Presentation is loading. Please wait.

Presentation is loading. Please wait.

Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis."— Presentation transcript:

1

2 Part 4  Software 1 Conclusion

3 Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access Control o Authentication, authorization  Protocols o Simple authentication o Real-World: SSL, IPSec, Kerberos, GSM  Software o Flaws, malware, SRE, development, OS issues

4 Part 4  Software 3 Crypto Basics  Terminology  Classic cipher o Simple substitution o Double transposition o Codebook o One-time pad  Basic cryptanalysis

5 Part 4  Software 4 Symmetric Key  Stream ciphers o A5/1 o RC4  Block ciphers o DES o AES, TEA, etc. o Modes of operation  Data integrity (MAC)

6 Part 4  Software 5 Public Key  Knapsack (insecure)  RSA  Diffie-Hellman  Elliptic curve crypto (ECC)  Digital signatures and non-repudiation  PKI

7 Part 4  Software 6 Hashing and Other  Birthday problem  Tiger Hash  HMAC  Clever uses: online bids, spam reduction  Other topics o Secret sharing o Random numbers o Information hiding (stego, watermarking)

8 Part 4  Software 7 Advanced Cryptanalysis  Linear and differential cryptanalysis  RSA side channel attack  Knapsack attack (lattice reduction)  Hellman’s TMTO attack on DES

9 Part 4  Software 8 Authentication  Passwords o Verification and storage (salt, etc.) o Cracking (math)  Biometrics o Fingerprint, hand geometry, iris scan, etc. o Error rates  Two-factor, single sign on, Web cookies

10 Part 4  Software 9 Authorization  ACLs and capabilities  MLS  BLP, Biba, compartments, covert channel, inference control  CAPTCHA  Firewalls  IDS

11 Part 4  Software 10 Simple Protocols  Authentication o Using symmetric key o Using public key o Establish session key o PFS o Timestamps  Authentication and TCP  Zero knowledge proof (Fiat-Shamir)

12 Part 4  Software 11 Real-World Protocols  SSL  IPSec o IKE o ESP/AH  Kerberos  GSM o Security flaws

13 Part 4  Software 12 Software Flaws and Malware  Flaws o Buffer overflow o Incomplete mediation, race condition, etc.  Malware o Brain, Morris Worm,Code Red, Slammer o Malware detection o Future of malware  Other software-based attacks o Salami, linearization, etc.

14 Part 4  Software 13 Insecurity in Software  Software reverse engineering (SRE) o Software protection  Digital rights management (DRM)  Software development o Open vs closed source o Finding flaws (math)

15 Part 4  Software 14 Operating Systems  OS security functions o Separation o Memory protection, access control  Trusted OS o MAC, DAC, trusted path, TCB, etc.  NGSCB o Technical issues o Criticisms

16 Part 4  Software 15 Crystal Ball  Cryptography o Well-established field o Don’t expect major changes o But some systems will be broken o ECC is a “growth” area o Quantum crypto may prove worthwhile (so far, lots of hype, little that’s useful)

17 Part 4  Software 16 Crystal Ball  Authentication o Passwords will continue to be a problem o Biometrics should become more viable o Smartcard will be used more  Authorization o ACLs, etc., well-established areas o CAPTCHA’s interesting new topic o IDS is a very hot topic

18 Part 4  Software 17 Crystal Ball  Protocols are challenging  Very difficult to get protocols right  Protocol development often haphazard o Kerckhoffs Principle for protocols? o How much would it help?  Protocols will continue to be a significant source of security failure

19 Part 4  Software 18 Crystal Ball  Software is a huge security problem today o Buffer overflows should decrease o Race condition attacks might increase  Virus writers are getting smarter o Polymorphic, metamorphic, what’s next? o Not easy to detect  Malware will continue to plague us

20 Part 4  Software 19 Crystal Ball  Other software issues o Reverse engineering will remain o Secure development inherently hard o Open source not a panacea  OS issues o NGSCB will change things… o But for better or for worse?

21 Part 4  Software 20 The Bottom Line  Security knowledge is needed today…  …and it will be needed in the future  Necessary to understand technical issues o The focus of this class  But technical knowledge is not enough o Human nature, legal issues, business issues, etc. o Experience also important

Download ppt "Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis."

Similar presentations

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Cryptography and Security: The Narrow Road from Theory to Practice Burt Kaliski, RSA Security ISPEC 2006, Hangzhou, China April 13, 2006.

Cryptography and Security: The Narrow Road from Theory to Practice Burt Kaliski, RSA Security ISPEC 2006, Hangzhou, China April 13, 2006.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
Cryptography Introduction Last Updated: Aug 20, 2013.

Cryptography Introduction Last Updated: Aug 20, 2013.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.

1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.
Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.

Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.

Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.
Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.

Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.

Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.

Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.

Similar presentations

Ads by Google