Chapter 1  Introduction 1 Chapter 1: Introduction.

Slides:



Advertisements
Similar presentations
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Advertisements

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lecture 1: Information Security Overview SYCS 653 – Fall 2009 Wayne Patterson.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.
FIT3105 Security and Identity Management Lecture 1.
Data Security 101 Part 1: PKI and SSL. Reading First, read the VeriSign case, –page Second, read section 5.3 –pages Finally, briefly skim.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
CMSC 414 Computer (and Network) Security Jonathan Katz.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Information Security Principles (ESGD4222)
Introduction to Information Security J. H. Wang Sep. 15, 2014.
Introduction to Network Security J. H. Wang Feb. 24, 2011.
Network Security by Behzad Akbari Spring 2012 In the Name of the Most High.
@Yuan Xue CS 285 Network Security Fall 2008.
Cryptography, Authentication and Digital Signatures
Protocols Part 3  Protocols 1.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Network Security CSC332. Dr. Munam Ali Shah PhD: University of Bedfordshire MS: University of Surrey M.Sc: University of Peshawar Serving COMSATS since.
Chapter 1  Introduction 1 Chapter 1: Introduction.
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.
Csci5233 computer security & integrity 1 Cryptography: an overview.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
Security CS Introduction to Operating Systems.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
Introduction to Information Security J. H. Wang Sep. 18, 2012.
ICOM 5995 (crypto) - Noack Crypto - Administrivia Prontuario - Please time-share and ask questions Info is in my homepage amadeus.uprm.edu/~noack/ Make.
Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.
Intro to Computer Security For COP3502, Intro to Computer Science Lecture 1 1.
Identify Friend or Foe (IFF) Chapter 9 Simple Authentication protocols Namibia Angola 1. N 2. E(N,K) SAAF Impala Russian MIG 1 Military needs many specialized.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Part 1  Cryptography 1 Integrity Part 1  Cryptography 2 Data Integrity  Integrity  detect unauthorized writing (i.e., modification of data)  Example:
Chapter eight: Authentication Protocols 2013 Term 2.
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Computer and Information Security Chapter 1 Introduction 1.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Security Protecting information data confidentiality
Cryptography: an overview
Security+ All-In-One Edition Chapter 1 – General Security Concepts
Chapter 8 Network Security.
Faculty of Science IT Department By Raz Dara MA.
Chapter 1: Introduction
Introduction Security Intro 1.
Computer Security By: Muhammed Anwar.
Introduction to Course
Presentation transcript:

Chapter 1  Introduction 1 Chapter 1: Introduction

2 Organization  Lectures  Homework o Several homeworks with a few correction sessions  Quiz o Several quizzes  Mid-term exam  Final Exam  Grading

3 Exams and Grading  Mid-term: 35%  Final exam: 40%  Homeworkes : 20%  Quizzes (bonus): 10% Note: The number of quizzes vastly exceeds the required minimum. There is no replacement for the quizzes.

Chapter 1  Introduction 4 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad “guy”  Trudy is our generic “intruder”

Chapter 1  Introduction 5 Alice’s Online Bank  Alice opens Alice’s Online Bank (AOB)  What are Alice’s security concerns?  If Bob is a customer of AOB, what are his security concerns?  How are Alice’s and Bob’s concerns similar? How are they different?  How does Trudy view the situation?

Chapter 1  Introduction 6 CIA  CIA == Confidentiality, Integrity, and Availability  AOB must prevent Trudy from learning Bob’s account balance  Confidentiality: prevent unauthorized reading of information o Cryptography used for confidentiality

Chapter 1  Introduction 7 CIA  Trudy must not be able to change Bob’s account balance  Bob must not be able to improperly change his own account balance  Integrity: detect unauthorized writing of information o Cryptography used for integrity

Chapter 1  Introduction 8 CIA  AOB’s information must be available whenever it’s needed  Alice must be able to make transaction o If not, she’ll take her business elsewhere  Availability: Data is available in a timely manner when needed  Availability is a “new” security concern o Denial of service (DoS) attacks

Chapter 1  Introduction 9 Beyond CIA: Crypto  How does Bob’s computer know that “Bob” is really Bob and not Trudy?  Bob’s password must be verified o This requires some clever cryptography  What are security concerns of pwds?  Are there alternatives to passwords?

