quick intro to computer security
play

Quick Intro to Computer Security What is computer security? - PowerPoint PPT Presentation

Mar 05, 2024 •31 likes •412 views

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

  1. Carnegie Mellon Quick Intro to Computer Security � What is computer security? � Securing communication � Cryptographic tools � Access control � User authentication � Computer security and usability � Thanks to Mike Reiter for the slides 1

  2. Carnegie Mellon What Is Computer Security? � Protecting computers against misuse and interference � Broadly comprised of three types of properties � Confidentiality: information is protected from unintended disclosure � Integrity: system and data are maintained in a correct and consistent condition � Availability: systems and data are usable when needed � Also includes timeliness � These concepts overlap � These concepts are (perhaps) not all-inclusive � Spam? � “Non-business related” surfing? 2

  3. Carnegie Mellon Hacking � To be annoying � Newsday technology writer & hacker critic found … � Email box jammed with thousands of messages � Phone reprogrammed to an out of state number where caller’s heard an obscenity loaded recorded message [Time Magazine, December 12, 1994] � To be seriously annoying � An international group attacked major companies: MCI WorldCom, Sprint, AT&T, and Equifax credit reporters � had phone numbers of celebrities (e.g. Madonna) � had access to FBI's national crime database � gained information on phones tapped by FBI & DEA � created phone numbers of their own [PBS website report on Phonemasters (1994 – 1995)] 3

  4. Carnegie Mellon Hacking � For profit � Hacker accessed Citibank computers and transferred $10M to his account � Once caught, he admitted using passwords and codes stolen from Citibank customers to make other transfers to his accounts [PBS web site report on Vladimir Levin, 1994] � For extortion � Hacker convicted of breaking into a business’ computer system, stealing confidential information and threatening disclosure if $200,000 not paid [U.S. Dept. of Justice Press Release, July 1 2003] 4

  5. Carnegie Mellon Hacking � As a business in information � Internet sites traffic in tens of thousands of credit-card numbers weekly � Financial loses of over $1B/year � Cards prices at $.40 to $5.00/card – bulk rates for hundreds or thousands [New York Times News Service, May 13, 2002] � As a business for renting infrastructure � Rent a pirated computer for $100/hour � Average rate in underground markets � Used for sending SPAM, launching DDOS attacks, … [Technology Review, September 24, 2004] 5

  6. Carnegie Mellon The Costs Can Be Staggering Melissa virus: $1 Lloyds of London put Code Red cost Slammer billion in damages the estimate for Love $1.2 billion in damages $1 billion in (Computer Bug at $15 billion and $740 million to clean damages Economics) 3.9 million systems up from the 360,000 infected infected servers 30 days to clean up (Reuters) 1999 2000 2001 2003 Next: $ trillion shutdowns? 6

  7. Carnegie Mellon Types of Computer Misuse (1) [Neumann and Parker 1989] � External � Visual spying Observing keystrokes or screens � Misrepresentation Deceiving operators and users � Physical scavenging “Dumpster diving” for printouts � Hardware misuse � Logical scavenging Examining discarded/stolen media � Eavesdropping Intercepting electronic or other data � Interference Jamming, electronic or otherwise � Physical attack Damaging or modifying equipment � Physical removal Removing equipment & storage media 7

  8. Carnegie Mellon Types of Computer Misuse (2) [Neumann and Parker 1989] � Masquerading � Impersonation Using false identity external to computer � Piggybacking Usurping workstations, communication � Spoofing Using playback, creating bogus systems � Network weaving Masking physical location or routing � Pest programs � Trojan horses Implanting malicious code � Logic bombs Setting time or event bombs � Malevolent worms Acquiring distributed resources � Viruses Attaching to programs and replicating � Bypasses � Trapdoor attacks Utilizing existing flaws � Authorization attacks Password cracking 8

  9. Carnegie Mellon Types of Computer Misuse (3) [Neumann and Parker 1989] � Active misuse � Basic Creating false data, modifying data � Denials of service Saturation attacks � Passive misuse � Browsing Making random or selective searches � Inference, aggregation Exploiting traffic analysis � Covert channels Covert data leakage � Inactive misuse Failing to perform expected duties � Indirect misuse Breaking crypto keys 9

