admin
play

Admin Reminders: Lab #1 checkpoint due tonight Submit md5 hashes - PowerPoint PPT Presentation

May 09, 2023 •256 likes •517 views

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Intro] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell,

  1. CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Intro] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Admin • Reminders: – Lab #1 checkpoint due tonight • Submit md5 hashes to dropbox • Back up your sploit files! • Only one person needs to submit • Include group name – You can pick up worksheets in my office 10/13/17 CSE 484 / CSE M 584 - Fall 2017 2

  3. Cryptography and Security • Art and science of protecting our information . – Keeping it confidential , if we want privacy. – Protecting its integrity , if we want to avoid forgeries. Images from Wikipedia and Barnes & Noble 10/13/17 CSE 484 / CSE M 584 - Fall 2017 3

  4. Some Thoughts About Cryptography • Cryptography only one small piece of a larger system • Must protect entire system – Physical security – Operating system security – Network security – Users – Cryptography (following slides) • Recall the weakest link • Famous quote: “Those who think that cryptography can solve their problems don’t understand cryptography and don’t understand their problems.” 10/13/17 CSE 484 / CSE M 584 - Fall 2017 4

  5. Improved Security, Increased Risk • RFIDs in car keys: – RFIDs in car keys make it harder to hotwire a car – Result: Car jackings increased 10/13/17 CSE 484 / CSE M 584 - Fall 2017 5

  6. Improved Security, Increased Risk • RFIDs in car keys: – RFIDs in car keys make it harder to hotwire a car – Result: Car jackings increased 10/13/17 CSE 484 / CSE M 584 - Fall 2017 6

  7. XKCD: http://xkcd.com/538/ 10/13/17 CSE 484 / CSE M 584 - Fall 2017 7

  8. Kerckhoff’s Principle • Security of a cryptographic object should depend only on the secrecy of the secret (private) key. • Security should not depend on the secrecy of the algorithm itself. 10/13/17 CSE 484 / CSE M 584 - Fall 2017 8

  9. Ingredient: Randomness • Many applications (especially security ones) require randomness • Explicit uses: – Generate secret cryptographic keys – Generate random initialization vectors for encryption • Other “non-obvious” uses: – Generate passwords for new users – Shuffle the order of votes (in an electronic voting machine) – Shuffle cards (for an online gambling site) 10/13/17 CSE 484 / CSE M 584 - Fall 2017 9

  10. C’s rand() Function • C has a built-in random function: rand() unsigned long int next = 1; /* rand: return pseudo-random integer on 0..32767 */ int rand(void) { next = next * 1103515245 + 12345; return (unsigned int)(next/65536) % 32768; } /* srand: set seed for rand() */ void srand(unsigned int seed) { next = seed; } • Problem: don’t use rand() for security-critical applications! – Given a few sample outputs, you can predict subsequent ones 10/13/17 CSE 484 / CSE M 584 - Fall 2017 10

  11. 10/13/17 CSE 484 / CSE M 584 - Fall 2017 11

  12. More details: “How We Learned to Cheat at Online Poker: A Study in Software Security” http://www.cigital.com/papers/download/developer_gambling.php 10/13/17 CSE 484 / CSE M 584 - Fall 2017 12

  13. 10/13/17 CSE 484 / CSE M 584 - Fall 2017 13

  14. PS3 and Randomness http://www.engadget.com/2010/12/29/hackers-obtain- ps3-private-cryptography-key-due-to-epic-programm/ • 2010/2011: Hackers found/released private root key for Sony’s PS3 • Key used to sign software – now can load any software on PS3 and it will execute as “trusted” • Due to bad random number: same “random” value used to sign all system updates 10/13/17 CSE 484 / CSE M 584 - Fall 2017 14

  15. Obtaining Pseudorandom Numbers • For security applications, want “cryptographically secure pseudorandom numbers” • Libraries include cryptographically secure pseudorandom number generators (CSPRNG) • Linux: – /dev/random – /dev/urandom - nonblocking, possibly less entropy • Internally: – Entropy pool gathered from multiple sources • e.g., mouse/keyboard timings 10/13/17 CSE 484 / CSE M 584 - Fall 2017 15

  16. Alice and Bob • Archetypical characters Alice Bob Eve Mallory (eavesdrops) (is malicious) 10/13/17 CSE 484 / CSE M 584 - Fall 2017 16

  17. Received April 4, 1977 x 40 10/13/17 CSE 484 / CSE M 584 - Fall 2017 17

  18. Common Communication Security Goals Privacy of data: Prevent exposure of Bob information Integrity of data: Prevent modification of information Adversary Alice 10/13/17 CSE 484 / CSE M 584 - Fall 2017 18

