Unformatted text preview:

Why Computer SecurityWhy Computer Security (cont’d)Slide 3OutlineThe History of ComputingComputing Today is Very DifferentBiological AnalogyThe Spread of Sapphire/Slammer WormsThe Flash WormThe Definition of Computer SecurityThe Basic ComponentsSecurity Threats and AttacksFriends and enemies: Alice, Bob, TrudyEavesdropping - Message Interception (Attack on Confidentiality)Integrity Attack - Tampering With MessagesAuthenticity Attack - FabricationAttack on AvailabilityClassify Security Attacks asGroup ExerciseSlide 20Basic TerminologyClassification of CryptographySecret Key vs. Secret AlgorithmUnconditional vs. Computational SecurityBrute Force SearchSlide 26Symmetric Cipher ModelRequirementsClassical Substitution CiphersCaesar CipherSlide 31Cryptanalysis of Caesar CipherMonoalphabetic CipherMonoalphabetic Cipher SecurityEnglish Letter FrequenciesExample CryptanalysisTransposition CiphersRail Fence CipherProduct CiphersSlide 40Block vs Stream CiphersBlock Cipher PrinciplesIdeal Block CipherFeistel Cipher StructureFeistel Cipher DecryptionDES (Data Encryption Standard)DES Top ViewDES SummaryAvalanche EffectStrength of DES – Key SizeDES ReplacementAESAES ShortlistOutlinesPrivate-Key CryptographyPublic-Key CryptographySlide 57Slide 58Public-Key CharacteristicsPublic-Key CryptosystemsRSA (Rivest, Shamir, Adleman)What Is RSA?RSA ExampleHow Does RSA Work?Is RSA Secure?Symmetric (DES) vs. Public Key (RSA)Slide 67Confidentiality => Authenticity ?Hash FunctionsHash Functions & Digital SignaturesRequirements for Hash FunctionsBirthday ProblemHow Many Bits for Hash?General Structure of Secure Hash CodeMD5: Message Digest Version 5MD5 OverviewSlide 77Processing of Block mi - 4 PassesSecure Hash AlgorithmSHA-1 verses MD5Revised Secure Hash StandardBackup SlidesCryptanalysis SchemeOne-Time PadRotor MachinesSubstitution-Permutation CiphersConfusion and DiffusionBit Permutation (1-to-1)Per-Round Key GenerationA DES RoundMangler FunctionSlide 92S-Box (Substitute and Shrink)S-Box ExamplesPadding TwistWhy Does RSA Work?Using Hash for AuthenticationUsing Hash to EncryptMD5 ProcessDifferent Passes...MD5 Compression FunctionSlide 102Functions and Random NumbersBasic Steps for SHA-1Basic Steps...1Why Computer Security•The past decade has seen an explosion in the concern for the security of information–Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003 and $67 billion in 2006!•Security specialists markets are expanding !–“Salary Premiums for Security Certifications Increasing” (Computerworld 2007)•Up to 15% more salary•Demand is being driven not only by compliance and government regulation, but also by customers who are "demanding more security" from companies–US Struggles to recruit compute security experts (Washington Post Dec. 23 2009)2Why Computer Security (cont’d)•Internet attacks are increasing in frequency, severity and sophistication–The number of scans, probes, and attacks reported to the DHS has increased by more than 300 percent from 2006 to 2008.–Karen Evans, the Bush administration's information technology (IT) administrator, points out that most federal IT managers do not know what advanced skills are required to counter cyberattacks.3Why Computer Security (cont’d)•Virus and worms faster and powerful–Cause over $28 billion in economic losses in 2003, growing to over $75 billion in economic losses by 2007.–Code Red (2001): 13 hours infected >360K machines - $2.4 billion loss–Slammer (2003): 15 minutes infected > 75K machines - $1 billion loss•Spams, phishing …•New Internet security landscape emerging: BOTNETS !–Conficker/Downadup (2008): infected > 10M machines•MSFT offering $250K reward4Outline•History of Security and Definitions•Overview of Cryptography•Symmetric Cipher–Classical Symmetric Cipher–Modern Symmetric Ciphers (DES and AES)•Asymmetric Cipher•One-way Hash Functions and Message Digest5The History of Computing•For a long time, security was largely ignored in the community–The computer industry was in “survival mode”, struggling to overcome technological and economic hurdles–As a result, a lot of comers were cut and many compromises made–There was lots of theory, and even examples of systems built with very good security, but were largely ignored or unsuccessful•E.g., ADA language vs. C (powerful and easy to use)6Computing Today is Very Different•Computers today are far from “survival mode”–Performance is abundant and the cost is very cheap–As a result, computers now ubiquitous at every facet of society•Internet–Computers are all connected and interdependent–This codependency magnifies the effects of any failures7Biological Analogy•Computing today is very homogeneous.–A single architecture and a handful of OS dominates•In biology, homogeneous populations are in danger–A single disease or virus can wipe them out overnight because they all share the same weakness–The disease only needs a vector to travel among hosts•Computers are like the animals, the Internet provides the vector.–It is like having only one kind of cow in the world, and having them drink from one single pool of water!8The Spread of Sapphire/Slammer Worms9The Flash Worm•Slammer worm infected 75,000 machines in <15 minutes•A properly designed worm, flash worm, can take less than 1 second to compromise 1 million vulnerable machines in the Internet –The Top Speed of Flash Worms. S. Staniford, D. Moore, V. Paxson and N. Weaver, ACM WORM Workshop 2004.–Exploit many vectors such as P2P file sharing, intelligent scanning, hitlists, etc.10The Definition of Computer Security•Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable•Security rests on confidentiality, authenticity, integrity, and availability11The Basic Components•Confidentiality is the concealment of information or resources.–E.g., only sender, intended receiver should “understand” message contents•Authenticity is the identification and assurance of the origin of information.•Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes.•Availability refers to the ability to use the information or resource desired.12Security Threats and Attacks•A threat/vulnerability is a potential


View Full Document

NU MSIT 458 - Computer Security

Documents in this Course
Snort

Snort

25 pages

Hacked

Hacked

23 pages

Hacked

Hacked

6 pages

Firewalls

Firewalls

52 pages

Load more
Download Computer Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Computer Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Computer Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?