  10. Carnegie Mellon Threat Models � Can’t protect against everything � Too expensive � Too inconvenient � Not worth the effort � Identify the most likely ways your system will be attacked � Identify likely attackers and their resources � Dumpster diving or rogue nation? � Identify consequences of possible attacks � Mild embarrassment or bankrupcy? � Design security measures accordingly � Accept that they will not defend against all attacks 10

  11. Carnegie Mellon Cryptography � Study of techniques to communicate securely in the presence of an adversary � Traditional scenario Goal: A dedicated, private connection Alice Bob Reality: Communication via an adversary 11

  12. Carnegie Mellon Adversary’s Goals Observe what Alice and Bob are communicating 1. � Attacks on “confidentiality” or “secrecy” Observe that Alice and Bob are communicating, or how 2. much they are communicating � Called “traffic analysis” Modify communication between Alice and Bob 3. � Attacks on “integrity” Impersonate Alice to Bob, or vice versa 4. Deny Alice and Bob from communicating 5. Called “denial of service” � Cryptography traditionally focuses on preventing (1) and � detecting (3) and (4) 12

  13. Carnegie Mellon Symmetric Encryption � A symmetric encryption scheme is a triple 〈 G , E, D 〉 of efficiently computable functions � G outputs a “secret key” K K ← G ( ⋅ ) � E takes a key K and “plaintext” m as input, and outputs a “ciphertext” c ← E K ( m ) � D takes a ciphertext c and key K as input, and outputs ⊥ or a plaintext m ← D K ( c ) � If c ← E K ( m ) then m ← D K ( c ) � If c ← E K ( m ), then c should reveal “no information” about m 13

  14. Carnegie Mellon Public Key Encryption � A public key encryption scheme is a triple 〈 G , E, D 〉 of efficiently computable functions � G outputs a “public key” K and a “private key” K -1 〈 K, K -1 〉 ← G ( ⋅ ) � E takes public key K and plaintext m as input, and outputs a ciphertext c ← E K ( m ) � D takes a ciphertext c and private key K -1 as input, and outputs ⊥ or a plaintext m ← D K − 1 ( c ) � If c ← E K ( m ) then m ← D K − 1 ( c ) � If c ← E K ( m ), then c and K should reveal “no information” about m 14

  15. Carnegie Mellon Message Authentication Codes � A message authentication code (MAC) scheme is a triple 〈 G , T, V 〉 of efficiently computable functions � G outputs a “secret key” K K ← G ( ⋅ ) � T takes a key K and “message” m as input, and outputs a “tag” t t ← T K ( m ) � V takes a message m , tag t and key K as input, and outputs a bit b b ← V K ( m, t ) � If t ← T K ( m ) then V K ( m, t ) outputs 1 (“valid”) � Given only message/tag pairs { 〈 m i , T K ( m i ) 〉 } i , it is computationally infeasible to compute 〈 m , t 〉 such that V K ( m, t ) = 1 for any new m ≠ m i 15

  16. Carnegie Mellon Digital Signatures � A digital signature scheme is a triple 〈 G , S , V 〉 of efficiently computable algorithms � G outputs a “public key” K and a “private key” K -1 〈 K , K -1 〉 ← G ( ⋅ ) � S takes a “message” m and K -1 as input and outputs a “signature” σ σ ← S K -1 ( m ) � V takes a message m , signature σ and public key K as input, and outputs a bit b b ← V K ( m, σ ) � If σ ← S K -1 ( m ) then V K ( m, σ ) outputs 1 (“valid”) � Given only K and message/signature pairs { 〈 m i , S K -1 ( m i ) 〉 } i , it is computationally infeasible to compute 〈 m , σ 〉 such that V K ( m, σ ) = 1 any new m ≠ m i 16

  17. Carnegie Mellon Hash Functions � A hash function is an efficiently computable function h that maps an input x of arbitrary bit length to an output y ← h ( x ) of fixed bit length � Preimage resistance: Given only y , it is computationally infeasible to find any x ′ such that h ( x ′ ) = y. � 2 nd preimage resistance: Given x , it is computationally infeasible to find any x ′ ≠ x such that h ( x ′ ) = h ( x ). � Collision resistance: It is computationally infeasible to find any two distinct inputs x , x ′ such that h ( x ) = h ( x ′ ). 17