  19. History • Substitution Ciphers – Caesar Cipher • Transposition Ciphers • Codebooks • Machines • Recommended Reading: The Codebreakers by David Kahn and The Code Book by Simon Singh. 10/13/17 CSE 484 / CSE M 584 - Fall 2017 19

  20. History: Caesar Cipher (Shift Cipher) • Plaintext letters are replaced with letters a fixed shift away in the alphabet. • Example: – Plaintext: The quick brown fox jumps over the lazy dog – Key: Shift 3 ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC – Ciphertext: WKHTX LFNEU RZQIR AMXPS VRYHU WKHOD CBGRJ 10/13/17 CSE 484 / CSE M 584 - Fall 2017 20

  21. History: Caesar Cipher (Shift Cipher) • ROT13: shift 13 (encryption and decryption are symmetric) • What is the key space? – 26 possible shifts. • How to attack shift ciphers? – Brute force. 10/13/17 CSE 484 / CSE M 584 - Fall 2017 21

  22. History: Substitution Cipher • Superset of shift ciphers: each letter is substituted for another one. • Add a secret key • Example: – Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ – Cipher: ZEBRASCDFGHIJKLMNOPQTUVWXY • “State of the art” for thousands of years 10/13/17 CSE 484 / CSE M 584 - Fall 2017 22

  23. History: Substitution Cipher • What is the key space? 26! ~= 2^88 • How to attack? Bigrams: th 1.52% en 0.55% ng 0.18% he 1.28% ed 0.53% of 0.16% – Frequency analysis. in 0.94% to 0.52% al 0.09% er 0.94% it 0.50% de 0.09% an 0.82% ou 0.50% se 0.08% re 0.68% ea 0.47% le 0.08% nd 0.63% hi 0.46% sa 0.06% at 0.59% is 0.46% si 0.05% on 0.57% or 0.43% ar 0.04% nt 0.56% ti 0.34% ve 0.04% ha 0.56% as 0.33% ra 0.04% es 0.56% te 0.27% ld 0.02% st 0.55% et 0.19% ur 0.02% Trigrams: 1. the 6. ion 11. nce 2. and 7. tio 12. edt 3. tha 8. for 13. tis 4. ent 9. nde 14. oft 5. ing 10.has 15. sth 10/13/17 CSE 484 / CSE M 584 - Fall 2017 23

  24. History: Enigma Machine Uses rotors (substitution cipher) that change position after each key. Key = initial setting of rotors Key space? 26^n for n rotors 10/13/17 CSE 484 / CSE M 584 - Fall 2017 24

  25. How Cryptosystems Work Today • Layered approach: – Cryptographic primitives , like block ciphers, stream ciphers, hash functions, and one-way trapdoor permutations – Cryptographic protocols , like CBC mode encryption, CTR mode encryption, HMAC message authentication • Public algorithms (Kerckhoff’s Principle) • Security proofs based on assumptions (not this course) • Don’t roll your own! 10/13/17 CSE 484 / CSE M 584 - Fall 2017 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Geneva www.ilo.org/labadmin Who We Are What We Do v LAB/ADMIN was established in 2009 to:

Geneva www.ilo.org/labadmin Who We Are What We Do v LAB/ADMIN was established in 2009 to:

Labour Administration and Inspection Programme (LAB/ADMIN) Information Session 101 st ILC, June 2012 Geneva www.ilo.org/labadmin Who We Are What We Do v LAB/ADMIN was established in 2009 to: Lead ILOs work on technical support and

396 views • 7 slides
Admin Generator It's RAD baby! Admin Generator It's RAD baby! Rapid Application Development

Admin Generator It's RAD baby! Admin Generator It's RAD baby! Rapid Application Development

Admin Generator It's RAD baby! Admin Generator It's RAD baby! Rapid Application Development Who am I, and what do I do? Ian P. Christian (aka. pookey) Coding PHP for about 8 years Work for VoIP.co.uk Involved with symfony and

1.13k views • 51 slides
HR ADMIN FORUM/ HRPM ADMIN NETWORK MEETING September 7, 2017 WELCOME NANCY JAGGER & ERIN

HR ADMIN FORUM/ HRPM ADMIN NETWORK MEETING September 7, 2017 WELCOME NANCY JAGGER & ERIN

HR ADMIN FORUM/ HRPM ADMIN NETWORK MEETING September 7, 2017 WELCOME NANCY JAGGER & ERIN RICE AGENDA > Welcome > Benefits Announcements & Open Enrollment Katy Dwyer & Amy Hawkins > Absence Lessons Learned in Workday

382 views • 36 slides
WEBSITE TRAINING August 21, 2017 Logging in to the admin site Usernames will be per building,

WEBSITE TRAINING August 21, 2017 Logging in to the admin site Usernames will be per building,

