22.Security - ProtectionandSecurity How to be a paranoid or...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Protection and Security How to be a paranoid or just think like one
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2
Background image of page 2
3 Leaking information Stealing 26.5 million veteran’s data Data on laptop stolen from employee’s home (5/06) Veterans’ names Social Security numbers Dates of birth Exposure to identity theft CardSystems exposes data of 40 million cards (2005) Data on 70,000 cards downloaded from ftp server These are attacks on privacy (confidentiality, anonymity)
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 The Sony rootkit “Protected” albums included Billie Holiday Louis Armstrong Switchfoot The Dead 60’s System configuration files Drivers (executable files)
Background image of page 4
5 The Sony rootkit Sony’s rootkit enforced DRM but exposed computer CDs recalled Classified as spyware by anti-virus software Rootkit removal software distrubuted Removal software had exposure vulnerability New removal software distrubuted Sony sued by Texas New York California This is an attack on integrity
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 The Problem Types of misuse Accidental Intentional (malicious) Protection and security objective Protect against/prevent misuse Three key components: Authentication: Verify user identity Integrity: Data has not been written by unauthorized entity Privacy: Data has not been read by unauthorized entity
Background image of page 6
7 Have you used an anonymizing service? 1. Yes, for email 2. Yes, for web browsing 3. Yes, for something else 4. No
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 What are your security goals? Authentication User is who s/he says they are. Example: Certificate authority (verisign) Integrity Adversary can not change contents of message But not necessarily private (public key) Example: secure checksum Privacy (confidentiality) Adversary can not read your message If adversary eventually breaks your system can they decode all stored communication? Example: Anonymous remailer (how to reply?) Authorization, repudiation (or non-repudiation), forward security (crack now, not crack future), backward security (crack now, not cracked past)
Background image of page 8
What About Security in Distributed Systems? Three challenges Authentication Verify user identity Integrity Verify that the communication has not been tempered with Privacy Protect access to communication across hosts Solution: Encryption Achieves all these goals Transform data that can easily reversed given the correct key (and hard to reverse without the key) Two common approaches Private key encryption Public key encryption Cryptographic hash Hash is a fixed sized byte string which represents arbitrary length data. Hard to find two messages with same hash. If m != m’ then H(m) != H(m’) with high probability.
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This document was uploaded on 03/09/2012.

Page1 / 27

22.Security - ProtectionandSecurity How to be a paranoid or...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online