Presentation is loading. Please wait.

Presentation is loading. Please wait.

IELM 511: Information System design Introduction Part 1. ISD for well structured data – relational and other DBMS Part 2. ISD for systems with non-uniformly.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "IELM 511: Information System design Introduction Part 1. ISD for well structured data – relational and other DBMS Part 2. ISD for systems with non-uniformly."— Presentation transcript:

1 IELM 511: Information System design Introduction Part 1. ISD for well structured data – relational and other DBMS Part 2. ISD for systems with non-uniformly structured data Part III: (subset of) Basics of web-based IS (www, web2.0, …) Markup’s, HTML, XML Design tools for Info Sys: UML API’s for mobile apps Security, Cryptography IS product lifecycles Algorithm analysis, P, NP, NPC Info storage (modeling, normalization) Info retrieval (Relational algebra, Calculus, SQL) DB integrated API’s

2 Agenda Basics of secure communications in Information Systems Private key (symmetric key) IS Encryption algorithms and how they work (basics) The mathematical basis for encryption Concluding remarks Asymmetric keys and their uses in IS

3 Communications basics How does the IS exchange data securely between the client and server? Data encryption  transmit encrypted data  decrypt data on server How to encrypt/decrypt ? Shared secret password: Symmetric keys Asymmetric keys (uses Secure Sockets Layer protocol), or SSL In many applications, we use a secret ‘password’ to ‘log in’ and communicate securely

4 Web security background 1. Passive attacks: Attacker monitors data traffic on the web, and collects some information not sent to him (using ‘packet sniffers’) 2. Active attacks: (a) Attacker gains access to some computer using security loopholes (typically using virus, worms, trojan horse, etc.) (b) Spoofing: attacker pretends to be a trusted system, to make the user believe it is safe to send them some secure data. (c) Cryptographic attack: attacker captures encrypted data an decrypts it (e.g., repeatedly trying many possible passwords) 3. Denial of service attacks: Attacker overloads your server with too many requests, blocking other users from accessing it. 4. Social engineering: Attacker uses personal communication/phone call to cheat you into telling them some secret information (e.g. password, credit card pin)

5 Data encryption: symmetric-key encryption sender, receiver share a secret key via email/phone/letter 1 data encryption algorithm @#r% decryption algorithm data 2 sender encrypts data, sends receiver decrypts data, reads Usually, the encryption and decryption uses same key (password) Common examples: DES algorithm (chops data into 64 bit ‘blocks’, encrypting each with a 56 bit key.) Feistel cipher data @#r%

6 Data encryption: asymmetric-key (private key, public key) Each party wishing to communicate has two keys: - Public key: a password that is released to everyone - Private key: a secret password that is not told to anyone Properties of Public, Private keys: - must be different from each other - mathematically related - impossible to determine one from the other Two common uses of Asymmetric keys: Secure communications: sending encrypted data Identity verification: digital signatures data @#r% pub pri data @#r% pub pri data

7 Data encryption: asymmetric-key (private key, public key) data encryption algorithm @#r% decryption algorithm data Sender encrypts data with receiver’s public key Receiver decrypts data with receiver’s private key r_pubr_pri sends reads Secure communications data encryption algorithm @#r% decryption algorithm data Sender encrypts data with sender’s private key Receivers decrypt data with sender’s public key s_pris_pub sends reads Digital signatures @#r% decryption algorithm data s_pub

8 Asymmetric keys: user verification Problem: how will the a user know whether the public key they ‘fetch’ over the internet is really from the party they are communicating, or it’s been altered by some malicious party? Solution: use of a “trusted” intermediary (third party), who is in charge of (a) providing keys to all interacting parties (b) physically checking that the each party is who they claim to be Implementation - Use of a Public Key Infrastructure (PKI), which usually involves a - 3 rd party Certificate Authority (CA) who issues and manages key’s to the applications that are communicating. Some common CA’s - VeriSign, CoModo, GoDaddy, DigiCert, …

9 Two common technologies for secure web communication Using TLS (Transport Layer Security) Using SHTTP - A set of functions written in the transport layer - URL is of the form: https://host/path/file - Connection on server is typically on port 443 - When a secure page is requested, TLS protocol will - verify identity of both parties - use symmetric-key encryption in the rest of the session - Implemented as a set of functions in application layer - URL is of the form: shttp://host/path/file - Used by very few systems

10 TLS connections (simplified) c_pub c_pri s_pri client server client generates a random number: rc s_pub *rc encrypts rc: rc client requests secure page: https://host/page includes: (a) list of cipher funcs, (b) *rc s_pub server generates a random number: rs *rs encrypts rs: rs server sends requested page, + c_pub encrypts server certificate: sc s_pri *sc *rs *sc rc *rc rs *rs client contacts CA to verify server identity *sc c_pri s_pub sc next page… rc rs s_pri

