computer security dd2395
play

Computer Security DD2395 - PowerPoint PPT Presentation

Dec 05, 2023 •19 likes •469 views

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 2, Jan. 20, 2010 Cryptography Scope of Computer Security Jan. 20, 2010 KTH DD2395 Sonja Buchegger 2

  1. Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 2, Jan. 20, 2010 Cryptography

  2. Scope of Computer Security Jan. 20, 2010 KTH DD2395 Sonja Buchegger 2

  3. Network Security Attacks  classify as passive or active  passive attacks are eavesdropping - release of message contents - traffic analysis - are hard to detect so aim to prevent  active attacks modify/fake data - masquerade - replay - modification - denial of service - hard to prevent so aim to detect  Networking Security class next term Jan. 20, 2010 KTH DD2395 Sonja Buchegger 3

  4. Security Functional Requirements  technical measures: - access control; identification & authentication; system & communication protection; system & information integrity  management controls and procedures - awareness & training; audit & accountability; certification, accreditation, & security assessments; contingency planning; maintenance; physical & environmental protection; planning; personnel security; risk assessment; systems & services acquisition  overlapping technical and management: - configuration management; incident response; media protection Jan. 20, 2010 KTH DD2395 Sonja Buchegger 4

  5. X.800 Security Architecture  X.800, Security Architecture for OSI  systematic way of defining requirements for security and characterizing approaches to satisfying them  defines: - security attacks - compromise security - security mechanism - act to detect, prevent, recover from attack - security service - counter security attacks Jan. 20, 2010 KTH DD2395 Sonja Buchegger 5

  6. Security Taxonomy Jan. 20, 2010 KTH DD2395 Sonja Buchegger 6

  7. Security Trends Jan. 20, 2010 KTH DD2395 Sonja Buchegger 7

  8. Computer Security Losses Jan. 20, 2010 KTH DD2395 Sonja Buchegger 8

  9. Security Technologies Used Jan. 20, 2010 KTH DD2395 Sonja Buchegger 9

  10. Computer Security Strategy  specification/policy - what is the security scheme supposed to do? - codify in policy and procedures  implementation/mechanisms - how does it do it? - prevention, detection, response, recovery  correctness/assurance - does it really work? - assurance, evaluation Jan. 20, 2010 KTH DD2395 Sonja Buchegger 10

  11. Summary  security concepts  terminology  functional requirements  security trends  security strategy Jan. 20, 2010 KTH DD2395 Sonja Buchegger 11

  12. Questionnaire Results 55/66  Prior security  Prior classes of knowledge: - Comp. arch.: 46 - l2m: 30 - OS: 23 - m: 14 - Networking: 34 - m2h: 11  Expectations: all medium-to-high Jan. 20, 2010 KTH DD2395 Sonja Buchegger 12

  13. Cryptographic Tools  cryptographic algorithms important element in security services  review various types of elements - symmetric encryption - public-key (asymmetric) encryption - digital signatures and key management - secure hash functions  example is use to encrypt stored data Jan. 20, 2010 KTH DD2395 Sonja Buchegger 13

  14. Symmetric Encryption Jan. 20, 2010 KTH DD2395 Sonja Buchegger 14

  15. Attacking Symmetric Encryption  cryptanalysis - rely on nature of the algorithm - plus some knowledge of plaintext characteristics - even some sample plaintext-ciphertext pairs - exploits characteristics of algorithm to deduce specific plaintext or key  brute-force attack - try all possible keys on some ciphertext until get an intelligible translation into plaintext Jan. 20, 2010 KTH DD2395 Sonja Buchegger 15

  16. Exhaustive Key Search Jan. 20, 2010 KTH DD2395 Sonja Buchegger 16

  17. Symmetric Encryption Algorithms Jan. 20, 2010 KTH DD2395 Sonja Buchegger 17

  18. DES and Triple-DES  Data Encryption Standard (DES) is the most widely used encryption scheme - uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block - concerns about algorithm & use of 56-bit key  Triple-DES - repeats basic DES algorithm three times - using either two or three unique keys - much more secure but also much slower Jan. 20, 2010 KTH DD2395 Sonja Buchegger 18

  19. Advanced Encryption Standard (AES) ‏  needed a better replacement for DES  NIST called for proposals in 1997  selected Rijndael in Nov 2001  published as FIPS 197  symmetric block cipher  uses 128 bit data & 128/192/256 bit keys  now widely available commercially Jan. 20, 2010 KTH DD2395 Sonja Buchegger 19

