Security 0 The Secure Environment. Security 1 The Secure Environment Security goals (C.I.A.) and...
-
Upload
ophelia-richard -
Category
Documents
-
view
224 -
download
0
Transcript of Security 0 The Secure Environment. Security 1 The Secure Environment Security goals (C.I.A.) and...
Security 1
The Secure Environment
Security 2
The Secure Environment
Security goals (C.I.A.) and threats
Security 3
Common Categories
1. Casual prying by nontechnical users
2. Snooping by insiders
3. Determined attempt to make money
4. Commercial or military espionage
5. Others (such as cyber wars)
Intruders
Security 4
Basics of Cryptography
Security 5
Network Is NOT Secure
A
B
C
D
ABC ABCABC
ABCABC
Security 6
A
B
C
D
~!@ ~!@~!@
~!@~!@
Encrypt Your Information
Security 7
Data Encryption Process
Encryption Decryption
Plaintext PlaintextCiphertext
Network
KEY KEY
Security 8
(a) Conventional two-way Cryptography
Encryption Decryption
Plaintext PlaintextCiphertext
Network
KEY
Encryption Decryption
Plaintext PlaintextCiphertext
Network
(b) Public Key Cryptography
KEY1 KEY2
Two Types of Cryptography
Security 9
Conventional two-way Cryptography
Encryption Decryption
Plaintext PlaintextCiphertext
Network
KEY
treaty impossible wuhdwb lpsrvvleoh treaty impossible
abcdefghijklmnopqrstuvwxyzdefghijklmnopqrstuvwxyzabc
Encryption: ci=E(pi) = pi + 3Decryption: pi=D(ci) = ci - 3
KEY:Caesar Cipher
Security 10
Conventional two-way Cryptography
Substitution Cipher•Caesar Cipher•Playfair Cipher•Etc.
Security 11
Conventional two-way Cryptography: Problems
A
B
C
D
Security 12
Public Key Cryptography
Encryption Decryption
Plaintext PlaintextCiphertext
Network
KEY1 KEY2
PublicPrivate
Security 13
Public Key Cryptography: Advantages
A
B
C
D
Private key A
Private key B
Private key D
Private key C
Public key APublic key BPublic key CPublic key D
Security 14
PKI: Certification Authority
What is a certificate? Why do we need Certification Authorities (CA) or trusted third party?
A certificate is a digitally signed statement by a CA that provides independent confirmation of an attribute claimed by a person proffering a digital signature. More formally, a certificate is a computer-based record which: (1) identifies the CA issuing it, (2) names, identifies, or describes an attribute of the subscriber, (3) contains the subscriber's public key, and (4) is digitally signed by the CA issuing it.
Security 15
Trapdoor function
Public Key Cryptography:Some Roads Are One-Way
Easy
Difficulty
N5
N1/5
Prime1 * Prime2 = Composite
Composite = Prime1 * Prime2
Trapdoor characteristics: (1) It is easy to compute f(x) from x.(2) Computation of x from f(x) is likely to be intractable.
Security 16
An Example : Encryption
EB(p) DB(EB(p)) = p
Network
User A User B
A encrypts message p using B’s public key
B decrypts the ciphertext using its own private key
Security 17
Another Example : Digital Signature
EB(DA(p))EA(DB(EB(DA(p)))) =
EA(DA(p)) = p
Network
User A User B
A signs message p using its own private key and encrypts it using B’s public key
B decrypts the ciphertext using its own private key and verifies it using A’s public key
Security 18
Hash functions
……….……….……….………..……….………
HashMessageDigest
The basic requirements for a cryptographic hash function H(x) are as follows.
•The input can be of any length. •The output has a fixed length. •H(x) is relatively easy to compute for any given x. •H(x) is one-way. •H(x) is collision-free.
Security 19
More on Digital Signature……….……….……….………..……….………
HashMessageDigest
Signature
Sign (decrypt)Using Private Key
……….……….……….………..
Signature
Append
Security 20
More on Digital Signature
HashMessageDigest
Verify (Encrypt operation)Using Public Key
……….……….……….………..
SignatureMessageDigest
Security 21
User Authentication
Security 22
Basic Principles. Authentication must identify:
1. Something the user knows
2. Something the user has
3. Something the user is
This is done before user can use the system
User Authentication
Security 23
(a) A successful login
(b) Login rejected after name entered
(c) Login rejected after name and password typed
Authentication Using Passwords
Note: be careful when failed several times.
Security 24
Authentication Using Passwords
How a cracker broke into LBL (source: A.S.Tanenbaum “Modern Operating System” course materials)
• a U.S. Dept. of Energy research lab
Security 25
Login Spoofing
% Login: % Login:
(a) Correct login screen (b) Phony login screen
Security 26
Authentication Using Passwords
The use of salt to defeat precomputation of encrypted passwords
Salt Password
,
,
,
,
Security 27
Authentication Using a Physical Object
Magnetic cards
• magnetic stripe cards
• chip cards: stored value cards, smart cards
Security 28
Authentication Using Biometrics
A device for measuring finger length.
Security 29
Countermeasures
•Limiting times when someone can log in
•Automatic callback at number prespecified
•Limited number of login tries
•A database of all logins
•Simple login name/password as a trap
• security personnel notified when attacker bites
Security 30
Secure Communications Over Insecure Channels
R. C. Merkle’s Puzzle
“secure Communications over Insecure Channels”
Communications of the ACM, 1978, Vol. 21, No. 4.
Security 31
One-way Hash Chain and TESLA•Adrian Perrig, Ran Canetti, Dawn Song, and J. D. Tygar. Efficient and secure source authentication for multicast. In Network and Distributed System Security Symposium, NDSS '01, February 2001.