The Secure Environment

sunflowerplateΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 6 μήνες)

62 εμφανίσεις

Security

0

The Secure Environment



Security

1

The Secure Environment



Security goals (C.I.A.) and threats

Security

2

Common Categories

1.
Casual prying by nontechnical users

2.
Snooping by insiders

3.
Determined attempt to make money

4.
Commercial or military espionage

5.
Others (such as cyber wars)

Intruders

Security

3

Basics of Cryptography

Security

4

Network Is NOT Secure

A

B

C

D

ABC

ABC

ABC

ABC

ABC

Security

5

A

B

C

D

~!@

~!@

~!@

~!@

~!@

Encrypt Your Information


Security

6

Data Encryption Process

Encryption

Decryption

Plaintext

Plaintext

Ciphertext

Network

KEY

KEY

Security

7

(a) Conventional two
-
way Cryptography

Encryption

Decryption

Plaintext

Plaintext

Ciphertext

Network

KEY

Encryption

Decryption

Plaintext

Plaintext

Ciphertext

Network

(b) Public Key Cryptography

KEY1

KEY2

Two Types of Cryptography

Security

8

Conventional two
-
way Cryptography

Encryption

Decryption

Plaintext

Plaintext

Ciphertext

Network

KEY

treaty impossible

wuhdwb lpsrvvleoh

treaty impossible

abcdefghijklmnopqrstuvwxyz

defghijklmnopqrstuvwxyzabc


Encryption: c
i
=E(p
i
) = p
i
+ 3

Decryption: p
i
=D(c
i
) = c
i

-

3

KEY:

Caesar

Cipher

Security

9

Conventional two
-
way Cryptography

Substitution Cipher


Caesar Cipher


Playfair Cipher


Etc.

Security

10

Conventional two
-
way Cryptography:
Problems

A

B

C

D

Security

11

Public Key Cryptography

Encryption

Decryption

Plaintext

Plaintext

Ciphertext

Network

KEY1

KEY2

Public

Private

Security

12

Public Key Cryptography:
Advantages

A

B

C

D

Private key A

Private key B

Private key D

Private key C

Public key A

Public key B

Public key C

Public key D

Security

13

PKI: Certification Authority

What is a certificate? Why do we need Certification Authorities
(CA) or
trusted third party
?

A
certificate

is a digitally signed statement by a CA that provides
independent confirmation of an attribute claimed by a person proffering a
digital signature. More formally, a certificate is a computer
-
based record
which: (1) identifies the CA issuing it, (2) names, identifies, or describes
an attribute of the subscriber, (3) contains the subscriber's public key, and
(4) is digitally signed by the CA issuing it
.


Security

14

Trapdoor function

Public Key Cryptography:

Some Roads Are One
-
Way

Easy

Difficulty

N
5

N
1/5

Prime1 * Prime2 = Composite

Composite = Prime1 * Prime2

Trapdoor characteristics:

(1) It is easy to compute f(x) from x.

(2) Computation of x from f(x)
is likely to be

intractable.

Security

15

An Example : Encryption

E
B
(p)

D
B
(E
B
(p)) = p

Network

User A

User B

A encrypts message p

using B’s public key

B decrypts the ciphertext

using its own private key

Security

16

Another Example : Digital Signature

E
B
(D
A
(p))

E
A
(D
B
(E
B
(D
A
(p)))) =

E
A
(D
A
(p)) = p

Network

User A

User B

A signs message p using
its own private key and
encrypts it using B’s
public key

B decrypts the ciphertext
using its own private key
and verifies it using A’s
public key

Security

17

Hash functions

……….

……….

……….

………..

……….

………

Hash

Message

Digest

The basic requirements for a cryptographic hash function
H(x)

are as
follows.


The input can be of any length.


The output has a fixed length.


H
(
x
) is relatively easy to compute for any given
x
.


H
(
x
) is one
-
way.


H
(
x
) is collision
-
free.


Security

18

More on Digital Signature

……….

……….

……….

………..

……….

………

Hash

Message

Digest

Signature

Sign (decrypt)

Using Private Key

……….

……….

……….

………..

Signature

Append

Security

19

More on Digital Signature

Hash

Message

Digest

Verify (Encrypt operation)

Using Public Key

……….

……….

……….

………..

Signature

Message

Digest

Security

20

User Authentication

Security

21

Basic Principles. Authentication must identify:

1.
Something the user knows

2.
Something the user has

3.
Something the user is


This is done before user can use the system

User Authentication

Security

22

(a) A successful login

(b) Login rejected after name entered

(c) Login rejected after name and password typed

Authentication Using Passwords

Note: be careful when failed

several times.

Security

23

Authentication Using Passwords


How a cracker broke into LBL
(source: A.S.Tanenbaum “Modern Operating
System” course materials)


a U.S. Dept. of Energy research lab

Security

24

Login Spoofing

% Login:

% Login:

(a) Correct login screen

(b) Phony login screen

Security

25

Authentication Using Passwords

The use of salt to defeat precomputation of encrypted
passwords

Salt

Password

,

,

,

,

Security

26

Authentication Using a Physical Object

Magnetic cards


magnetic stripe cards


chip cards: stored value cards, smart cards

Security

27

Authentication Using Biometrics

A device for measuring finger length.

Security

28

Countermeasures



Limiting times when someone can log in


Automatic callback at number prespecified


Limited number of login tries


A database of all logins


Simple login name/password as a trap


security personnel notified when attacker bites

Security

29

Secure Communications Over
Insecure Channels


R. C. Merkle’s Puzzle

“secure Communications over Insecure Channels”

Communications of the ACM, 1978, Vol. 21, No. 4.

Security

30

One
-
way Hash Chain and TESLA


Adrian Perrig, Ran Canetti, Dawn Song, and J. D. Tygar.
Efficient and secure source authentication for multicast. In
Network and Distributed System Security Symposium, NDSS
'01, February 2001.