  20. Block verses Stream Ciphers Jan. 20, 2010 KTH DD2395 Sonja Buchegger 20

  21. Message Authentication  protects against active attacks  verifies received message is authentic - contents unaltered - from authentic source - timely and in correct sequence  can use conventional encryption - only sender & receiver have key needed  or separate authentication mechanisms - append authentication tag to cleartext message Jan. 20, 2010 KTH DD2395 Sonja Buchegger 21

  22. Message Authentication Codes 1 Jan. 20, 2010 KTH DD2395 Sonja Buchegger 22

  23. Message Authentication Codes Jan. 20, 2010 KTH DD2395 Sonja Buchegger 23

  24. Secure Hash Functions Jan. 20, 2010 KTH DD2395 Sonja Buchegger 24

  25. Message Auth Jan. 20, 2010 KTH DD2395 Sonja Buchegger 25

  26. Hash Function Requirements  applied to any size data  H produces a fixed-length output.  H( x ) is relatively easy to compute for any given x  one-way property - computationally infeasible to find x such that H( x ) = h  weak collision resistance - computationally infeasible to find y ≠ x such that H( y ) = H( x ) ‏  strong collision resistance - computationally infeasible to find any pair ( x , y ) such that H ( x ) = H( y ) ‏ Jan. 20, 2010 KTH DD2395 Sonja Buchegger 26

  27. Hash Functions  two attack approaches - cryptanalysis  exploit logical weakness in alg - brute-force attack  trial many inputs  strength proportional to size of hash code ( 2 n /2 ) ‏  SHA most widely used hash algorithm - SHA-1 gives 160-bit hash - more recent SHA-256, SHA-384, SHA-512 provide improved size and security Jan. 20, 2010 KTH DD2395 Sonja Buchegger 27

  28. Public Key Encryption Jan. 20, 2010 KTH DD2395 Sonja Buchegger 28

  29. Public Key Authentication Jan. 20, 2010 KTH DD2395 Sonja Buchegger 29

  30. Public Key Requirements computationally easy to create key pairs 1. computationally easy for sender knowing public key to 2. encrypt messages computationally easy for receiver knowing private key to 3. decrypt ciphertext computationally infeasible for opponent to determine 4. private key from public key computationally infeasible for opponent to otherwise 5. recover original message useful if either key can be used for each role 6. Jan. 20, 2010 KTH DD2395 Sonja Buchegger 30

  31. Public Key Algorithms  RSA (Rivest, Shamir, Adleman) ‏ - developed in 1977 - only widely accepted public-key encryption alg - given tech advances need 1024+ bit keys  Diffie-Hellman key exchange algorithm - only allows exchange of a secret key  Digital Signature Standard (DSS) ‏ - provides only a digital signature function with SHA-1  Elliptic curve cryptography (ECC) ‏ - new, security like RSA, but with much smaller keys Jan. 20, 2010 KTH DD2395 Sonja Buchegger 31

  32. Public Key Certificates Jan. 20, 2010 KTH DD2395 Sonja Buchegger 32

  33. Digital Envelopes Jan. 20, 2010 KTH DD2395 Sonja Buchegger 33

  34. Random Numbers  random numbers have a range of uses  requirements:  randomness - based on statistical tests for uniform distribution and independence  unpredictability - successive values not related to previous - clearly true for truly random numbers - but more commonly use generator Jan. 20, 2010 KTH DD2395 Sonja Buchegger 34

  35. Pseudorandom versus Random Numbers  often use algorithmic technique to create pseudorandom numbers - which satisfy statistical randomness tests - but likely to be predictable  true random number generators use a nondeterministic source - e.g. radiation, gas discharge, leaky capacitors - increasingly provided on modern processors Jan. 20, 2010 KTH DD2395 Sonja Buchegger 35

  36. Practical Application: Encryption of Stored Data  common to encrypt transmitted data  much less common for stored data - which can be copied, backed up, recovered  approaches to encrypt stored data: - back-end appliance - library based tape encryption - background laptop/PC data encryption Jan. 20, 2010 KTH DD2395 Sonja Buchegger 36

  37. Summary  introduced cryptographic algorithms  symmetric encryption algorithms for confidentiality  message authentication & hash functions  public-key encryption  digital signatures and key management  random numbers Jan. 20, 2010 KTH DD2395 Sonja Buchegger 37

  38. Public-Key Cryptography and Message Authentication  now look at technical detail concerning: - secure hash functions and HMAC - RSA & Diffie-Hellman Public-Key Algorithms

