Course Hero

Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.

5 Pages

LN4

Course: CST 459, Fall 2008
School: ASU
Rating:
 
 
 
 
 

Word Count: 1742

Document Preview

458/598 Fall CET 2000 Lecture Notes Chapter 8 - Security There are several to compromise communication between two computers: 1. on shared media eavesdrop (listen in) 2 spoof pretend to be source or destination after a communication has started or start one pretending to be a different computer (/user) 3 insert packets (up to taking over a connection) 4 modify packets The eventual goal is to take-over an...

Register Now
Search

Unformatted Document Excerpt

Coursehero >> Arizona >> ASU >> CST 459

Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Course Hero has millions of student submitted documents similar to the one below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
458/598 Fall CET 2000 Lecture Notes Chapter 8 - Security There are several to compromise communication between two computers: 1. on shared media eavesdrop (listen in) 2 spoof pretend to be source or destination after a communication has started or start one pretending to be a different computer (/user) 3 insert packets (up to taking over a connection) 4 modify packets The eventual goal is to take-over an end-point computer or router/switch/hub. At a higher level attacks are built out of one or more of the above four methodologies using application layer functionality in unintended ways. Examples are Denial-of-service attacks based on overwhelming a computer/network with packets to tie-up resources; open port probes, password cracking, applications with holes such as buffer overflow issues. And lastly, there is the use of the application functionality to smuggle in a program that can be helpful in taking over the computer (viruses, worms, etc). The idea not stated in the text is to use encryption and associated technologies to hide data and provide strong authentication (verify that a communication is from who it is purported to be from). If used appropriately this gets rid of most of the above problems (e.g., except some application level problems). You are responsible for all Sections of Chapter 8 except 8.3.1 & 8.3.2. Terminology Encryption, decryption, plaintext, ciphertext, , authentication, message integrity, nonrepudiation, key distribution, secret key, public (&private) key, hashing algorithms, message digest, , one-way functions, MD5, computational feasibility, DES, triple-DES Requirements of an encryption algorithm Very, very hard to get plaintext from ciphertext. Algorithm will be know widely,\. Uses an encryption key. Impossible (hard) to deduce key given algorithm ciphertext and plaintext. Requirements of a message digest Doesn use a key. t One-way function (computationally infeasible to produce same result without original text and nor by modifying original text) Computationally efficient. DES (Data Encryption Standard) US government standard Operates on 64 byte blocks of plaintext producing 64 byte blocks of ciphertext Uses 56 byte key. Uses 16 rounds of permutations and combinations. LN2 1/1 CET 458/598 Fall 2000 Lecture Notes For messages longer than 64 bytes uses cipher-block-chaining (output of 1st block XOR d with next block of plaintext before being input to DES function. (An initialization vector, sometimes called the salt, is used for block 0.) Now on border of easy crackability. So use triple-DES DESify 3 times with two keys 1 for round and round 3 and the other for round 2 Reasonably efficient. RSA A public key algorithm two key: a public and a private (only owner knows); symmetric keys (either can be used to encrypt or decrypt the other one cipher text). s Uses large keys (512 bytes or longer) derived from large prime numbers (256 or greater). The encryption and decryption are computationally intense using exponentiation and modulus operators. Organizations are already moving to 768 & 1024 or larger keys. Quit slow. MD5 Message Digest 5 (MD4 and MD2 are in use some places.) Like SHA (US gov.). Produces an apparently random fix length output from a message in a mathematical way. The same output is always produced from the same message and digest function. Block is 512 bytes (message length up to 2**64). Reasonable efficiency. Authentication Protocols Is the other party who they say they are? Three-way handshake with encrypted messages. But where did the keys come from? Trusted third party (the authentication server). Useful if the party know nothing about one another. Kerberos (used at ASU, Windows 2000 uses it, too) is a trusted third party system where there is a key shared between server and user. Public key requires that the public key you believe belongs to XYZ actually does. Frequently uses a trusted third party to store and disseminate public keys. Message Integrity Protocols May want to guarantee that it isn modified in transit (or later) but don care about t t privacy or just want