chapter07 - • Introduction • Overview of security...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: • Introduction • Overview of security techniques • Cryptographic algorithms • Digital signatures • Cryptography pragmatics • Case studies: Needham-Schroeder, Kerberos, SSL&Millicent • Summary Chapter 7: Security • History • The emergence of cryptography into the public domain – Public-key cryptography – Much stronger DES – Protagonist in security prototls • Security policies – Provide for the sharing resource within limited rights • Security mechanisms – Implement security policies Introduction • Security threats – Leakage : acquisition of information by unauthorized recipients – Tampering : unauthorized alteration of information – Vandalism : interference with the proper operation of a system without gain to the perpetrator • Methods of attack ( dangers in theory ) – Eavesdropping : obtain copies of messages without authority – Masquerading : send or receive messages using the identity of another principal without their authority – Message tampering : intercept messages and alter their contents before pass them on to the intended recipient – Replaying : store intercepted messages and send them at a later data – Denial of service : flood a channel or other resources with messages in order to deny access for others • Attacks in practice – discover loopholes • E.g. Guess password Threats and attacks • Sandbox model in Java – Each environment has a security manager that determines which resources are available to the application – most applets can not access local files, printers or network sockets – Two further measures to protect the local environment • The downloaded classes are stored separately from the local classes, preventing them from replacing local classes with spurious versions • The bytecodes are checked for validity , – e.g. avoiding accessing illegal memory address Threats from mobile code • Examples depending crucially on security – Email, purchase of goods and services, banking transactions, micro-transactions • Requirements for securing web purchases – Authenticate the vendor to the buyer – Keep the buyer’s credit number and other payment details from falling into others’ hands and ensure that they are unaltered from the buyer to vendor – Ensure downloadable contents are delivered without alteration and disclosure – Authenticate the identity of the account holder to the bank before giving them access to their account – Ensure account holder can’t deny they participated in a transaction ( non-repudiation ) Securing electronic transactions • the analogy between designing secure systems and producing bug-free programs. • Construct a list of threats , and show that each of them is prevented by the mechanisms employed – By informal argument, or logical proof • Auditing methods – Secure log: record security-sensitive system actions with details of the actions performed and their authority • Balance cost and inconvenience – Cost in computational effort and in network usage...
View Full Document

{[ snackBarMessage ]}

Page1 / 65

chapter07 - • Introduction • Overview of security...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online