  39. Simple Hash Functions  a one-way or secure hash function used in message authentication, digital signatures  all hash functions process input a block at a time in an iterative fashion  one of simplest hash functions is the bit-by-bit exclusive-OR (XOR) of each block C i = b i 1 ⊕ b i 2 ⊕ . . . ⊕ b im - effective data integrity check on random data - less effective on more predictable data - virtually useless for data security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 11, Nov. 29, 2010 Multi-Level Security Trusted Computing and Multilevel Security present some interrelated

1k views • 41 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak12/ Fall 2012

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak12/ Fall 2012

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak12/ Fall 2012 Sonja Buchegger buc@kth.se Lecture 9 Firewalls (maybe start on Multilevel Security) DD2395 Sonja Buchegger 1 Catch-up Labs l Labbvecka in June

540 views • 35 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 13, Dec. 6, 2010 Auditing Security Audit an independent review and examination of a system's records

353 views • 33 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 3 User Authentication KTH DD2395 Sonja Buchegger 1 More Follow-up Courses l EP2500: Networked Systems

821 views • 26 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 8 Denial of Service DD2395 Sonja Buchegger 1 Course Admin l WANTED: Student representatives for the

1.29k views • 37 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin l Lab 2: - prepare before lab session - signup!

844 views • 39 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 8, Feb. 10, 2010 Malicious Software, Denial of Service Announcements ! Lab reports ! Bonus points !

1.08k views • 42 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 10, Nov. 24, 2011 Social Engineering DD2395, Sonja Buchegger 1 Course Admin GPG Lab 1 bonus results in

1.22k views • 39 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 2, Oct. 27, 2010 Cryptography Oct. 27, 2010 KTH DD2395 Sonja Buchegger 1 Questionnaire Results Prior

602 views • 42 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 4 Access Control 1 Access Control l The prevention of unauthorized use* of a resource, including the

429 views • 39 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 7, Feb. 8, 2010 Malicious Software Malicious Software programs exploiting system vulnerabilities known

427 views • 10 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 1, Oct. 25, 2010 Introduction Oct. 25, 2010 Computer Security, Sonja Buchegger 1 Outline for Today About

670 views • 43 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 1, Oct. 25, 2011 Introduction Oct. 25, 2011 Computer Security, Sonja Buchegger 1 Outline for Today ! About

565 views • 45 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 7, Nov. 15, 2010 Malicious Software, Denial of Service Nov. 15, 2010 DD2395 Sonja Buchegger 1 Malicious

589 views • 48 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 3 User Authentication KTH DD2395 Sonja Buchegger 1 User Authentication KTH DD2395 Sonja Buchegger 2 User

485 views • 27 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Embedding Crypto in SoCs: Threats and Protections Arnaud Tisserand CNRS, Lab-STICC laboratory

Embedding Crypto in SoCs: Threats and Protections Arnaud Tisserand CNRS, Lab-STICC laboratory

Embedding Crypto in SoCs: Threats and Protections Arnaud Tisserand CNRS, Lab-STICC laboratory GDR SoC17, Bordeaux Summary Introduction & Cryptographic Background Side Channel Attacks Fault Injection Attacks Protections

1.87k views • 166 slides
Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents Santanu Sarkar and Subhamoy Maitra Leuven, Belgium 12 September, 2012 Outline of the Talk RSA Cryptosystem CRT-RSA CRT-RSA having Low Hamming

403 views • 25 slides
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions

CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions

CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

773 views • 39 slides
Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval

638 views • 8 slides
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Math ematiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1

1.72k views • 143 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Chapter 9 Public-Key Cryptography and RSA ISS Dr. Ayman Abdel-Hamid 1

5.21k views • 19 slides
Encrypting Communication Review Extended Euclids Algorithm Extended Euclids Algorithm :

Encrypting Communication Review Extended Euclids Algorithm Extended Euclids Algorithm :

Encrypting Communication Review Extended Euclids Algorithm Extended Euclids Algorithm : If b = 0, then egcd( a , 0 ) = ( a , 1 , 0 ) . Z / m Z = { 0 , 1 ,..., m 1 } with operations of addition and multiplication modulo m .

506 views • 4 slides
Device Independent Quantum Key Distribution using Three-Party Pseudo-Telepathy Jyotirmoy Basak,

Device Independent Quantum Key Distribution using Three-Party Pseudo-Telepathy Jyotirmoy Basak,

Device Independent Quantum Key Distribution using Three-Party Pseudo-Telepathy Jyotirmoy Basak, Arpita Maitra and Subhamoy Maitra Indian Statistical Institute & C R Rao AIMSCS December 18, 2019 Device Independent Quantum Key Distribution

536 views • 28 slides

More recommend