Todays topics Computer Applications Computer Security Upcoming - - PowerPoint PPT Presentation

CompSci 001 32.1

Today’s topics

Computer Applications

Computer Security

Upcoming

Operating Systems (Great Ideas, Chapter 10)

Reading

Great Ideas, Chapter 11

CompSci 001 32.2

Computer Security: Problem

The Problem: Billions in Losses

Outright theft Online scams Viruses / Worms

• Actual damage
• Actions to avoid damage

Denial of Service Etc.

Possible Traps (Public Systems ! ! ! )

Trojan Horse Onlooker Cameras

CompSci 001 32.3

Computer Security: Defenses

Passwords

Using Secure Passwords Keeping them Secure

Encryption

Simple Strong

Good Practices

Like all fields, doing something stupid …

Tradeoffs

Is the cure worse than the disease?

Long Live Common Sense!

CompSci 001 32.4

Good Passwords and Cracking

• Briefcase (style) Combination Locks
• Brute force methods: Try all combinations

1.

Number of wheels

2.

Number of position per wheel

3.

Time per trial

4.

How long does it take?

• Contrast to BRUTE brute force method (Always Consider!)
• Password on a computer
• + More possibilities per “wheel”
• + More “wheels” (often up to user)
• Computer based cracking faster!
• Dictionary attacks
• Picking a good UNIX password

CompSci 001 32.5

Encryption

When passwords fail, encryption can be fallback

Also provides extra level of difficulty

Security vs. Privacy Many levels of encryption sophistication:

Go through some of them

Single Alphabetic Substitution

Caesar: L FDPH, L VDZ, L FRQTXHUHG Magic decoder ring? Cryptoquote

Cracking single alphabetic substitution

Character frequency (Length of text)

CompSci 001 32.6

Encryption

Polyalphabetic Substitution

The Vignere Cypher The Babbit Solution

Cypher Reuse ! One Time Pads

Can be Absolutely Secure Computers and Random Number Generators ?!

The Key Exchange Problem

Threats Using your “secure” channel A padlock analogy Diffie, Hellman, and Merkle solution

CompSci 001 32.7

Public Key Encryption

Publishing the Key!

Another padlock analogy Diffie Proposal (1975)

Rivest, Shamir, and Adleman (RSA)

Finally came up with a practical method that met the

proposed specs

Widely used now Based on factoring (not being able to factor!)

Primes and Factoring

Examples of primes How to factor into primes For large numbers it is very hard

CompSci 001 32.8

Public Key Encryption

Going through an RSA example

Public key: N, K

Private key: G Message: M

RSA: C = (M^K)%N

M = (C^G)%N

Remainder operator (modulus) %

• Wrap around property
• Clock or odometer analogy

Follow example in Text . . .

Breaking the Code

Factoring

Digital Signatures

Using Private Key and Public Key Replay attack ! Time (analogy: newspaper in hostage picture)

CompSci 001 32.9

Politics of Strong Encryption

These unbreakable* methods called Strong Encryption

*more or less Is any method perfect?

Government tried to keep methods from getting out

Encryption classified as a munition Export restrictions . . . Anecdotes

PGP – Pretty Good Privacy

Zimmerman Legal challenges Cat out of the bag

Recent silence from government

Has the NSA cracked it?

CompSci 001 32.10

Other Attacks (buzz words)

Many leave no trace Password Cracking

Considered earlier

IP Spoofing

Weakness in TCP/IP; modern code deals with it

Replay Attack

Saw in Digital Signature discussion Applies in many situations (copy of your key made at hardware store)

Man in the Middle

Typically hardware attack

Denial of Service

CompSci 001 32.11

Whom can you trust?

How to avoid Viruses and Worms

• Most infections occur when trying to run unknown
• Mail or other communications programs the vector

Trapdoors

• Free software may have its price

Common Sense

• Consider alternatives
• The human factor
• Gun to the head method

The Strong Encryption Trap

• Forget that password?
• Bye – bye (;-(