WEBSITE TRAINING August 21, 2017 Logging in to the admin site Usernames will be per building, not per user Login by going to your school site /wp-admin Example: ct.central301.net/wp-admin or chs.central301.net/wp-admin Passwords

425 views • 18 slides
CS270: Lecture 2. Admin: CS270: Lecture 2. Admin: Check Piazza. CS270: Lecture 2. Admin:

CS270: Lecture 2. Admin: CS270: Lecture 2. Admin: Check Piazza. CS270: Lecture 2. Admin:

CS270: Lecture 2. Admin: CS270: Lecture 2. Admin: Check Piazza. CS270: Lecture 2. Admin: Check Piazza. Today: Finish Path Routing. ???? Path Routing. Given G = ( V , E ) , ( s 1 , t 1 ) ,..., ( s k , t k ) , find a set of k paths

1.82k views • 154 slides
DRUPAL ADMIN UI MODERNIZATION Cristina Chumillas - Ymbra DRUPAL ADMIN UI MODERNIZATION C R I S

DRUPAL ADMIN UI MODERNIZATION Cristina Chumillas - Ymbra DRUPAL ADMIN UI MODERNIZATION C R I S

DRUPAL ADMIN UI MODERNIZATION Cristina Chumillas - Ymbra DRUPAL ADMIN UI MODERNIZATION C R I S T I N A C H U M I L L A S D E S I G N E R & D R U P A L F R O N T E N D @chumillas ckrina I N D E X Initiative overview Design System

1.12k views • 60 slides
PKI based Access Control with Attribute on n users Application Profile (AP) cwr cwr cwr cwr

PKI based Access Control with Attribute on n users Application Profile (AP) cwr cwr cwr cwr

Visibl Card issuing Unive Foreign users Card e rsity holder Metho intern Data element Stude Staff Guest Unive Unive Other ds al nts admin admin rsity rsity s admin istrati istrati users consol depen istrati on on

407 views • 21 slides
Cabot School ! DiNisco Design PARTNERSHIP Concept Diagram ADMIN. ADMIN. PREVIOUSLY PROPOSED

Cabot School ! DiNisco Design PARTNERSHIP Concept Diagram ADMIN. ADMIN. PREVIOUSLY PROPOSED

!! Working Group Meeting May 23, 2016 Cabot School ! DiNisco Design PARTNERSHIP Concept Diagram ADMIN. ADMIN. PREVIOUSLY PROPOSED CURRENT PROPOSED Circulation Diagrams SERVICE SERVICE KITCHEN BLUE ZONE BLUE ZONE & PARKING

285 views • 17 slides
Presentation to NSW PAC re Gullen Range, 5 th September, 2014 Michael Crawford, B Sc, BA Admin, M

Presentation to NSW PAC re Gullen Range, 5 th September, 2014 Michael Crawford, B Sc, BA Admin, M

Presentation to NSW PAC re Gullen Range, 5 th September, 2014 Michael Crawford, B Sc, BA Admin, M Admin Studies, PhD Director, Waubra Foundation Overview Wind farm noise damages health and well-being over a wide area Noise guidelines

245 views • 13 slides
Writing online Georgina.brooke@admin.ox.ac.uk Olivia.Williams@admin.ox.ac.uk Digital

Writing online Georgina.brooke@admin.ox.ac.uk Olivia.Williams@admin.ox.ac.uk Digital

Digital Communications Writing online Georgina.brooke@admin.ox.ac.uk Olivia.Williams@admin.ox.ac.uk Digital Communications Creating engaging content Digital Communications Writing up your article Digital Communications Visual appeal

683 views • 40 slides
Trafford Co-ordination Centre www.traffordccg.nhs.uk Trafford Co-ordination Centre Admin Team

Trafford Co-ordination Centre www.traffordccg.nhs.uk Trafford Co-ordination Centre Admin Team

Trafford Co-ordination Centre www.traffordccg.nhs.uk Trafford Co-ordination Centre Admin Team Referral Care Management Co-ordination 12 Admin Staff Manage Proxy/Integrated Co-location Primary Services Referrals Homecare

240 views • 13 slides
KUSTOMIZE H ELLO $ OC ADM NEW - PROJECT HCS-C OMPANY \ -- ADMIN ="V INCENT VAN D AM "

KUSTOMIZE H ELLO $ OC ADM NEW - PROJECT HCS-C OMPANY \ -- ADMIN ="V INCENT VAN D AM "

KUSTOMIZE H ELLO $ OC ADM NEW - PROJECT HCS-C OMPANY \ -- ADMIN ="V INCENT VAN D AM " \ -- DISPLAY - NAME =" JOYREX 2001" \ -- ADMIN - ROLE ="O PEN S OURCE A RCHITECT " D ELIVERING SOFTWARE D EVELOPED A