to be sure isn changed after receipt. t Could use DES CBC residue (last block output). RSA Digital Signature Sender encrypts the message with private key, which can be decrypted with the private key (Variation encrypt just a hash code with RSA private key.) Keyed MD5 Append shared key to message and use MD% , send message (less key) and MD5 hash; user appends key to message & computes MD 5 & compares. LN2 2/2 CET 458/598 Fall 2000 Lecture Notes Alternative: sender picks key at random, computes hash and sends as above but also send as above, but also sends the key encrypted in the recipients public key that is encrypted with the senders private key. Recipient decrypts the key using the senders public key and recipient private key s then appends to message to compute the hash before comparing. Public Key Distribution Problem is how can we be sure that a public key legitimately belongs to the entity claiming that it does. The answer is a digital certificate, which is an electronic document that is digitally signed by a certificate authority (a trusted third party). The CA is usually the entity that issued the key and the certificate. To do this the public key of the CA has to be widely known. Under some circumstances there needs to be a hierarchy of CA that end up form a chain s of trusts certifying a key/certificate. A certificate usually contains: name of entity being certified, public key, name of the CA, digital signature, signature digital algorithm type, frequently an expiration date. A certificate certifies a public key and can be copied at need. Only possession of the private key shows you are the named entity. Besides expiration certificates occasionally need to be canceled/revoked. The main reason for this is that the private key has been compromised. Solution is the publication (by the CA) of a digitally signed CRL (certificate revocation list). Note: PGP is pretty interesting. You should read it after the test. TLS/SSL/HTTPS General purpose middleware security protocol that lives between the application and the transport layer that, in effect, provides a secure transport layer to the application. Has a handshake protocol that negotiates keys to be used during normal data transfer. Data transfer protocol (session) transfers blocks (convenient size) that may be compressed, encrypted, and integrity protected (hashed). Sessions may be resumed as sessions contain session id s. Despite what the book says there is not a single CA but a set of well-known CA s (Verisign and Entrust being the most well-known). IPSEC An extension of IP that emulates Ipv6 in most things that are useful in providing security. Authentication header and Encapsulating security payload are carried in IP payload area real data carried in their data/payload area. Uses ISAKMP for key management. The AH & ESP define a security association which is assigned a Security Parameters Index. The SPI identifies keys and procedures needed to provide the security LN2 3/3 CET 458/598 Fall 2000 Lecture Notes functionality the user wants. ISAKMP is used to negotiate keys, algorithms, packet formats and services. Frequently the VPN protocol of choice. Firewalls Firewalls are placed between that part of the network to be protected and the rest of the network (i.e., Internet). A firewall, usually, act as a packet filter at the network layer dropping/passing packets based on source/destination IP and port. Some firewalls may be configured to work on the protocol/application level as well. These later are sometimes configured as proxy firewalls (i.e., have a full application running on them that does explicit filtering) and some just know enough to block/pass certain protocols or sub-protocols. The proxy server can be moved out of the firewall to proved better security at the firewall. The proxy sever can be placed on either side of the firewall. If on the outside the proxy server has to be security hardened. It, potentially, provides better service on the outside. The firewall then filters out packets associated with the proxy service unless they come from the proxy server. When the proxy server is on the inside of the firewall all packets associated with the proxy service, regardless of destination IP, are directed to the proxy server. Further security can be obtained by putting the proxy server on a separate network connected to the firewall. Another approach is to place a second layer of firewalls behind the first and have the proxy server work in the middle ground. The extra network where the proxy server lives is usually called the DMZ. In a multi-tiered application environment, the layer closest to the client is frequently put in the DMZ. Sometimes the application server has two network interfaces for separate unconnected netw...

Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more. Course Hero has millions of course specific materials providing students with the best way to expand their education.

