Foundations of Network and Foundations of Network and Computer SecurityComputer SecurityJJohn BlackCSCI 6268/TLEN 5831, Fall 2005Introduction• UC Davis– PhD in 2000– Cryptography– Interested in broader security as well• UNR two years• CU Boulder three years• Computer and Communications Security Center• My teaching style and personalityThis Classhttp://www.cs.colorado.edu/~jrblack/class/csci6268/f05/• Use above for all materials– Available from my home page• This is a CAETE course– About 4 distance-learning students– Lectures available on the web (later)– Lectures on VHS in library in Math bldgLogistics• TR, ECCS 1B28, 11am – 12:15pm• Final, Monday Dec. 12th, 4:30pm – 7pm• Office Hours– ECOT 627, W 4-4:50pm; R 9:30-10:20am – More as needed– [email protected] (better than dropping by without an appt)Grading• See course info sheet– Let’s go over it now• Course Topics– Why no book?– Cryptography and Network Security• Quite a blend of math, hacking, and thinkingTopics• Policy, Law, History– A Taste Today• Cryptography– Not how to make it, but how to use it• Hacking– Buffer overruns, WEP attack, TCP session hijacking, DDoS, prevention– Some hands-on using OpenSSL (project)MiscellanyClass Format: Informal– Small class– Ask questions!• Slides– Generally available in advance• Schedule– Usually up-to-date and onlineHistory• Early days of Cryptography• Lucifer and DES• Export restrictions– 40 bit keys!• Public Key Cryptography– MI6 had it first?!• Differential cryptanalysis– NSA knew firstWho is the NSA?• National Security Agency–Huge– Fort Meade, MD– More mathematicians than anywhere– Classified budgetLaws•DMCA– Felten RIAA/SDMI case most famous• 2001 SDMI challenge– Many believe it’s the right idea, but a bad law– All reverse-engineering is sketchy• CALEA (1994)– Communications Assistance for Law Enforcement Act– Recently ruling says VoIP must provide compliance• Still in the courts• Patriot ActCase Study• Accountant for crime ring– Used PGP• Pretty Good Privacy•Phil Zimmerman– Feds seized computer• Couldn’t read files!– Subpoena for keylogger– Worked like a charm!Policy• Government has attempted to control encryption before– Skipjack– Key Escrow– Clipper Chip• Ultimately failed due to massive protest from “privacy advocates”– Electronic Frontier Foundation (John
View Full Document