11 TLS connections (simplified) c_pub c_pri s_pri client server s_pub rc rs client contacts CA to verify server identity sc sends encrypted certificate encrypts client certificate: cc *cc c_pri *cc server contacts CA to verify client identity *cc cc c_pub cc client generates a random number (pre-password): pms s_pub encrypts pre-password: *pms s_pri pms rc rs rc client, server independently calculate password pass pms rsrc pass Secure, symmetric-key session with password: pass

12 Basics of encryption Encryption is essential for many IS applications. How do encryption algorithms work ?

13 Simplest example: Shift cipher Main idea: Shift letters using mod 26 arithmetic Input: set of characters from the alphabet, P  {a, b, …, z} Input: shift size, key  {1,..., 25} Output: cipher text, C  {a, b, c, …, x, y, z} Encryption and decryption functions encrypt(key, letter) = letter + key (mod 26) decrypt(key, letter) = letter - key (mod 26) Note: the ‘mod’ function is applied to the numerical equivalent of each character, a = 1, b = 2, … z = 26. Example: encrypt(3, play) = sodb

14 Shift Cipher (or similar permutation ciphers) Advantages encrypt, decrypt: very efficient Ciphertext appears unreadable Disadvantages Only 25 possible keys (easy to crack!) Regular pattern  we can use letter-frequency tables, etc Letter groupProbability E0.12 TAOINSHR0.06 - 0.09 DL0.04 CUMWFGYPB0.015 - 0.028 VKJXQZ< 0.01 [Beker and Piper] analysis of frequency of letters in English:

15 More sophisticated cipher: One time pad Secret-key encryption scheme (symmetric) Main idea: Encrypt plaintext by xor with key (= sequence of bits) Decrypt ciphertext by xor with same key (= bit sequence) 1 0 0 1 0 1 0 PlaintextKeyCiphertextKeyPlaintext 1 1 0 1 0 0 1 0 1 0 0 0 1 1 1 1 0 1 0 0 1 1 0 0 1 0 1 0  =  = 0 1 0 0 0 1 1 Ciphertext

16 One time pad Advantages Easy to compute encrypt, decrypt from key, text Secure: Given a plaintext and random key, all possible ciphertexts are equally likely. Disadvantages Key is as long as the plaintext

17 Even more sophisticated ciphers: Block ciphers Basic algorithms for Block ciphers were developed at IBM Examples: Feistel: source code is available for many languages; DES (Data Encryption Standard): commonly used. Main idea: 1. Permute input bits 2. Repeat application of a Feistel-style function 3. Apply inverse permutation to produce output  Simple, computationally efficient, secure (at least to date!)

18 DES basics Plain text (64 bits) Initial permutation IP [0..63] Two halves L 0 [0..31]R 0 [0..31] L i-1 R i-1 F K i F( key, input) x 16 times L 16 [0..31]R 16 [0..31] Inverse Initial permutation Cipher text (64 bits) L i = R i-1 R i XOR K i = permutation of key K

19 DES basics.. Function F(R i-1,K i ) Block E: expands 32-bit R i-1 into 48bits XOR with K i Divide into 8 6-bit blocks Apply “S-box” table-lookup functions to each block Permute resulting bits [source: wikipedia] S-box table-lookup functions: Non-linear mapping; main reason why DES function is not invertible. This website gives a numerical example of DES encryption steps

20 RSA algorithm DES uses same key for encryption and decryption. The theoretical basis for Public key encryption systems are developed from the RSA algorithm. RSA algorithm: based on number theory (prime numbers). [an excellent introduction is Prof Deng Xiaotie’s lectures, City U.]

21 Practical matters Private key algorithms: Easy to implement in your own IS Open source code available for many ciphers (Feistel, TEA)TEA Public key algorithms: Requires purchase of service from PKI vendor (e.g. Verisign,…) Expensive to implement, manage, but standard for most businesses

22 References and Further Reading Next: Mobile Applications Design Simon Singh, The Code Book, pub. Anchor press, 2000 PDF article giving brief introduction to RSA mathsPDF article giving brief introduction to RSA maths (Utah State, Prof Moon) Wikipedia cryptography portal Prof Deng Xiaotie/Prof Frances Yao’s lecture notes (City Univ, HK)

Download ppt "IELM 511: Information System design Introduction Part 1. ISD for well structured data – relational and other DBMS Part 2. ISD for systems with non-uniformly."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
IELM 231: IT for Logistics and Manufacturing Course Agenda Introduction IT applications design: Human-Computer Interface Fundamental IT tools: sorting,

IELM 231: IT for Logistics and Manufacturing Course Agenda Introduction IT applications design: Human-Computer Interface Fundamental IT tools: sorting,
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
IELM 511: Information System design Introduction Part 1. ISD for well structured data – relational and other DBMS Part 2. ISD for systems with non-uniformly.

IELM 511: Information System design Introduction Part 1. ISD for well structured data – relational and other DBMS Part 2. ISD for systems with non-uniformly.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google