Below is a small sample set of documents:

ASU - CST - 459
CET 458/598Fall 2000Lecture NotesChapter 8 - SecurityThere are several to compromise communication between two computers: 1. on shared media eavesdrop (listen in) 2 spoof pretend to be source or destination after a communication has started or
Minnesota - HIST - 203
COURSE SYLLABUS UNIVERSITY OF MINNESOTA History 1307: American History to 1877 Spring 2008 3 Credits M 6:20-8:50 p.m. Room 245, Blegen Hall, West Bank Instructor: Herbert Merrill Office: 139B Social Sciences Tower Phone: 612-624-9606 (office hours
Temple - CIS - 9601
CIS 601 Image ENHANCEMENTin theSPATIAL DOMAINDr. Rolf LakaemperMost of these slides base on the bookDigital Image Processingby Gonzales/WoodsSpatial FilteringSpatial FilteringSpatial FilteringSpatial Filtering:Operation on the set
Temple - CIS - 9601
A Comparative Study on Shape Retrieval Using Fourier Descriptors with Different Shape SignaturesDengsheng Zhang and Guojun Lu Gippsland School of Computing and Information Technology Monash University Churchill, Victoria 3842 Australia dengsheng.zha
Oregon State - BA - 471
This file will be replaced by a student report.
Berkeley - I - 247
SIMS 247 Lecture 16 Pan and ZoomMarch 12, 1998Marti Hearst SIMS 247Today Panning and Zooming SpaceScale Diagrams Semantic Zoom How useful it is? Discuss PadDraw Discuss Midterm ProjectMarti Hearst SIMS 247Pan and ZoomHow to show a lo
Berkeley - I - 247
High Interaction GraphicsStephen G. Eick and Graham J. Wills AT&T Bell Laboratories, 1000 E. Warrenville Road, Naperville, IL 60566, USA Email: eick@research.att.com and gwills@research.att.com Abstract: Examining data using graphical tools, such as
Berkeley - I - 247
The Table Lens: Merging Graphical and Symbolic Representations in an Interactive Focus+Context Visualization for Tabular InformationRamana Rao and Stuart K. Card Xerox Palo Alto Research Center 3333 Coyote Hill Road Palo Alto, CA 94304 <rao,card>@pa
Berkeley - I - 247
Interactive Image-Based Exploded View DiagramsWilmot Li University of Washington Maneesh Agrawala Microsoft Research David Salesin Microsoft Research University of WashingtonFigure 1: A static 2D exploded view diagram of a master cylinder (left).
Berkeley - I - 247
I M P R Orations Z V I of Visual ExploJon Snydal and Marti Hearst UC Berkeley School of Information Management & Systems (SIMS)All BluesG7 Gm7 G7 D7 9Written by Miles Davis Recorded April 6, 1959 (Take 1)E 7 9 D7 9 G7Jazz Improvi sationsDA
Berkeley - I - 247
Treemaps for space-constrained visualization of hierarchieshttp:/www.cs.umd.edu/hcil/treemap-history/Treemaps for space-constrained visualization of hierarchiesby Ben Shneiderman Started Dec. 26th, 1998, last updated March 24th, 2005 Our treemap
Berkeley - I - 247
Magic Lenses for Interactive Database VisualizationKen Fishkin SoftBook Press, Inc.Traditional Database QueriessUse a Special Languagex selecttitle from movies where lead_actor=`Connery, Sean' and (year < 1960 or year > 1975)sBatch, non-
Berkeley - I - 247
SIMS 247: Information Visualization and PresentationMarti HearstJan 21, 2004 1Agenda Introduction Visual Principles What Works? Visualization in Analysis & Problem Solving Visualizing Documents & Search Comparing Visualization Tec
Berkeley - I - 247
SIMS247:InformationVisualizationand PresentationMartiHearstJan28,2004 1Today VisualandPerceptualPrinciples TypeofData,TypesofGraphs YourSampleVisualizations2VisualPrinciples Sensoryvs.ArbitrarySymbols PreattentiveProperties Gestalt
Berkeley - I - 247
SIMS247:InformationVisualizationand PresentationMartiHearstFeb4,2004 1Today PerceptualIllusions TuftesDesignGuidelines HowtoMisleadwithVisualizations InfovizFrameworks ShneidermansTaxonomy ThePolarisSystem2Visual/PerceptualIllusions
Berkeley - I - 247