695 views • 24 slides
Caterpillar Pre-School Monday 6 th July Welcome! Pre-School Admin Tapestry Our Setting

Caterpillar Pre-School Monday 6 th July Welcome! Pre-School Admin Tapestry Our Setting

Cheselbournes Caterpillar Pre-School Monday 6 th July Welcome! Pre-School Admin Tapestry Our Setting The EYFS Questions Pre- School Admin Welcome Pack all information should be in this document. Please

472 views • 24 slides
Conficker / Downadup spreading vectors MS08-067 Vulnerability in Server service USB-Flash drives

Conficker / Downadup spreading vectors MS08-067 Vulnerability in Server service USB-Flash drives

Conficker / Downadup spreading vectors MS08-067 Vulnerability in Server service USB-Flash drives Autorun & Autoplay ADMIN$ shares 2 abc123 academia access account Admin admin admin1 admin12 admin123 adminadmin administrator

643 views • 17 slides
Class Admin Overview Overview of Complex Networks Class admin Class admin Basic definitions

Class Admin Overview Overview of Complex Networks Class admin Class admin Basic definitions

Overview Class Admin Overview Overview of Complex Networks Class admin Class admin Basic definitions Basic definitions Complex Networks, Course 303A, Spring, 2009 Books Books Examples of Examples of Complex Networks Complex Networks

368 views • 14 slides
Outline Overview Overview of Complex Networks Class admin Class admin Complex Networks,

Outline Overview Overview of Complex Networks Class admin Class admin Complex Networks,

Overview Outline Overview Overview of Complex Networks Class admin Class admin Complex Networks, CSYS/MATH 303, Spring, 2010 Class admin Basic definitions Basic definitions Popularity Popularity Basic definitions Examples of Examples

460 views • 16 slides
Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations

Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations

Virtual Private Networking Outline Introduction Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations Encryption November 25 - 2004 Future of VPNs VPN - Definition a way to provide

595 views • 11 slides
15+ Years 100+ Countries 60,000+ Businesses Vembu BDR Suite Vembu BDR Suite is a portfolio of

15+ Years 100+ Countries 60,000+ Businesses Vembu BDR Suite Vembu BDR Suite is a portfolio of

15+ Years 100+ Countries 60,000+ Businesses Vembu BDR Suite Vembu BDR Suite is a portfolio of products designed to backup multiple environments from virtual to physical to cloud while addressing diverse and advanced use cases VMware Hyper-V

328 views • 21 slides
1 When Julius Caesar sent messages to his generals, he didn't trust his messengers. So he

1 When Julius Caesar sent messages to his generals, he didn't trust his messengers. So he

1 The Basics of Cryptography 1 When Julius Caesar sent messages to his generals, he didn't trust his messengers. So he replaced every A in his messages with a D, every B with an E, and so on through the alphabet. Only someone who knew the

493 views • 26 slides
WELCOME TO THE See ZOOM Help Center for NDACAN connection issues: SUMMER

WELCOME TO THE See ZOOM Help Center for NDACAN connection issues: SUMMER

The session will begin at 12pm EST. Please turn video off and mute the line. This session is being recorded. WELCOME TO THE See ZOOM Help Center for NDACAN connection issues: SUMMER https://support.zoom.us/hc/en-us TRAINING

889 views • 27 slides
Elementary Redistricting Recommended Guiding Principles Presented to the School Committee

Elementary Redistricting Recommended Guiding Principles Presented to the School Committee

Elementary Redistricting Recommended Guiding Principles Presented to the School Committee October 2, 2019 Elementary Redistricting Recommended Guiding Principles Student educational needs will be met regardless of school assignment

569 views • 9 slides
Fast Interaction Trigger FIT Project Organization The concept of the FIT detector evolved

Fast Interaction Trigger FIT Project Organization The concept of the FIT detector evolved

Fast Interaction Trigger FIT Project Organization The concept of the FIT detector evolved from the experience gained by two ALICE groups: T0 and V0. We propose that FIT would also incorporate both the Cherenkov radiators (T0+) and plastic

271 views • 9 slides
Justifications in Constraint Handling Paper: Thom Frhwirth Rules for Logical Retraction in

Justifications in Constraint Handling Paper: Thom Frhwirth Rules for Logical Retraction in

Justifications in Constraint Handling Paper: Thom Frhwirth Rules for Logical Retraction in Dynamic Presentation: Daniel Gall October 10, 2017 Algorithms Page 2 Justifications in Constraint Handling Rules for Logical Retraction in Dynamic

1.09k views • 41 slides
Tokenizing 19 March 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser Generator

Tokenizing 19 March 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser Generator

Tokenizing 19 March 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser Generator string of string of abstract string of characters tokens program integers (source code) (words) (object code) The tokenizer is

365 views • 12 slides

More recommend