Presentation is loading. Please wait.

Presentation is loading. Please wait.

Csci5233 computer security & integrity 1 Cryptography: an overview.

Similar presentations


Presentation on theme: "Csci5233 computer security & integrity 1 Cryptography: an overview."— Presentation transcript:

1 csci5233 computer security & integrity 1 Cryptography: an overview

2 csci5233 computer security & integrity 2 Outline Security components Security mechanisms: –Symmetric Cryptography –Asymmetric Cryptography –Cryptographic Checksums –Digital Signatures

3 csci5233 computer security & integrity 3 Security components aka. Security Goals –Confidentiality: Data is only for the authorized. –data integrity: Data is correct. –origin integrity: Origin of the data is correct. –non-repudiability: There exists a mechanism to prove that the actor (sender, receiver, writer, retrieval, …) indeed performed that action. –availability: Data is available to the authorized. –access control –anonymity –etc. What components to implement depends on the application’s security policy/requirements.

4 csci5233 computer security & integrity 4 Security components What components to implement depends on the application’s security policy/requirements. Example applications that demand the various security components?

5 csci5233 computer security & integrity 5 Security components: Exercise You are part of a project team, which is developing an information system for command, communication and control between a command center and nuclear submarines. Of course, the communication between the command center and the submarine must be secured from potential faults and attacks. Explain how each of the following goals could be achieved by providing detailed protocols (showing the actors and their respective actions). –Goal #1: The communication must remain secret. That is, only the targeted recipient of a message should have access to the content of the message. –Goal #2: The correctness of the messages/commands must be verifiable. That is, if the message ever gets altered, the change should be detected. –Goal #3: The recipient of a message should be able to verify the true identity of the sender. That is, an unauthentic sender should be detected. –Goal #4: A command issued by A cannot later be denied by A. That is, A cannot later deny either the content or the action of sending that message.

6 csci5233 computer security & integrity 6 Security Mechanisms A security component is provided by one or more mechanisms. Common security mechanisms: –Symmetric Cryptography –Asymmetric Cryptography –Cryptographic Checksums –Digital Signatures –Digital Certificates –Firewalls –IDS –Kerberos –802.11i –WEP –IPSec –SSL –…

7 csci5233 computer security & integrity 7 Classical Cryptography Sender, receiver share common key –Keys may be the same, or trivial to derive from one another –Also called symmetric cryptography

8 csci5233 computer security & integrity 8 Public Key Cryptography Sender, receiver use keys that are inverse –An entity has a key pair (public key, private key) –The public key is usually public, but the private key is known only to the owner. –Also called asymmetric cryptography

9 csci5233 computer security & integrity 9 Cryptographical Checksums Message Digest –A checksum of the data –Sent or stored along with the source data –The receiver or the user of the data verifies the digest to determine the correctness.

10 csci5233 computer security & integrity 10 Cryptographical Checksums Message Authentication Code (MAC) –Keyless checksum is not secure. Why? –MAC is usually used for data integrity. –Some sort of “protection” must be in place if keyless message digest is used.

11 csci5233 computer security & integrity 11 Digital Signatures Powerful but expensive security mechanism Provides data integrity, origin integrity, and sender non-repudiability. How?


Download ppt "Csci5233 computer security & integrity 1 Cryptography: an overview."

Similar presentations


Ads by Google