SIMS 247: Information Visualization and PresentationMarti HearstFeb 11, 2004 1Today Highinteraction Graphics Animation Brushing, linking, highlighting Focus on usability studies2Standard Techniques It's often hard to beat: Line g
Berkeley - I - 247
CHI 2001 31 MARCH- 5 APRILShort TalksThe (In)Effectiveness of Animation in InstructionJulie B. Morrison and Barbara TverskyDepartment of Psychology Jordan Hall, Building 420 Stanford, California 94305-2130 +1 650 725-2400 {julie,bt}@psych.stan
Berkeley - I - 247
High Interaction GraphicsStephen G. Eick and Graham J. Wills AT&T Bell Laboratories, 1000 E. Warrenville Road, Naperville, IL 60566, USA Email: eick@research.att.com and gwills@research.att.com Abstract: Examining data using graphical tools, such as
Berkeley - I - 247
SIMS 247: Information Visualization and PresentationMarti HearstFeb 18, 2004 1Today Multidimensional Visualization Table Lens Parallel Coordinates Intro paper Example of usage Attribute Explorer Comparative Evaluation of Three Syst
Berkeley - I - 247
The Table Lens: Merging Graphical and Symbolic Representations in an Interactive Focus+Context Visualization for Tabular InformationRamana Rao and Stuart K. Card Xerox Palo Alto Research Center 3333 Coyote Hill Road Palo Alto, CA 94304 <rao,card>@pa
Berkeley - I - 247
SIMS 247: Information Visualization and PresentationMarti HearstFeb 25, 2004 1Today Visualization for Analysis (Carlis & Konstan) Zooming Focus + Context / Distortionbased Views The Information Visualizer (Card et al.)2Visualizatio
Berkeley - I - 247
Interactive Visualization of Serial Periodic DataJohn V. Carlis and Joseph A. Konstan Department of Computer Science and Engineering University of Minnesota Minneapolis, MN 55455 USA +1 612 625-4002 {carlis,konstan}@cs.umn.eduABSTRACTSerial perio
Berkeley - I - 247
A Review and Taxonomy of Distortion-Oriented PresentationY. K. LEUNG Swinburne and M. D. APPERLEY Massey University University of TechnologyTechniquesOneof thecommon small years hasproblems through been this have makingassociated which o
Berkeley - I - 247
SIMS 247: Information Visualization and PresentationMarti HearstMarch 3, 2004 1Today Discuss EDA assignment Infoviz Evaluations Role of Cognitive Abilities Studies of 3D Comparison of Viz in Information Retrieval2The Role of Cogn
Berkeley - I - 247
Data Visualization for Database SoftwareAnna Wichansky Advanced User Interface Group9/28/00Outline Database User Interfaces Before and After Uis Visualization Challenges Visualization ProjectsA Databasereceives stores summarizes transfor
Berkeley - I - 247
SIMS 247 Information Visualization and PresentationProf. Marti HearstOctober 5, 2000Today and Next Time Why Text is Tough Visualizing Concept Spaces Clusters Category Hierarchies Visualizing Query Specifications Selecting Term Subsets Vi
Berkeley - I - 247
IS247:Information Visualization FinalStephen Chan sychan@sims.berkeley.eduVisualizing Network SecurityProject GoalsLog information is gathered by computer systems constantly, especially alert logs by security tools. These logs are textual and i
Berkeley - I - 247
Visualizing the Prevalence of Gene Duplication in Bacterial GenomesByJer-Yee (John) ChuangUC Berkeley School for Information Management and Systems1. Introduction: The goal of this project is to apply a visualization method to better understa
Berkeley - I - 247
CHRISTO SIMSInfoViz_A210.14.05Introduction For this assignment I used the Spotfire and Tableau visualization tools to examine data on financial contributions to U.S. Congressional campaigns between 1996 and 2002. After surveying the data's comp
Berkeley - I - 247
SIMS 247 Information Visualization (Fall 2005) Professor Marti Hearst Mike Wooldridge (mikew@sims.berkeley.edu)Assignment 2: Exploratory Data AnalysisIntroductionFor this assignment, I analyzed financial information about campaign contributions
Berkeley - I - 247
