Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 3 Basic Security Concepts cont.. Homework 1. Score: 10 points Due: September 12, 2013 2:00 am via dropbox Last day to submit with 4%/day penalty:

Published byBriana Holland Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 3 Basic Security Concepts cont.. Homework 1. Score: 10 points Due: September 12, 2013 2:00 am via dropbox Last day to submit with 4%/day penalty:"— Presentation transcript:

1 Lecture 3 Basic Security Concepts cont.

2 Homework 1. Score: 10 points Due: September 12, 2013 2:00 am via dropbox Last day to submit with 4%/day penalty: September 23, 2013 2:00 am via dropbox From C. P. Pfleeger and S. L. Pfleeger: Security in Computing, 4 th Edition answer the following questions:  Chapter 1: 1, 10, 15  Chapter 2: 13, 18, 34 Grading: Answer all of the questions. Only one of them will be chosen by the instructor to be graded. Solutions for all questions will be posted online and discussed in class after the last day to submit date. CSCE 522 - Farkas 2

3 3 Research Project Project information: http://cse.sc.edu/~farkas/csce522- 2013/project-2013.htm http://cse.sc.edu/~farkas/csce522- 2013/project-2013.htm Step 1  Identifying research interest  Form groups of 2-4 students

4 CSCE 522 - Farkas Project Information Discussion on Student preferences  What do you like to work on? E.g., application development, operating systems, databases, hardware design, robotics, game development, etc.  What are the security problems in your area of interest? E.g., multilevel secure operating systems, access control in databases, remote controlled robots, etc.  How much your group can do within 1 semester? E.g., need to choose a problem that can be addressed within 12 weeks (including any background research, research, development, and writing reports)  Be as specific as possible! 4

5 CSCE 522 - Farkas 5 Types of Attacks (1)  Interruption – an asset is destroyed, unavailable or unusable (availability)  Interception – unauthorized party gains access to an asset (confidentiality)  Modification – unauthorized party tampers with asset (integrity)  Fabrication – unauthorized party inserts counterfeit object into the system (authenticity)  Denial – person denies taking an action (authenticity)

6 CSCE 522 - Farkas 6 Types of Attacks (2)  Passive attacks:  Eavesdropping  Monitoring  Active attacks:  Masquerade – one entity pretends to be a different entity  Replay – passive capture of information and its retransmission  Modification of messages – legitimate message is altered  Denial of service – prevents normal use of resources

7 Malicious Attacks M ethod: skills, knowledge, tools, information, etc. O pportunity: time and access M otive: reason to perform the action How can defense influence these aspects of attacks? CSCE 522 - Farkas 7

8 8 Computer Criminals Amateurs: regular users, who exploit the vulnerabilities of the computer system  Motivation: easy access to vulnerable resources Crackers: attempt to access computing facilities for which they do not have the authorization  Motivation: enjoy challenge, curiosity Career criminals: professionals who understand the computer system and its vulnerabilities  Motivation: personal gain (e.g., financial)

9 CSCE 522 - Farkas 9 Lecture 1 Methods of Defense Prevent: block attack Deter: make the attack harder Deflect: make other targets more attractive Detect: identify misuse Tolerate: function under attack Recover: restore to correct state

10 CSCE 522 - Farkas 10 Information Security Planning Organization Analysis Risk management Mitigation approaches and their costs Security policy Implementation and testing Security training and awareness

11 CSCE 522 - Farkas 11 Risk Management Framework (Business Context) Understand Business Context Identify Business and Technical Risks Synthesize and Rank Risks Define Risk Mitigation Strategy Carry Out Fixes and Validate Measurement and Reporting

12 Cryptography 1 Project Topics Cyber Attacks Cryptography Terminology Secret-Key Encryption

13 CSCE 522 - Farkas 13 Reading Assignment Reading assignments for this lecture Required:  Pfleeger: Ch 2 Recommended:  C. Dupuis, A Short History of Cryptography, http://jproc.ca/crypto/crypto_hist.html http://jproc.ca/crypto/crypto_hist.html  Navajo Code Talkers: World War II Fact Sheet, http://www.history.navy.mil/faqs/faq61-2.htm http://www.history.navy.mil/faqs/faq61-2.htm Interesting:  U.S. always ends up regulating new technologies for public safety; the Internet is no exception, Homeland Security News Wire, http://www.homelandsecuritynewswire.com/bull20120829-u-s-always-ends- up-regulating-new-technologies-for-public-safety-the-internet-is-no-exception, 08/29/2012 http://www.homelandsecuritynewswire.com/bull20120829-u-s-always-ends- up-regulating-new-technologies-for-public-safety-the-internet-is-no-exception

14 CSCE 522 - Farkas 14 Insecure communications Sender Snooper Recipient Insecure channel Confidential

15 CSCE 522 - Farkas 15 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it  Only the recipient should get it  Proof of the sender’s identity  Message shouldn’t be corrupted in transit  Message should be sent/received once only

16 CSCE 522 - Farkas 16 Terminology  Plaintext (cleartext): a message in its original form  Ciphertext (cyphertext): an encrypted message  Encryption: transformation of a message to hide its meaning  Cipher: cryptographic algorithm. A mathematical function used for encryption (encryption algorithm) and decryption (decryption algorithm).

