security-12

security-12 - Security Security in the real world Security...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security in the real world Security decisions based on: Value, Locks, Police Some observations: Not all locks are the same People pay for security they need Police are critical to the picture Security is only as good as the weakest link
Background image of page 2
Security in Computer Systems In computer systems, this translates to: Au thorization Au thentication Au dit This is the Gold Standard for Security (Lampson) Some security goals: – Data confidentiality: secret data remains secret – Data integrity: no tampering of data System availability: unable to make system unusable Privacy: protecting from misuse of user’s information
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security Threats Identified by Defense Science Board: Incomplete, inquisitive and unintentional blunders. Hackers driven by technical challenges. Disgruntled employees or customers seeking revenge. Criminals interested in personal financial gain or stealing services. Organized crime with the intent of hiding something or financial gain. Organized terrorist groups attempting to influence U.S. policy by isolated attacks. Foreign espionage agents seeking to exploit information for economic, political, or military purposes. Tactical countermeasures intended to disrupt specific weapons or command structures. Multifaceted tactical information warfare applied in a broad orchestrated manner to disrupt a major U.S. military mission. Large organized groups or nation-states intent on overthrowing the US
Background image of page 4
Cryptography Overview Encrypt data so it only makes sense to authorized users Input data is a message or file called plaintext Encrypted data is called ciphertext Encryption and decryption functions should be public Security by obscurity is not a good idea!
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Secret-Key Cryptography Also called symmetric cryptography – Encryption algorithm is publicly known E(message, key) = ciphertext D(ciphertext, key) = message Naïve scheme: monoalphabetic substitution Plaintext : ABCDEFGHIJKLMNOPQRSTUVWXYZ – Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM – So, attack is encrypted to: qzzqea – 26! possible keys ~ 4x10 26 possibilities 1 µs per permutation 10 trillion years to break – easy to break this scheme! How? ‘e’ occurs 14%, ‘t’ 9.85%, ‘q’ 0.26%
Background image of page 6
Symmetric Key Cryptography Which encryption algorithm is good? – DES was proposed in the 1970s Encrypts 64 bits of data with 56 bit key to give 64-bit ciphertext Uses 16 rounds of substitution and permutation EFF invested $250000 to break DES message in 56 hours DES made powerful by encrypting message 3 times (DES3) – Current standard is AES A result of 3-year competition with entries from 12 countries Winning entry was from Belgium, called ‘Rijndael’ – Strong algorithms, such as DES3, RC4 are used WEP uses RC4
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Public Key Cryptography Diffie and Hellman, 1976 All users get a public key and a private key
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/19/2008 for the course CS 4410 taught by Professor Vollset during the Fall '07 term at Cornell.

Page1 / 49

security-12 - Security Security in the real world Security...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online