Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security School of Business Eastern Illinois University © Abdou Illia, Fall 2002 (Week 12, Wednesday 11/13/2002)

Published byEustace Stewart Modified over 8 years ago

Similar presentations

Presentation on theme: "Security School of Business Eastern Illinois University © Abdou Illia, Fall 2002 (Week 12, Wednesday 11/13/2002)"— Presentation transcript:

1 Security School of Business Eastern Illinois University © Abdou Illia, Fall 2002 (Week 12, Wednesday 11/13/2002)

2 2 Learning Objectives n Understand standard systems attack n Describe Encryption-Decryption techniques

3 3 Standard systems attacks n Denial of service attacks, or distributed denial of service attacks: – Bombard a site (usually a server or a router) with so many messages that the site is incapable of answering valid requests n Stealing and intercepting passwords and confidential messages.

4 4 Denial-of-Service (DoS) Attacks n Make the system unusable (crash it or make it run very slowly) by sending a stream of messages. Message Stream DOS Attack (Overloads the Victim) ServerAttacker

5 5 Distributed DoS (DDoS) Attack Messages Come from Many Sources Server Message Stream Computer with Zombie Computer with Zombie Attacker Attack Command Attack Command n Attacker hacks into multiple clients and plants Zombie programs on them n Attacker sends commands to Zombie programs which execute the attacks

6 6 Identifying Victims for DDoS n Sending scanning messages – Ping messages (To know if a potential victim exist) – Supervisory messages (To know if victim available) – Etc. n Examining data that responses reveal n IP addresses of potential victims n What services victims are running; different services have different weaknesses n Host’s operating system, version number, etc.

7 7 Identifying Victims for DDoS n Now you can remotely monitor (in real time) your employee, spouse, child or love interest without even having access to their computer!! n iSpy will allow you to send a tiny file to any computer via email which will install this software on the users system. You can then access the users hard drive, listen to the audio of the computer, view screenshots, keystrokes, chats, instant messages, emails, and much... much more! You will not find this with any other software!

8 8 Intercepting confidential messages Attacker Taps into the Conversation: Tries to Read Messages Client PC Server Message Exchange

9 9 Encryption and Decryption techniques n Cryptography is the study of creating and using encryption and decryption techniques. Plaintext is the data before any encryption has been performed Ciphertext is the data after encryption has been performed The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext

10 10 Encryption and Decryption techniques n Key = COMPUTER SCIENCE n Plaintext = this is the account number you have requested n Algorithm based on Vigenere matrix

11 11 Encryption and Decryption techniques 1) Look at the first letter in the plaintext (T) 2) Look at the corresponding key character immediately above it (C) 3) C tells us to use row C of Vigenere matrix to perform alphabetic substitution for plaintext character T 4) Go to column T in row C and find the cipher character V 5) Repeat Steps 1 through 4 for every character of the plaintext. COMPUTERSCIENCECOMPUTERSCIENCECOMPUTERSCIENCE Thisistheaccountnumberyouhaverequested

12 12 Encryption and Decryption techniques n Encryption algorithm cannot be kept secret n Key must be kept secret PlaintextEncryptionCiphertextDecryptionPlaintext Algorithm Key Algorithm Key TransmittedOriginal Message Original Message

13 13 Encryption: Key Length n Key can be “guessed” by exhaustive search – Try all possible keys – See which one decrypts the message n Long keys make exhaustive search difficult – If length is n bits, 2 n tries may be needed – If key length is 8 bits, only 256 tries maximum – Usually, Key Length ≥ 56 bits Assume a key is 56 bits. If it takes 0.00024 seconds to try each key, how long will it take to try all possible keys? What if 10000 computers are working together to try all key combinations?

14 14 Two general Encryption-Decryption methods n Symmetric key encryption method – Use a single key for Encryption-Decryption – Examples: Data Encryption Standard (DES), 3DES n Public key encryption method – Use different keys for Encryption-Decryption – Examples: RSA, Elliptical curve cryptosystem

15 15 Symmetric key Encryption-Decryption n Symmetric key must be distributed secretly between partners n When Partner A sends to Partner B n Partner A encrypts with the key, partner B decrypts with the key n When Partner B send to Partner A n Partner B encrypts with the key, partner A decrypts with the key PlaintextEncryptionCiphertextDecryptionPlaintext 1010010101Transfer $5,000 Transfer $5,000

16 16 Symmetric key Encryption-Decryption n Advantages: n Simple enough for fast Encryption-Decryption n Fast enough for long messages n Disadvantages: n Need a different Symmetric key for each partner (or other partners could read messages) n If N partner, need N*(N-1)/2 keys. PlaintextEncryptionCiphertextDecryptionPlaintext 1010010101Transfer $5,000 Transfer $5,000

17 17 Public key Encryption-Decryption n Each partner has a private key (kept secret) and a public key (shared with everybody) n Sending n Partner A encrypts with the public key of Partner B n Partner B encrypts with the public key of Partner A n Receiving n Each receiver decrypt with its own private key Encrypt with Party B’s Public Key Partner A Partner B Decrypt with Party B’s Private Key

18 18 Public key Encryption-Decryption n Advantages: n Once the message is encrypted, nobody can decrypted it except the receiver n Simplicity of key exchange: No need to exchange public key securely n Disadvantages: n Complex: Requires many computer processing cycles to do Public Encryption- Decryption n Can only be used to encrypt small messages Encrypt with Party B’s Public Key Partner A Partner B Decrypt with Party B’s Private Key

19 19 Summary Questions 1. Name a few standard systems attacks Answer: 2. Distinguish between Denial-of-Service attack and Distributed Denial-of-Service attacks. Answer:

20 20 Summary Questions 3) Jason sends a message to Kristin using public key encryption. (a) What key will Jason use to encrypt the message? (b) What key will Kristin use to decrypt the message? (c) What key will Kristin use to encrypt the reply? (d) What key will Jason use to decrypt the reply? (e) Can the message and reply be long messages? Explain. (a) (b) (c) (d) (e) 4) Does public key encryption have a problem with secure key exchange for the public key? Explain.

Download ppt "Security School of Business Eastern Illinois University © Abdou Illia, Fall 2002 (Week 12, Wednesday 11/13/2002)"

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

Similar presentations

Ads by Google