1 The NetworkThe NetworkJennifer King, Jennifer Hastings, Kelly Snow December 12, 20052 The NetworkTable of Contents1 Introduction.3 2 Project Description.3 2.1 Target Audience.3 2.2 Goals.4 2.3 Data Dimensions and Sources.4 3 Related Work..5
Berkeley - I - 247
Revolving Door Visualization Proposal Kelly Snow, Jennifer Hastings, Jennifer King About the Project This project proposes creating a visualization of the network of presidential cabinet members and advisors for the Clinton and G. W. Bush administrat
Berkeley - I - 247
PatentVizMike Wooldridge and Ken Langford Information Visualization and Presentation Fall 2005What is a patent? A grant of a property right by the government to an inventor. Allows the inventor to exclude others from making, using, or selling
Berkeley - I - 247
Assisted Metadata PropagationBenjamin Hill Dave Hong Carrie BurgenerIntroductionGoal of Visualization We are attempting to create the ideal layout of a photo collection Arranging the photo thumbnails in such a way as to match people's underlyin
Berkeley - I - 247
AMP: Assisted Metadata PropagationCarrie Burgener, Ben Hill, Dave HongJeff's Comments:Great prototype! Looks like you are getting some very interesting first results in playing with various metadata types.One initial nitpick: Use larger text
Berkeley - I - 247
Assisted Metadata Propagation: Visualizing Contextual Metadata to Reveal GroupingsCarrie Burgener, Benjamin Hill, David Hong{carrie, bhill, dkhong} @ sims.berkeley.edu School of Information Management and Systems University of California Berkeley
Berkeley - I - 247
Kavita Mittal Sarah PoonDecember 9, 2005 Search Engines, Fall 2005An Interface for Apartment SearchTable of ContentsIntroduction and Motivations.2 Problems with Existing Search Interfaces.2 Solution Overview.6 Personas and Scenarios..6 First Pr
Berkeley - I - 247
UFO visualization (UFOVIS) Project ProposalKelly Bryant and Helen KimOctober 26, 2005Introduction The National UFO Reporting Center (http:/www.nuforc.org) provides a site where people may report Unidentified Flying Objects (UFOs). This site col
Berkeley - I - 247
Visualizing Blog ClustersInformation Visualization Final Project Kirsten Chevalier November 23, 2005Project OutlineApply clustering algorithms to blogs Create an interactive visualization of the resultsLongterm goal: create a fun applicatio
Berkeley - I - 247
SIMS 247 Information Visualization Final Project Proposal NewsEyeRowena Luk, Emelie KaiFeng Cheng December 12, 20051Many Thanks goes to Poyzner Mikhail for guidance and data Morgan Ames, John Chuang, and Lois Wei for committing their br
Berkeley - I - 247
SIMS 247 Information Visualization Final Project Proposal - NewsEyeRowena Luk, Emelie KaiFeng Cheng December 12, 20051Many Thanks goes to Poyzner Mikhail for guidance and data Morgan Ames, John Chuang, and Lois Wei for committing their brains t
Berkeley - I - 247
Berkeley - I - 247
Lois Wei Owen Otto Minakshi MukherjeeProject Goals Allow the user to dynamically select two timelines and compare them Each timeline should be visible as a distinct entity, but arranged so that comparison is easy May be used so that user's ca
Berkeley - I - 247
Timeline Compare User Test Script0. PARTICIPANT INFORMATION Name: Gender: Age: Profession: Level of Computer Experience:1. ORIENTATION SCRIPT "We are conducting a usability test on a visual design for a software tool. This tool is at the early sta
Berkeley - I - 247
Itai Brickner SID: 18402555112/12/2005Market VisualizationProject GoalsThe goals of the market visualization project are to display an organized overview of stock market data. The overview is organized by different market industries and secto
Berkeley - I - 247
Website Tree Visualization Project Databases typically contain thousands of objects which are often represented as trees of nested folders, similar to Microsoft Explorer. This is not an optimal visualization, because some of these folders contain so
Berkeley - I - 247
