chapter_02 - CSE 425, Introduction to Computer Security...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CSE 425, Introduction to Computer Security Chapter 2. Protocols © 2008 by Wayne R. Dyksen. All Rights Reserved. 2-1 Michigan State University Department of Computer Science and Engineering Security Engineering Chapter 2. Protocols by Ross Anderson Professor Wayne Dyksen Department of Computer Science and Engineering Michigan State University Spring 2008 CSE 425, Introduction to Computer Security 2-2 Security System A number of Principals – People – Companies – Computers – Magnetic Card Readers – Etc… Communicating via a variety of channels. – Phones – Email – Radio Waves – Infrared – Magnetic Cards – Computer Networks – Etc… Securely . Vulnerabilities and Threats • Vulnerabilities – Ways that a Security System Can Be Compromised – Hard to Determine • Threats – Vulnerabilities “Likely” to Be Exploited – “Likely” • Probability – 0% and 100% Easy. – Everything In Between Hard. • Hard to “Compute” – Often Reactive Rather Than Proactive (Why?) • Cost of Exploitation – Used to Determine Appropriate Cost of Protection – May Involve Intangibles (E.g, Reputation) – Hard to “Compute” 2-3 2-4 Security Protocols • Rules (in a Security System) that Govern the Communication Between Principals • Protocol Design – Based on Assumptions About Vulnerabilities – Based on Need to Protect Against Threats – Intended To Protect Against Threats • For Us, Typically – Machine ↔ Machine (Challenges?) – Subject ↔ Machine (Challenges?) 2-5 2.1 Password Eavesdropping Risks • Passwords – Main Mechanism For Authenticating Human Users – (Still) Foundation for Much of Computer Security • Weaknesses – Human “Interface” (Chapter 3) – Hardware Interface: Password “Grabbers” • In spite of weaknesses, passwords may be the appropriate technology for a given application. 2-6 2.2 Who Goes There? Simple Authentication Scenarios – (Wireless) Garage Door Opener – (Wireless) Car “Locker / Unlocker” – (Wireless) Fireplace “On / Off” – Wireless Keyboard and/or Mouse – Bluetooth Devices (“Pairing”) – Etc… Basic Protocol – Transmitter Builds Message Sends Message to Receiver – Receiver Validates or Invalidates the Message Responds Depending on the Validity of Message
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSE 425, Introduction to Computer Security Chapter 2. Protocols © 2008 by Wayne R. Dyksen. All Rights Reserved. 2-2 Michigan State University Department of Computer Science and Engineering 2-7 Protocol Notation • Send a Message From Sender to Receiver Sender → Receiver : Message Encrypt a Message Using a Key { Message } Key • E.g: Send message M from A to B , encrypting the message M with key K A → B : { M } K 2-8 Simple Authentication V1 • Idea “Sherlock, it’s Dr. Watson” Dr. Watson → Sherlock: “Dr. Watson” • Formally: A → B : A • Abuse of Notation A → B : A ( A is a principal.) A → B : A ( A is the “name” of a principal.) – Should be
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 07/25/2008 for the course CSE 331 taught by Professor M.mccullen during the Spring '08 term at Michigan State University.

Page1 / 10

chapter_02 - CSE 425, Introduction to Computer Security...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online