  18. Carnegie Mellon Pick the Right Tool for the Job � Know what each tool does � E.g., encryption does not tell you who sent a message � E.g., digital signatures do not prevent a message from being tampered with � Seems obvious, but often not true in practice 18

  19. Carnegie Mellon Example of Challenge-Response � Alice and Bob share a key K ab � Alice wishes to authenticate Bob A , E Kab ( N a ) E Kab ( N a + 1) Alice Bob � Alice is now convinced she’s talking to Bob � Should she be? 19

  20. Carnegie Mellon An “Attack” � Alice and Bob share a key K ab ab � Alice wishes to authenticate Bob A, E Kab ( N a ) A, E Kab ( N a ) E Kab ( N a +1) E Kab ( N a +1) Bob Mike Alice � Alice thinks she is talking to Bob � In fact, she is talking to Mike (man-in-the-middle) 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quick Intro to RMS Quick Intro to RMS RMS is a Record Management System that :

Quick Intro to RMS Quick Intro to RMS RMS is a Record Management System that :

UOWD rms Lotus uickr Record Management System Record Management System Project Leader: Rajith Attupurath (Network Administrator) Assisted by: Asma Damankesh (Technical Support engineer ) UOWD rms Quick Intro to RMS Quick Intro to RMS

70 views • 5 slides
A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and

296 views • 14 slides
Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer

Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer

Notes Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU, Dallas, TX Lecture 2 Notes Outline Managing security investment 1 Security metrics 2 R 3

605 views • 16 slides
Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2010 CS 334: Computer Security 2

626 views • 43 slides
Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2014 CS 334: Computer Security 2

730 views • 47 slides
Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A

Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A

Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A Message From Our Sponsors Computer Security Fundamentals Fundamentals System/Network Security, crypto How do things work Why How to

824 views • 26 slides
Intro to Web Security What is the Internet? global system of interconnected computer

Intro to Web Security What is the Internet? global system of interconnected computer

Intro to Web Security What is the Internet? global system of interconnected computer networks that use the Internet protocol suite (TCP/ IP) to link devices worldwide - Wikipedia and why do we care? The interconnectedness of

485 views • 37 slides
Intro to Computer Security Lujo Bauer lbauer@cmu.edu http://www.ece.cmu.edu/~lbauer Fall 2011

Intro to Computer Security Lujo Bauer lbauer@cmu.edu http://www.ece.cmu.edu/~lbauer Fall 2011

Carnegie Mellon Intro to Computer Security Lujo Bauer lbauer@cmu.edu http://www.ece.cmu.edu/~lbauer Fall 2011 Carnegie Mellon Plan for Today What is computer security and why is it important? Types of computer misuse

647 views • 37 slides
Computer Security: Intro B. Jacobs Institute for Computing and Information Sciences Digital

Computer Security: Intro B. Jacobs Institute for Computing and Information Sciences Digital

Organisation Introduction Radboud University Nijmegen A security protocol example Computer Security: Intro B. Jacobs Institute for Computing and Information Sciences Digital Security Radboud University Nijmegen Version: fall 2015 B.

633 views • 50 slides
Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer Security Logistics intermission Day 2: Intro to Software and OS Security Example security failures Stephen McCamant University of Minnesota, Computer

395 views • 7 slides
Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer Security Logistics intermission Day 2: Intro to Software and OS Security Example security failures Stephen McCamant University of Minnesota, Computer

608 views • 8 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to

Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to

Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to crypto (well discuss why) Fall 2018 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for

1.2k views • 51 slides
Maksim Lin www.manichord.com This is not a demo... Topics Quick Intro Dev UX Porting

Maksim Lin www.manichord.com This is not a demo... Topics Quick Intro Dev UX Porting

Real world Flutter Maksim Lin www.manichord.com This is not a demo... Topics Quick Intro Dev UX Porting State Management Architecture Project Structure Native Integration Logging / Debugging Monitoring

404 views • 26 slides
Software$Security$ (finish) $ & $ Cryptography $(brief$intro) $ Spring'2016' '

Software$Security$ (finish) $ & $ Cryptography $(brief$intro) $ Spring'2016' '

