cse 543 computer security
play

CSE 543 - Computer Security Lecture 2 - Introduction August 30, - PowerPoint PPT Presentation

Aug 03, 2023 •330 likes •631 views

CSE 543 - Computer Security Lecture 2 - Introduction August 30, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 A historical moment Mary Queen of Scots is

  1. CSE 543 - Computer Security Lecture 2 - Introduction August 30, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1

  2. A historical moment … • Mary Queen of Scots is being held by Queen Elizabeth … • … and accused of treason. • All communication with co- conspirators encrypted. • Walsingham needs to prove complicity. CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  3. Intuition • Cryptography is the art (and sometimes science) of secret writing – Less well known is that it is also used to guarantee other properties, e.g., authenticity of data – This is an enormously deep and important field – However, much of our trust in cryptographic systems is based on faith (particularly in efficient secret key algorithms) – … ask Mary Queen of Scots how that worked out . • This set of lectures will provide the intuition and some specifics of modern cryptography, seek others for additional details (Menezes et. al.). CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  4. Cryptography • Cryptography (cryptographer) – Creating ciphers • Cryptanalysis (cryptanalyst) – Break ciphers • The history of cryptography is an arms race between cryptographers and cryptanalysts CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  5. Encryption algorithm • Algorithm used to make content unreadable by all but the intended receivers E(plaintext,key) = ciphertext D(ciphertext,key) = plaintext • Algorithm is public, key is private • Block vs. Stream Ciphers – Block: input is fixed blocks of same length – Stream: stream of input CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  6. Hardness • Functions – Plaintext P – Ciphertext C – Encryption key k e – Decryption key k d D(E(P, k e ),k d ) = P • Computing C from P is hard, computing C from P with k e is easy • Computing P from C is hard, computing P from C with k d is easy CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  7. Example: Caesar Cipher • Substitution cipher • Every character is replaced with the character three slots to the right A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • Q: What is the key? S E C U R I T Y A N D P R I V A C Y V H F X U L W B D Q G S U L Y D F B CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  8. Cyptanalyze this …. “beg nqmf rug” CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  9. Cryptanalysis of ROTx Ciphers • Goal: to find plaintext of encoded message • Given: ciphertext • How: simply try all possible keys – Known as a brute force attack 1 T F D V S J U Z B M E Q S J W B D Z 2 U G E W T K V A C N F R T H X C E A 3 W H F X U L W B D Q G S U L Y D F B S E C U R I T Y A N D P R I V A C Y CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  10. Shared key cryptography • Traditional use of cryptography • Symmetric keys, where A single key (k) is used is used for E and D D ( E ( p, k ), k ) = p • All (intended) receivers have access to key • Note: Management of keys determines who has access to encrypted data – E.g., password encrypted email • Also known as symmetric key cryptography CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  11. Key size and algorithm strength • Key size is an oft-cited measure of the strength of an algorithm, but is strength strongly correlated (or perfectly correlated with key length)? – Say we have two algorithms, A and B with key sizes of 128 and 160 bits (the common measure) – Is A less secure than B? – What if A=B (for variable key-length algorithms)? CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  12. Is there an unbreakable cipher? • As it turns out, yes …. – (Claude Shannon proved it) CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  13. The one-time pad (OTP) • Assume you have a secret bit string s of length n known only to two parties, Alice and Bob – Alice sends a message m of length of n to bob – Alice uses the following encryption function to generate ciphertext c forall i=1 to n : c i = m i ⊕ s i – E.g., XOR the data with the secret bit string – An adversary Mallory cannot retrieve any part of the data • Simple version of the proof of security: – Assume for simplicity that value of each bit in m is equally likely, then you have no information to work with. CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  14. Reading papers … • What is the purpose of reading papers? • How do you read papers? 14 CSE543 Computer (and Network) Security - Fall 2007- Professor Jaeger

  15. Understanding what you read • Things you should be getting out of a paper • What is the central idea proposed/explored in the paper? • Abstract These are the best areas to find • Introduction an overview of the contribution • Conclusions • How does this work fit into others in the area? • Related work - often a separate section, sometimes not, every paper should detail the relevant literature. Papers that do not do this or do a superficial job are almost sure to be bad ones. • An informed reader should be able to read the related work and understand the basic approaches in the area, and how they differ from the present work. 15 CSE543 Computer (and Network) Security - Fall 2007- Professor Jaeger

  16. Understanding what you read (cont.) • What scientific devices are the authors using to communicate their point? • Methodology - this is how they evaluate their solution. • Theoretical papers typically validate a model using mathematical arguments (e.g., proofs) • Experimental papers evaluate results based on test apparatus (e.g., measurements, data mining, synthetic workload simulation, trace- based simulation). • Some papers have no evaluation at all, but argue the merits of the solution in prose (e.g., paper design papers) 16 CSE543 Computer (and Network) Security - Fall 2007- Professor Jaeger

  17. Understanding what you read (cont.) • What do the authors claim? • Results - statement of new scientific discovery. • Typically some abbreviated form of the results will be present in the abstract, introduction, and/or conclusions. • Note that just because a result was accepted into a conference or journal does necessarily not mean that it is true. Always be circumspect. • What should you remember about this paper? • Take away - what general lesson or fact should you take away from the paper. • Note that really good papers will have take-aways that are more general than the paper topic. 17 CSE543 Computer (and Network) Security - Fall 2007- Professor Jaeger

  18. Summarize Thompson Article • Contribution • Related work • Methodology • Results • Take away 18 CSE543 Computer (and Network) Security - Fall 2007- Professor Jaeger

