1Overview of Security and Symmetric-keyEncryptionDawn [email protected]• What is security about?• How to evaluate security of systems?• Introduction to crypto (I): symmetric key encryption 3What is Computer Security about?• Computing in the presence of an adversary!– An adversary is the security field’s defining characteristic• Reliability, robustness, and fault tolerance– Dealing with Mother Nature (random failures)• Security– Dealing with actions of a knowledgeable attacker dedicated to causing harm– Surviving malice, and not just mischance• Wherever there is an adversary, there is a computer security problem!4Computer Security History• Early history interwoven with military apps–First big users of computers–First to worry seriously about the potential for misuse• Terminology has military connotations:–Attacker who is trying to attack computer systems–Defenders working to protect their system from these threats5Analyze to Learn!• We’re going spend a lot of time studying attackers and thinking about how to break into systems– Why spread knowledge that will help bad guys be more effective?• To protect a system, you have to learn how it can be attacked– Civil engineers learn what makes bridges fall down so they can build bridges that last– Software engineering is similar• Security is the same and different!– Why?6Challenges in Securing Systems• Similar:– Analyze previous successful attacks• But, deploy a new defense, they respond, you build a better defense, they respond, you…– Need to find ways to anticipate kinds of attacks• Different:– Attackers are intelligent (or some of them are)– Attacks will change and get better with time– Have to anticipate future attacks• Security is like a game of chess– Except the attackers often get the last move!7Need to Secure System before Depolyment• A deployed system is very hard to change– Serious consequences if attackers find a security hole in a widely deployed system• Goal: Predict in advance what attackers might do and eliminate all security holes• Reality: Have to think like an attacker• Thinking like an attacker is not always easy– Can be fun to try to outwit the system– Or can be disconcerting to think about what could go wrong and who could get hurt• What if you don't anticipate attacks?– Analog cellular phones in the 80’s and 90’s8Real-World Example: Analog Cellular• 1970’s: analog cellular had no security– Phones transmit ID/billing info in the clear– Assumption: attackers wouldn't bother to assemble equipment to intercept info…• Attackers built “black boxes” to intercept and clone phones for fraudulent calling– Where’s the best place to intercept?– Cellular operators completely unprepared • Early 90's, US carriers losing >$1B/yr– 70% of LD cellular calls placed from downtown Oakland on Fri nights fraudulent• Problems: huge capital investment/debt, 5–10 yrs & huge replacement cost9Lesson Learned• Failing to anticipate types of attacks, or underestimating the threat, can be costly• Security design requires studying attacks– Security experts spend a lot of time trying to come up with new attacks– Sounds counter-productive (why help the attackers?), but it is better to learn about vulnerabilities before the system is deployed than after• If you know about the possible attacks in advance, you can design a system to resist those attacks– But, anything else is a toss of the dice…10A Process for Security Evaluation• How to evaluate the security of a system?– A three-step process• Step I: security goals– What properties do we want the system to have, even when it is under attack? – What are we trying to protect from the attacker?– Or, to look at it the other way around, what are we trying to prevent?11Some Common Security Goals• Confidentiality:– Private information that we want to keep secret from an adversary (password, bank acct balance, diary entry, …)– Anything we want to prevent adversary from learning• Integrity:– Want to prevent adversary from tampering with or modifying information• Availability:– System should be operational when needed– Must prevent adversary from taking the system out of service at inconvenient times12Example: CS161 Grades Database?• One obvious goal is protecting its integrity– Don’t want you to be able to give yourself an A+ merely by tampering with grade database• Federal law and university rules require us to protect its confidentiality– No one else can learn what grade you are getting• We probably also want some level of availability– So you can check your grades to date and we can calculate grades at the end of the semester13Security Goals• How to identify security goals?–Highly application-dependent–If someone figures out how to violate this goal, would it be a security breach?» If yes, you've found a security goal!14Step 2: Threat Model and Assessment• What kind of threats might we face?• What kind of capabilities might we expect the adversaries to have?• What are the limits on what the adversary might be able to do to us?• What are their motivations and incentives?15Step 3: Security Analysis• Is there an attack within the threat model that can violate the security goals?– We’ll talk about this a lot in class16Summary: Security Evaluation• Step 1: Identify security goals• Step 2: Perform a threat assessment• Step 3: Security analysis17Administravia• Staff shortage– No reader– Pls be considerate of the under-staffed situation• If you plan to drop the course, pls do so soon– We’ll try to let seniors on the waitlist in– Others can take it next time• How many have taken 170, 162, 122?– Students have diverse background– Pls be understanding: no one-size fits all183-min Stretch Break19Cryptology• Cryptology is the study of Cryptography & Cryptanalysis• Cryptography– Literally: Crypt: secret, graphia: writing---Cryptography: the study of how to send secret messages– Formally:The study of mathematical techniques to enforce security properties: Confidentiality, integrity, etc.• Cryptanalysis is the study of how to break cryptographic systems20Brief History of Cryptography (I)• First phase: manual– Caesar cypher (Romans)» Permute the alphabet by shifting each letter forward by a fixed amount» Caesar cipher with a shift by 3:• What’s the original
View Full Document
Unlocking...