CSE$484$/$CSE$M$584:$$Computer$Security$and$Privacy$ $ Software$Security$ (finish) $ & $ Cryptography $(brief$intro) $ Spring'2016' ' Franziska'(Franzi)'Roesner'' franzi@cs.washington.edu'

419 views • 29 slides
FY 2019 Comprehensive Housing Counseling Grant Application Training Audio is only available by

FY 2019 Comprehensive Housing Counseling Grant Application Training Audio is only available by

FY 2019 Comprehensive Housing Counseling Grant Application Training Audio is only available by conference call Please call: 800-260-0718 Participant Access Code: 331204 to join the conference call portion of the webinar June 11, 2019 1

1.08k views • 104 slides
Virtual Memory 1 Learning to Play Well With Others (Physical) Memory malloc(0x20000) 0x10000

Virtual Memory 1 Learning to Play Well With Others (Physical) Memory malloc(0x20000) 0x10000

Virtual Memory 1 Learning to Play Well With Others (Physical) Memory malloc(0x20000) 0x10000 (64KB) Stack Heap 0x00000 Learning to Play Well With Others (Physical) Memory 0x10000 (64KB) Stack Stack Heap Heap 0x00000 Learning to Play

550 views • 17 slides
Advanced MPI: MPI I/O Parallel I/O How to convert internal structures and domains to files which

Advanced MPI: MPI I/O Parallel I/O How to convert internal structures and domains to files which

Advanced MPI: MPI I/O Parallel I/O How to convert internal structures and domains to files which are a streams of bytes? How to get the data efficiently from hundreds to thousands of nodes on the supercomputer to physical disks?

576 views • 34 slides
Access Methods 1 / 44 Recap Recap 2 / 44 Recap A More Detailed Architecture granularity:

Access Methods 1 / 44 Recap Recap 2 / 44 Recap A More Detailed Architecture granularity:

Access Methods Access Methods 1 / 44 Recap Recap 2 / 44 Recap A More Detailed Architecture granularity: relation, view, ... application Query Interface SQL,... granularity: relation, view, ... data structures: logical schema, logical

836 views • 44 slides
Opportunistic Use of Storage in the Open Science Grid Ted Hesselroth Fermilab Abhishek Singh

Opportunistic Use of Storage in the Open Science Grid Ted Hesselroth Fermilab Abhishek Singh

Ted Hesselroth OSG All Hands Meeting 2008-03-03 Opportunistic Use of Storage in the Open Science Grid Ted Hesselroth Fermilab Abhishek Singh Rana and Frank Wuerthwein UC San Diego Ted Hesselroth OSG All Hands Meeting 2008-03-03 Types of

502 views • 11 slides
Filesystem Reliability + Sockets Intro 1 last time extents non-binary trees on disk extra

Filesystem Reliability + Sockets Intro 1 last time extents non-binary trees on disk extra

Filesystem Reliability + Sockets Intro 1 last time extents non-binary trees on disk extra copies of data two or more FATs, two or more superblocks mirroring erasure coding : redundancy without full copies examples of RAID 4/5 careful

1.89k views • 177 slides
Wireless Networks L ecture 13: Wireless LAN 802.11 MAC Peter Steenkiste CS and ECE, Carnegie

Wireless Networks L ecture 13: Wireless LAN 802.11 MAC Peter Steenkiste CS and ECE, Carnegie

Wireless Networks L ecture 13: Wireless LAN 802.11 MAC Peter Steenkiste CS and ECE, Carnegie Mellon University Peking University, Summer 2016 1 Peter A. Steenkiste, CMU Outline 802 protocol overview Wireless LANs 802.11

197 views • 8 slides
Privacy Preserving 802.11 Access Point Discovery Janne Lindqvist, TKK, Finland Tuomas Aura,

Privacy Preserving 802.11 Access Point Discovery Janne Lindqvist, TKK, Finland Tuomas Aura,

Privacy Preserving 802.11 Access Point Discovery Janne Lindqvist, TKK, Finland Tuomas Aura, MSR, UK George Danezis, MSR, UK Teemu Koponen, HIIT, Finland Annu Myllyniemi, TKK, Finland Jussi Mki, TKK, Finland Michael Roe, MSR, UK Computer

436 views • 32 slides

More recommend