17 CSCE 522 - Farkas 17 Terminology  Decryption: recovering meaning from ciphertext  Cryptography: art and science of keeping messages secure  Cryptanalysis: art and science of breaking ciphertext  Cryptology: study of both cryptography and cryptanalysis

18 CSCE 522 - Farkas 18 Encryption and Decryption Plaintext EncryptionDecryption Ciphertext Additional requirements : Authentication Between communicating parties Third-party authentication Non-repudiation Integrity verification Key distribution Secret key (secure distribution) Public key (reliable distribution)

19 CSCE 522 - Farkas 19 Conventional (Secret Key) Cryptosystem Encryption Decryption Plaintext Ciphertext K SenderRecipient C=E(K,M) M=D(K,C) K needs secure channel

20 CSCE 522 - Farkas 20 Public Key Cryptosystem Encryption Decryption Plaintext Ciphertext SenderRecipient C=E(K pub,M) M=D(K priv,C) Recipient’s public Key (K pub ) Recipient’s private Key (K priv ) K pub needs reliable channel

21 Security Objectives Confidentiality Integrity Availability Authenticity Non-repudiation CSCE 522 - Farkas 21 How can cryptography support these objectives?

22 CSCE 522 - Farkas 22 Security Objectives Confidentiality: Hiding message/file content Secret key, public key encryption Integrity: Detecting modification Hash function Availability: Not much – hiding existence of data Secret key, public key encryption Authenticity: Verify origin Public key encryption Non-repudiation: Verify activity Public key encryption CSCE 522 - Farkas 22

23 CSCE 522 - Farkas 23 Cryptanalysis Cryptanalyst’s goal:  Break message  Break key  Break algorithm

24 CSCE 522 - Farkas 24 Taxonomy of Attacks Ciphertext-only attack: attacker has ciphertext for messages encrypted with K. Deduce keys and/or plaintext messages. Known plaintext attack: attacker additionally knows the plaintext of the messages. Deduce keys or a decryption algorithm. Chosen plaintext attack: attacker can obtain the ciphertext for selected plaintext messages. Deduce as above. Chosen ciphertext attack: attacker can obtain decrypted (plaintext) versions of selected ciphertext. Deduce as above.

25 CSCE 522 - Farkas 25 Breakable versus Practically breakable Unconditionally secure: impossible to decrypt. No amount of ciphertext will enable a cryptanalyst to obtain the plaintext Computationally secure: an algorithm that is not breakable in practice based on worst case scenario Breakable: all algorithms (except one-time pad) are theoretically breakable

26 CSCE 522 - Farkas 26 What makes a good cryptosystem?  A good cryptosystem is one whose security does not depend upon the secrecy of the algorithm.  From Bruce Schneier:  “Good cryptographers rely on peer review to separate the good algorithms from the bad. ''

27 CSCE 522 - Farkas 27 Secret Key Cryptosystem Encryption Decryption Plaintext Ciphertext K SenderRecipient C=E(K,M) M=D(K,C) K needs secure channel

28 CSCE 522 - Farkas 28 Secret Key Cryptosystem Vulnerabilities (1 Passive Attacker (Eavesdropper) Obtain and/or guess key and cryptosystem use these to decrypt messages Capture text in transit and try a ciphertext- only attack to obtain plaintext.

29 CSCE 522 - Farkas 29 Active Attacker Break communication channel (denial of service) Obtain and/or guess key and cryptosystem and use these to send fake messages Secret Key Cryptosystem Vulnerabilities

30 CSCE 522 - Farkas 30 Inherent Weaknesses of Symmetric Cryptography  Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other)  Need a key for each pair of users  n users need n*(n-1)/2 keys  If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages

31 CSCE 522 - Farkas 31 Basic Encryption Techniques Substitution Permutation Combinations and iterations of these

32 CSCE 522 - Farkas 32 Next Class  Substitution and Transposition  Characterization of good encryption algorithms

Download ppt "Lecture 3 Basic Security Concepts cont.. Homework 1. Score: 10 points Due: September 12, 2013 2:00 am via dropbox Last day to submit with 4%/day penalty:"

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Lect. 3 : Basic Terms Lots of new terminologies in every new fields…

1 Lect. 3 : Basic Terms Lots of new terminologies in every new fields…
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
1 資訊安全 Network Security Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 資訊安全 Network Security Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.

CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.
Lecture 1 Overview.

Lecture 1 Overview.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
1 CSE 651: Introduction to Network Security Steve Lai Spring 2010.

1 CSE 651: Introduction to Network Security Steve Lai Spring 2010.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Similar presentations

Ads by Google