DOC PREVIEW
EIU CIS 3200 - CIS 3200 Security

This preview shows page 1-2-3 out of 10 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1Security (Part 2)School of BusinessEastern Illinois University © Abdou Illia, Spring 2007(Week 13, Thursday 4/5/2007)2Learning Objectives Discuss security goals Discuss defense systems against– Intercepting confidential messages– DoS attacks– Malware attacks3Security Goals If eavesdropping and message alteration attacks succeed, in which of the following ways the victims could be affected?a) Data files stored on hard drives might be deletedb) Data files stored on hard drives might be alteredc) Data being transmitted could be alteredd) Data being transmitted could be intercepted and used by the attackere) Users might not be able to get network services for a certain period of timef) The network might slow downConfidentiality = Main goal of implementing defense systems against eavesdropping and message alteration.24Security Goals If a malware attack succeeds, in which of the following ways the victims could be affected?a) Data files stored on hard drives might be deletedb) Data files stored on hard drives might be alteredc) Data being transmitted could be alteredd) Data being transmitted could be intercepted and used by the attackere) Users might not be able to get network services for a certain period of timef) The network might slow downIntegrity = Main goal of implementing defense systems against malware attacks.5Security Goals If a DoS attack succeeds, in which of the following ways the victims could be affected?a) Data files stored on hard drive might be deletedb) Data files stored on hard drives might be alteredc) Data being transmitted could be alteredd) Data being transmitted could be intercepted and used by the attackere) Users might not be able to get network services for a certain period of timef) The network might slow downAvailability = Main goal of implementing defense systems against DoS attacks.6Security Goals CIA is the key word in implementing security– Confidentiality of communications–Integrity of data–Availability of network services and resources37Encryption-Decryption techniques Cryptography is the study of creating and using encryption and decryption techniques.Plaintext is the data before any encryption has been performedCiphertext is the data after encryption has been performedThe key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext8Encryption-Decryption techniques Key = COMPUTER SCIENCE Plaintext = this is the account number you have requested Algorithm based on Vigenere matrix9Encryption-Decryption techniques1) Look at the first letter in the plaintext (T)2) Look at the corresponding key character immediately above it (C)3) C tells us to use row C of Vigenere matrix to perform alphabetic substitution for plaintext character T4) Go to column T in row C and find the cipher character V5)Repeat Steps 1 through 4 for every character of the plaintext.COMPUTERSCIENCECOMPUTERSCIENCECOMPUTERSCIENCEThisistheaccountnumberyouhaverequested410Encryption and Decryption techniques Encryption algorithm cannot be kept secret Key must be kept secretPlaintext Encryption Ciphertext Decryption PlaintextAlgorithmKeyAlgorithmKeyTransmittedOriginalMessageOriginalMessage11Encryption: Key Length Key can be “guessed” by exhaustive search– Try all possible keys– See which one decrypts the message Long keys make exhaustive search difficult– If length is n bits, 2ntries may be needed– If key length is 8 bits, only 256 tries maximum– Usually, Key Length ≥ 56 bitsAssume a key is 56 bits. If it takes 0.00024 seconds to try each key, how long will it take to try all possible keys? What if 10000 computers are working together to try all key combinations?12Encryption-Decryption methods Symmetric key encryption method– Use a single key for Encryption-Decryption– Examples: Data Encryption Standard (DES), 3DES Public/Private key encryption method– Use different keys for Encryption-Decryption– Examples: RSA, Elliptical curve cryptosystem513Symmetric Encryption-Decryption Symmetric key must be distributed secretly between partners When Partner A sends to Partner B Partner A encrypts with the key, partner B decrypts with the key When Partner B send to Partner A Partner B encrypts with the key, partner A decrypts with the keyPlaintext Encryption Ciphertext Decryption Plaintext1010010101Transfer $5,000Transfer$5,00014Symmetric Encryption-Decryption Advantages: Simple enough for fast Encryption-Decryption Fast enough for long messages Disadvantages: Need a different Symmetric key for each partner (or other partners could read messages) If N partners, need N*(N-1)/2 keys.Plaintext Encryption Ciphertext Decryption Plaintext1010010101Transfer $5,000Transfer$5,00015Public/Private key Encryption-Decryption Each partner has a private key (kept secret) and a public key (shared with everybody) Sending Partner A encrypts with the public key of Partner B Partner B encrypts with the public key of Partner AReceiving Each receiver decrypt with its own private keyEncrypt withParty B’s Public KeyPartner APartner BDecrypt withParty B’s Private Key616Public/Private key Encryption-Decryption Advantages: Once the message is encrypted, nobody can decrypted it except the receiver Simplicity of key exchange: No need to exchange public key securelyDisadvantages: Complex: Requires many computer processing cycles to do Public Encryption-Decryption Can only be used to encrypt small messagesEncrypt withParty B’s Public KeyPartner APartner BDecrypt withParty B’s Private Key17Summary Questions3) Jason sends a message to Kristin using public key encryption. (a) What key will Jason use to encrypt the message? (b) What key will Kristin use to decrypt the message? (c) What key will Kristin use to encrypt the reply? (d) What key will Jason use to decrypt the reply? (e) Can the message and reply be long messages? Explain.(a)(b)(c)(d)(e)4) Does public key encryption have a problem with secure key exchange for the public key? Explain.18What is common to malware attacks? Malware or content attack messages– Include illicit content in the data filed of the messageIP-HIP-HTCP-HUDP-H Application Layer MessageApplication Layer MessageDefense systems for protecting against malware attacks are designed to filter Application layer messages. Are Anti-Virus Programs or Application Firewalls.719What is common to


View Full Document

EIU CIS 3200 - CIS 3200 Security

Documents in this Course
Load more
Download CIS 3200 Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view CIS 3200 Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view CIS 3200 Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?