Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.

Slides:



Advertisements
Similar presentations
Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Cryptography and Security: The Narrow Road from Theory to Practice Burt Kaliski, RSA Security ISPEC 2006, Hangzhou, China April 13, 2006.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
Cryptography Introduction Last Updated: Aug 20, 2013.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.
Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.
Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
Mid-term Review Network Security. Secure channel SSL (and many others:incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be covered)
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 8 Network Security 4/17/2017
Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011 Network Security Chapter 8.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Cryptography Lecture 1: Introduction Piotr Faliszewski.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
CS 4/585: Cryptography Tom Shrimpton FAB
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Network Security Essentials Chapter 5
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Chapter 1  Introduction 1 Chapter 1: Introduction.
A. Steffen, , 0-Overview.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Class 5 Channels and Preview CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Exam 1 Review CS461/ECE422 Fall Exam guidelines A single page of supplementary notes is allowed  8.5x11. Both sides. Write as small as you like.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Potential vulnerabilities of IPsec-based VPN
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Network Security Chapter 8 Institute of Information Science and Technology. Chengdu University YiYong 2008 年 2 月 25 日.
Security Protecting information data confidentiality
Secure Sockets Layer (SSL)
Chapter 8 Network Security.
Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
Cryptography Introduction
Chapter 1: Introduction
Introduction Security Intro 1.
COEN 351 Authentication.
Presentation transcript:

Part 4  Software 1 Conclusion

Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access Control o Authentication, authorization  Protocols o Simple authentication o Real-World: SSL, IPSec, Kerberos, GSM  Software o Flaws, malware, SRE, development, OS issues

Part 4  Software 3 Crypto Basics  Terminology  Classic cipher o Simple substitution o Double transposition o Codebook o One-time pad  Basic cryptanalysis

Part 4  Software 4 Symmetric Key  Stream ciphers o A5/1 o RC4  Block ciphers o DES o AES, TEA, etc. o Modes of operation  Data integrity (MAC)

Part 4  Software 5 Public Key  Knapsack (insecure)  RSA  Diffie-Hellman  Elliptic curve crypto (ECC)  Digital signatures and non-repudiation  PKI

Part 4  Software 6 Hashing and Other  Birthday problem  Tiger Hash  HMAC  Clever uses: online bids, spam reduction  Other topics o Secret sharing o Random numbers o Information hiding (stego, watermarking)

Part 4  Software 7 Advanced Cryptanalysis  Linear and differential cryptanalysis  RSA side channel attack  Knapsack attack (lattice reduction)  Hellman’s TMTO attack on DES

Part 4  Software 8 Authentication  Passwords o Verification and storage (salt, etc.) o Cracking (math)  Biometrics o Fingerprint, hand geometry, iris scan, etc. o Error rates  Two-factor, single sign on, Web cookies

Part 4  Software 9 Authorization  ACLs and capabilities  MLS  BLP, Biba, compartments, covert channel, inference control  CAPTCHA  Firewalls  IDS

Part 4  Software 10 Simple Protocols  Authentication o Using symmetric key o Using public key o Establish session key o PFS o Timestamps  Authentication and TCP  Zero knowledge proof (Fiat-Shamir)

Part 4  Software 11 Real-World Protocols  SSL  IPSec o IKE o ESP/AH  Kerberos  GSM o Security flaws

Part 4  Software 12 Software Flaws and Malware  Flaws o Buffer overflow o Incomplete mediation, race condition, etc.  Malware o Brain, Morris Worm,Code Red, Slammer o Malware detection o Future of malware  Other software-based attacks o Salami, linearization, etc.

Part 4  Software 13 Insecurity in Software  Software reverse engineering (SRE) o Software protection  Digital rights management (DRM)  Software development o Open vs closed source o Finding flaws (math)

Part 4  Software 14 Operating Systems  OS security functions o Separation o Memory protection, access control  Trusted OS o MAC, DAC, trusted path, TCB, etc.  NGSCB o Technical issues o Criticisms

Part 4  Software 15 Crystal Ball  Cryptography o Well-established field o Don’t expect major changes o But some systems will be broken o ECC is a “growth” area o Quantum crypto may prove worthwhile (so far, lots of hype, little that’s useful)

Part 4  Software 16 Crystal Ball  Authentication o Passwords will continue to be a problem o Biometrics should become more viable o Smartcard will be used more  Authorization o ACLs, etc., well-established areas o CAPTCHA’s interesting new topic o IDS is a very hot topic

Part 4  Software 17 Crystal Ball  Protocols are challenging  Very difficult to get protocols right  Protocol development often haphazard o Kerckhoffs Principle for protocols? o How much would it help?  Protocols will continue to be a significant source of security failure

Part 4  Software 18 Crystal Ball  Software is a huge security problem today o Buffer overflows should decrease o Race condition attacks might increase  Virus writers are getting smarter o Polymorphic, metamorphic, what’s next? o Not easy to detect  Malware will continue to plague us

Part 4  Software 19 Crystal Ball  Other software issues o Reverse engineering will remain o Secure development inherently hard o Open source not a panacea  OS issues o NGSCB will change things… o But for better or for worse?

Part 4  Software 20 The Bottom Line  Security knowledge is needed today…  …and it will be needed in the future  Necessary to understand technical issues o The focus of this class  But technical knowledge is not enough o Human nature, legal issues, business issues, etc. o Experience also important

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.