies)

22 Source: Hutter, Stephan Sicherheit Authentication Identification of participants in a system Passwords (shared knowledge) Biometric authentication Public – Key infrastructure Who is using a system or sending a message

23 Source: Hutter, Stephan Sicherheit Availabilty No unauthorized impairment of services Examples: Blocking CPU-resources by Java-applets Flooding network with s

24 Source: Hutter, Stephan Sicherheit Accountabilty Sender and receiver of information cannot succesfully deny having sent or received information. Communication takes place in a provable way Proof of communication required Digital Signatures

25 Source: Hutter, Stephan Sicherheit Security Objectives Security objectives are not always independent. Examples: Anonymity weakens Accountability Confidentiality weakens Accountability Accessability implies Authentication

26 Source: Hutter, Stephan Sicherheit Multilateral Security Each participant has its own security issues Each participant can formulate its own issues Conflicts have to be resolved and enforced

27 Source: Hutter, Stephan Sicherheit Recht auf informationelle Selbstbestimmung Freie Entfaltung der Persönlichkeit setzt unter den modernen Bedingungen der Datenverarbeitung den Schutz des Einzelnen gegen unbegrenzte Erhebung, Speicherung, Verwendung und Weitergabe seiner persönlichen Daten voraus Mit dem Recht auf informationelle Selbstbestimmung wäre eine Gesellschaftsordnung nicht vereinbar, in der Bürger nicht mehr wissen könnten, wer was wann und bei welcher Gelegenheit über sie weiss. (Volkszählungsurteil des BVG, )


Download ppt "Source: Hutter, Stephan Sicherheit Sicherheit Stammvorlesung Sommersemester 2003 Dieter Hutter, Werner Stephan."

Similar presentations


Ads by Google