Chapter 1  Introduction 10 Beyond CIA: Protocols  When Bob logs into AOB, how does AOB know that “Bob” is really Bob?  As before, Bob’s password is verified  Unlike the previous case, network security issues arise  How do we secure network transactions? o Protocols are critically important o Crypto plays critical role in protocols

Chapter 1  Introduction 11 Beyond CIA: Access Control  Once Bob is authenticated by AOB, then AOB must restrict actions of Bob o Bob can’t view Charlie’s account info o Bob can’t install new software, etc.  Enforcing these restrictions: authorization  Access control includes both authentication and authorization

Chapter 1  Introduction 12 Beyond CIA: Software  Cryptography, protocols, and access control are implemented in software  What are security issues of software? o Real world software is complex and buggy o Software flaws lead to security flaws o How does Trudy attack software? o How to reduce flaws in software development? o And what about malware?

Chapter 1  Introduction 13 Your Textbook  The text consists of four major parts o Cryptography o Access control o Protocols o Software  Note: Our focus is on technical issues

The People Problem  People often break security o Both intentionally and unintentionally o Here, we consider the unintentional  For example, suppose you want to buy something online o To make it concrete, suppose you want to buy Information Security: Principles and Practice, 2 nd edition from amazon.com Chapter 1  Introduction 14

The People Problem  To buy from amazon.com… o Your Web browser uses SSL protocol o SSL relies on cryptography o Access control issues arise o All security mechanisms are in software  Suppose all of this security stuff works perfectly o Then you would be safe, right? Chapter 1  Introduction 15

The People Problem  What could go wrong?  Trudy tries man-in-the-middle attack o SSL is secure, so attack doesn’t “work” o But, Web browser issues a warning o What do you, the user, do?  If user ignores warning, attack works! o None of the security mechanisms failed o But user unintentionally broke security Chapter 1  Introduction 16

Chapter 1  Introduction 17 Cryptography  “Secret codes”  The book covers o Classic cryptography o Symmetric ciphers o Public key cryptography o Hash functions++ o Advanced cryptanalysis

Chapter 1  Introduction 18 Access Control  Authentication o Passwords o Biometrics o Other methods of authentication  Authorization o Access Control Lists/Capabilities o Multilevel security (MLS), security modeling, covert channel, inference control o Firewalls, intrusion detection (IDS)

Chapter 1  Introduction 19 Protocols  “Simple” authentication protocols o Focus on basics of security protocols o Lots of applied cryptography in protocols  Real-world security protocols o SSH, SSL, IPSec, Kerberos o Wireless: WEP, GSM

Chapter 1  Introduction 20 Software  Security-critical flaws in software o Buffer overflow o Race conditions, etc.  Malware o Examples of viruses and worms o Prevention and detection o Future of malware?

Chapter 1  Introduction 21 Software  Software reverse engineering (SRE) o How hackers “dissect” software  Software and testing o Open source, closed source, other topics

Chapter 1  Introduction 22 Software  Operating systems o Basic OS security issues o “Trusted OS” requirements  Software is a BIG security topic o Lots of material to cover o Lots of security problems to consider o But not nearly enough time available…

Chapter 1  Introduction 23 Think Like Trudy  In the past, no respectable sources talked about “hacking” in detail o After all, such info might help Trudy  Recently, this has changed o Lots of books on network hacking, evil software, how to hack software, etc. o Classes teach virus writing, SRE, etc.

Chapter 1  Introduction 24 Think Like Trudy  Good guys must think like bad guys!  A police detective… o …must study and understand criminals  In information security o We want to understand Trudy’s methods o Might think about Trudy’s motives o We’ll often pretend to be Trudy

Chapter 1  Introduction 25 Think Like Trudy  We must try to think like Trudy  We must study Trudy’s methods  We can admire Trudy’s cleverness  Often, we can’t help but laugh at Alice’s and/or Bob’s stupidity  But, we cannot act like Trudy o Except in this class…

Chapter 1  Introduction 26 In This Course…  Think like the bad guy  Always look for weaknesses o Find the weak link before Trudy does  It’s OK to break the rules o What rules?  Think like Trudy  But don’t do anything illegal!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.