  19. A Sample Summary • Contribution : Ken Thompson shows how hard it is to trust the security of software in this paper. He describes an approach whereby he can embed a Trojan horse in a compiler that can insert malicious code on a trigger (e.g., recognizing a login program). • Related Work : This approach is an example of a Trojan horse program. A Trojan horse is a program that serves a legitimate purpose on the surface, but includes malicious code that will be executed with it. Examples include the Sony/BMG rootkit: the program provided music legitimately, but also installed spyware. • Methodology : The approach works by generating a malicious binary that is used to compile compilers. Since the compiler code looks OK and the malice is in the binary compiler compiler, it is difficult to detect. • Results: The resulting system identifies construction of login programs and miscompiles the command to accept a particular password known to the attacker. • Take Away: Thompson states the “obvious” moral that “you cannot trust code that you did not totally create yourself.” We all depend on code, but constructing a basis for trusting it is very hard, even today. 19 CSE543 Computer (and Network) Security - Fall 2007- Professor Jaeger

  20. Reading a paper • Everyone has a different way of reading a paper. • Here are some guidelines I use: • Always have a copy to mark-up. Your margin notes will serve as invaluable sign-posts when you come back to the paper (e.g., “here is the experimental setup” or “main result described here”) • After reading, write a summary of the paper containing answers to the questions in the preceding slides. If you can’t answer (at least at a high level) these questions without referring to the paper, it may be worth scanning again. • Over the semester, try different strategies for reading papers (e.g., Honeyman approach) and see which one is the most effective for you. 20 CSE543 Computer (and Network) Security - Fall 2007- Professor Jaeger

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

240 views • 23 slides
Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

8.10.2019 Information Security Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak Can Network Security: Hacettepe University Ensure security of communication over insecure medium

267 views • 10 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

Overview CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security Computer security threats Unintentional: - Coding faults - Operational faults -

238 views • 8 slides
CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 OS Security An secure OS should provide the

873 views • 28 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives

839 views • 38 slides
Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

1.08k views • 42 slides
Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

553 views • 39 slides
CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mandatory Access Control Is about administration

462 views • 19 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 11 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #2 later today Allocate last 30 mins No Class

488 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins

414 views • 20 slides
Properties of Laurent coefficients of multivariate rational functions Workshop on Computer

Properties of Laurent coefficients of multivariate rational functions Workshop on Computer

Properties of Laurent coefficients of multivariate rational functions Workshop on Computer Algebra in Combinatorics Erwin Schroedinger Institute Armin Straub November 14, 2017 University of South Alabama includes joint work with and Frits

1.44k views • 96 slides
CSCE 970 Lecture 5: More Properties of Bayes Nets Stephen D. Scott 1 Introduction So far,

CSCE 970 Lecture 5: More Properties of Bayes Nets Stephen D. Scott 1 Introduction So far,

CSCE 970 Lecture 5: More Properties of Bayes Nets Stephen D. Scott 1 Introduction So far, have introduced Bayes nets and discussed the Markov condition As mentioned previously, Markov condition entails conditional independencies among

506 views • 48 slides
CS 5412/LECTURE 22 Ken Birman FAULT TOLERANCE IN APACHE Spring, 2019

CS 5412/LECTURE 22 Ken Birman FAULT TOLERANCE IN APACHE Spring, 2019

CS 5412/LECTURE 22 Ken Birman FAULT TOLERANCE IN APACHE Spring, 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 1 HOW DO APACHE SERVICES HANDLE FAILURE? Weve heard about some of the main tools Zookeeper, to manage

505 views • 28 slides
An Architecture for Open Pluggable Pluggable An Architecture for Open Edge Services (OPES) Edge

An Architecture for Open Pluggable Pluggable An Architecture for Open Edge Services (OPES) Edge

An Architecture for Open Pluggable Pluggable An Architecture for Open Edge Services (OPES) Edge Services (OPES) draft- -ietf ietf- -opes opes- -architecture architecture- -02 02 draft Abbie Barbir Abbie Barbir

405 views • 13 slides
Distributed Systems CS425/ECE428 03/04/2020 Logistics HW3 Released on Monday. You

Distributed Systems CS425/ECE428 03/04/2020 Logistics HW3 Released on Monday. You

Distributed Systems CS425/ECE428 03/04/2020 Logistics HW3 Released on Monday. You should be able to solve it completely after todays class. MP1 Due date extended to Monday, March 9 th , 11:59pm. MP2 Will be released

678 views • 48 slides
Certificate of impossibility of Hilbert-Artin representation of given degree for definite

Certificate of impossibility of Hilbert-Artin representation of given degree for definite

Certificate of impossibility of Hilbert-Artin representation of given degree for definite polynomials and functions Feng Guo Key Laboratory of Mathematics Mechanization Chinese Academy of Sciences, Beijing North Carolina State University

568 views • 30 slides
Private Approximation of Search Problems

Private Approximation of Search Problems

Private Approximation of Search Problems

794 views • 53 slides
Resolve-impossibility for a contract signing protocol Aybek Mukhamedov and Mark Ryan July 6,

Resolve-impossibility for a contract signing protocol Aybek Mukhamedov and Mark Ryan July 6,

Resolve-impossibility for a contract signing protocol Aybek Mukhamedov and Mark Ryan July 6, 2006 Outline Multi-party contract signing 1 A protocol by Garay and MacKenzie 2 A revised protocol by Chadha, Kremer and Scedrov 3 A flaw in the

409 views • 25 slides

More recommend