DOC PREVIEW
PSU CSE 543 - CSE 543 Computer Security

This preview shows page 1-2-3-27-28-29 out of 29 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 29 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 29 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 29 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 29 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 29 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 29 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 29 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

CSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerCSE 543 - Computer SecurityLecture 2 - IntroductionSeptember 7, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/1CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page A historical moment …•Mary Queen of Scots is being held by Queen Elizabeth …•… and accused of treason.•All communication with co-conspirators encrypted.•Walsingham needs to prove complicity.CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page Intuition•Cryptography is the art (and sometimes science) of secret writing–Less well know is that it is also used to guarantee other properties, e.g., authenticity of data–This is an enormously deep and important field–However, much of our trust in cryptographic systems is based on faith (particularly in efficient secret key algorithms)–… ask Mary Queen of Scots how that worked out.•This set of lectures will provide the intuition and some specifics of modern cryptography, seek others for additional details (Menezes et. al.).CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page Cryptography•Cryptography (cryptographer)–Creating ciphers•Cryptanalysis (cryptanalyst)–Break ciphers• The history of cryptography is an arms race between cryptographers and cryptanalystsCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page Encryption algorithm•Algorithm used to make content unreadable by all but the intended receiversE(plaintext,key) = ciphertextD(ciphertext,key) = plaintext•Algorithm is public, key is private•Block vs. Stream Ciphers–Block: input is fixed blocks of same length–Stream: stream of inputCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page Hardness•Functions–Plaintext P–Ciphertext C–Encryption key ke–Decryption key kdD(E(P, ke),kd) = P•Computing C from P is hard, computing C from P with ke is easy•Computing P from C is hard, computing P from C with kd is easyCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page Example: Caesar Cipher•Substitution cipher •Every character is replaced with the character three slots to the right•Q: What is the key?S E C U R I T Y A N D P R I V A C YV H F X U L W B D Q G S U L Y D F BA B C D E F G H I J K L M N O P Q R S T V W X Y ZA B CD E F G H I J K L M N O P Q R S T V W X Y ZUUCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page Cyptanalyze this ….“cfh orng aq”CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page Cryptanalysis of ROTx Ciphers•Goal: to find plaintext of encoded message•Given: ciphertext•How: simply try all possible keys–Known as a brute force attack1 T F D V S J U Z B M E Q S J W B D Z2 U G E W T K V A C N F R T H X C E A3 W H F X U L W B D Q G S U L Y D F B S E C U R I T Y A N D P R I V A C YCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page Shared key cryptography•Traditional use of cryptography•Symmetric keys, where A single key (k) is used is used for E and DD( E( p, k ), k ) = p•All (intended) receivers have access to key•Note: Management of keys determines who has access to encrypted data–E.g., password encrypted email•Also known as symmetric key cryptographyCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page Key size and algorithm strength•Key size is an oft-cited measure of the strength of an algorithm, but is strength strongly correlated (or perfectly correlated with key length)?–Say we have two algorithms, A and B with key sizes of 128 and 160 bits (the common measure)–Is A less secure than B?–What if A=B (for variable key-length algorithms)?CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page Is there an unbreakable cipher?•As it turns out, yes …. –(Claude Shannon proved it)CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Page The one-time pad (OTP)•Assume you have a secret bit string s of length n known only to two parties, Alice and Bob–Alice sends a message m of length of n to bob–Alice uses the following encryption function to generate ciphertext cforall i=1 to n : ci = mi 󲰟 si–E.g., XOR the data with the secret bit string–An adversary Mallory cannot retrieve any part of the data•Simple version of the proof of security: –Assume for simplicity that value of each bit in m is equally likely, then you have no information to work with.CSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerReading papers …•What is the purpose of reading papers?•How do you read papers?14CSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerUnderstanding what you read•Things you should be getting out of a paper•What is the central idea proposed/explored in the paper?•Abstract•Introduction•Conclusions•How does this work fit into others in the area?•Related work - often a separate section, sometimes not, every paper should detail the relevant literature. Papers that do not do this or do a superficial job are almost sure to be bad ones.•An informed reader should be able to read the related work and understand the basic approaches in the area, and how they differ from the present work.These are the best areas to find an overview of the contribution15CSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerUnderstanding what you read (cont.)•What scientific devices are the authors using to communicate their point?•Methodology - this is how they evaluate their solution.•Theoretical papers typically validate a model using mathematical arguments (e.g., proofs)•Experimental papers evaluate results based on test apparatus (e.g., measurements, data mining, synthetic workload simulation, trace-based simulation). •Some papers have no evaluation at all, but argue the merits of the solution in prose (e.g., paper design papers)16CSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerUnderstanding what you read (cont.)•What do the authors claim?•Results - statement of new scientific discovery.•Typically some abbreviated form of the results will be present in the abstract, introduction, and/or conclusions.•Note that just because a result was accepted into a conference or journal does necessarily not mean that it is true. Always be circumspect.•What should you remember about this paper?•Take away -


View Full Document

PSU CSE 543 - CSE 543 Computer Security

Documents in this Course
Agenda

Agenda

14 pages

HYDRA

HYDRA

11 pages

PRIMA

PRIMA

15 pages

CLIMATE

CLIMATE

15 pages

Load more
Download CSE 543 Computer Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view CSE 543 Computer Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view CSE 543 Computer Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?