Oracle Visualization Topics To: Marti Hearst From: Anna Wichansky Subject: Oracle Topics for Information Visualization Projects for UC Berkeley Cc: Jeremy Ashley, Sherry Mead, Kristyn Greenwood, Kristin Desmond, Michelle Bacigalupi, Dan Rosenberg We
Berkeley - I - 247
System Topology for Database Administration Database architectures today require that databases be distributed and co-exist within larger hardware and software systems. Database administrators must understand the details of how these systems are put
Berkeley - I - 247
Website Tra c Analysis Tools: Connecting User Data to Page Design and ContentTimothy D. Hirzel, Andrew R. Volpe and Je rey D. EnosDivision of Engineering and Applied Science Harvard University Cambridge, MA 02138 fhirzel,volpe,enosg@fas.harvard.edu
Berkeley - I - 247
gnuTellaVisionKaPing Yee Danyel Fisher Rachna Dhamija InfoVis Fall 2000 Gnutella: how it works Current interfaces & viz Problems & Solutions Demo Conclusions Gnutella Gnutella Gnutellafind hosts Gnutellafind ho
Berkeley - I - 247
Experiment Key11/19/2000Produced by Sacha Pearson, Kim Garrett, and Jennifer English Test 1=Dynamic Query 2=Form 3=Attribute Explorer Interface Tester 1 Tester 2 Tester 3 Tester 4 Tester 5 Tester 6 Tester 7 Tester 8 Tester 9 Tester 10 Tester 11 T
Berkeley - I - 247
Thanks for agreeing to participate in this! First off, we want you to know that anything that you say or do here will be strictly confidential. Although we're going to report our results, your name or face won't appear in our report and we'll only id
Berkeley - I - 247
Instructions for using Attribute Explorer Attribute Explorer is a graphical display that uses histograms to show the amount of data available in a set based on attributes. It allows the user to visually explore the dataset by selecting and deselect
Berkeley - I - 247
Document TitleDocument DateProduced by Sacha Pearson, Kim Garrett, and Jennifer English Pre Test QuestionnaireWhat is your age? 16-18 19-24 2529 30-3435-39 40-44 45-49 50+Gender? Male Are you a(n):FemaleUndergraduate Student Graduate Stu
Berkeley - I - 247
Attribute Explorer Task11/18/00Produced by Sacha Pearson, Kim Garrett, and Jennifer English Please complete the following tasks on the Attribute Explorer interface:Play with the interface for a few minutes until you feel comfortable using it. Yo
Berkeley - I - 247
Dynamic Query Task11/18/00Produced by Sacha Pearson, Kim Garrett, and Jennifer English Please complete the following tasks on the Dynamic Query Interface:You can refresh the interface by clicking "Refresh" in the browser or "Clear All" at the bo
Berkeley - I - 247
MadeUpTask11/18/00Produced by Sacha Pearson, Kim Garrett, and Jennifer English Now that you are familiar with the content of the database, please make up your own task similar to the tasks you saw above.Please state your task below. Then try to
Berkeley - I - 247
Post Test Questionnaire11/18/2000Produced by Sacha Pearson, Kim Garrett, and Jennifer English Post Test QuestionnaireDid you understand how each interface worked?For the tasks you performed today, rate the interfaces based on the following: Ea
Berkeley - I - 247
Metrics SheetNov 19, 2000Produced by Sacha Pearson, Kim Garrett, and Jennifer English Test 10Forms Task A B C Attribute Explorer Exploration: Time to Completion _ Task A B C Time to Completion Recall Precision Time to Completion Recall Precision
Berkeley - I - 247
Document TitleDocument DateProduced by Sacha Pearson, Kim Garrett, and Jennifer English A Tasks: searches composed of 3 dimensions1. Find a group of Italian and French restaurants in the Bernal Heights neighborhood that accept credit cards. Sear
Berkeley - I - 247
Pre Test Report11/18/2000Produced by Sacha Pearson, Kim Garrett, and Jennifer English Appendix A: Tester Instructions and TasksPlease complete the following tasks on the Dynamic Query Interface:a. Find a group of Italian and French restaurants