CS672 Information Security - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

CS672 Information Security

Description:

... signature scheme, digital credentials, security proofs, ... Bob has a web photo album and wants to control the access. Adversary or attacker. Introduction ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 17
Provided by: JimKurosea348
Category:

less

Transcript and Presenter's Notes

Title: CS672 Information Security


1
CS672 Information Security
  • Danfeng (Daphne) Yao
  • Fall 2008

2
Todays agenda
  • Course workload
  • Project logistics
  • Overview of the course
  • Topics to be covered
  • Basic knowledge
  • What is information security?
  • What is cryptography?
  • What are the techniques?
  • What are the models?

3
Course workload
  • Course homepage
  • www.cs.rutgers.edu/danfeng/courses/cs672/
  • Take-home mid-term exam 30
  • Project 60
  • 3-paragraph proposal 10
  • 1.5-page intermediate report 20
  • 3-page final report and 15-minute presentation
    30
  • Individual project, no group project
  • Class participation 10
  • Occasional reading assignments (e.g., papers)

4
Tentative dates
  • Take-home exam date 10/28 -- 10/30
  • Project proposal due 10/15 (Wedensday)
  • Project update due 11/12 (Wednesday)
  • Project final report due 12/11 (Thursday)
  • Project presentation Week of 12/08

5
More on project
  • A list of project ideas will be posted
  • You are welcome to create your own project
  • Examples of projects
  • Fine-grained and personalized data authorization
    in mashup environments
  • Data provenance challenges and techniques
  • Usable web 2.0 privacy
  • Efficient cross-domain authorization in
    decentralized environments
  • BGP security problems, solutions, and
    limitations

6
Academic Integrity
  • No cheating on project, and exam
  • Department academic integrity policy
  • http//www.cs.rutgers.edu/policies/academicintegri
    ty/
  • University academic integrity policy
  • http//academicintegrity.rutgers.edu/integrity.sht
    ml

7
What is Information Security?
  • The concepts, techniques, technical measures, and
    administrative measures used to protect
    information assets from deliberate or inadvertent
    unauthorized acquisition, damage, disclosure,
    manipulation, modification, loss, or use.
  • American National Standard Dictionary of
    Information Technology (ANSDIT)

8
Topics to be covered
  • Fundamentals Security models and definitions,
    signature scheme, digital credentials, security
    proofs, anonymity, privacy
  • Authentication user and data authentication,
    biometrics, authenticated dictionary, Merkle hash
    tree, broadcast authentication
  • Identity management federated ID management,
    notarized FIM, anonymous credential
  • Data integrity authentication in outsourced
    computing time-stamping, auditing, security
    issues and solutions for outsourced computing
  • Network security threat models, SSL, https, PKI,
    DoS
  • Network attacks and defenses Phishing, pharming
    attacks, DNS security, BGP origin authentication,
    IP hijacking

9
Topics to be covered, contd
  • Email security Authentication, confidentiality,
    domain-level authentication
  • Intrusion detections Botnet detection,
    firewalls, IDS
  • Browser security Same origin policy, XSS, XSRF
    attacks, mashup security
  • System design and verification Model checking,
    risk analysis, least-privilege, separation of
    duty
  • Access control and trust management RBAC, role
    hierarchy, decentralization, reputation system,
    key management
  • Authorization in Web 2.0 Usable security,
    privacy in social networks
  • Identity-based encryption and its applications
    Hidden credential, forward security, identity
    escrow, attribute-based encryption

10
A simple picture about information security
Adversary or attacker
Bob
Alice
  • Goal Alice and Bob want to securely communicate
  • Data authenticity, integrity, confidentiality,
    etc
  • Problem the adversary or attacker wants to
    disrupt
  • Intercept, forge, relay, replay, tamper, etc
  • Other scenarios
  • Alice does online-banking facing phishing
    attacks
  • Bob has a web photo album and wants to control
    the access

11
Important concepts
  • Authenticity
  • The property of being genuine and being able to
    be verified and trusted.
  • Message authentication, sender authentication
  • Integrity
  • The property that sensitive data has not been
    modified or deleted in an unauthorized and
    undetected manner.
  • Confidentiality
  • The property that sensitive information is not
    disclosed to unauthorized individuals, entities
    or processes.
  • Non-repudiation
  • Assurance that the sender of information is
    provided with proof of delivery and the recipient
    is provided with proof of the senders identity,
    so neither can later deny having processed the
    information.
  • Source American National Standard Dictionary of
    Information Technology (ANSDIT)

12
What is cryptography?
  • The discipline that embodies the principles,
    means, and methods for the transformation of data
    in order to hide their semantic content, prevent
    their unauthorized use, or prevent their
    undetected modification. The discipline that
    embodies principles, means and methods for
    providing information security, including
    confidentiality, data integrity, non-repudiation,
    and authenticity.
  • Source American National Standard Dictionary of
    Information Technology (ANSDIT)

13
What are the techniques?
  • Secret key cryptography
  • Use of a single cryptographic key shared between
    two parties.
  • The same key is used to encrypt and decrypt data.
    This key is kept secret by the two parties.
  • Public key cryptography
  • Use of two keys a public key and a private key.
  • The two keys are related but have the property
    that, given the public key, it is computationally
    infeasible to derive the private key.
  • In a public key cryptosystem, each party has its
    own public/private key pair.
  • The public key can be known by anyone the
    private key is kept secret.

14
Public key encryption scheme
3. Alice decrypts the message using
2. Bobs encrypted message (aka ciphertext)
Bob
Alice
1. Bob encrypts his message using
Public key
Private key
  • RSA is public key encryption scheme
  • A good encryption scheme should satisfy
    confidentiality
  • How to define good?
  • Intuition an adversary cannot guess the message
    from the ciphertext
  • What is a formal security model?

15
Public key signature scheme
1. Alice signs her message using
2. Message and Alices signature
Bob
Alice
3. Bob verifies the signature using
Public key
Private key
  • Can be thought of the reverse of the encryption
    scheme
  • A good signature scheme should satisfy message
    integrity
  • How to define good?
  • Intuition an adversary cannot forge a
    well-formed signature
  • What is the formal security model?

16
Resources
  • Computer Security Art and Science by Matt Bishop
  • Security in Computing by Charles P. Pfleeger and
    Shari Lawrence Pfleeger.
  • (Math Library)
  • Information security dictionary
  • http//www.veridion.net/dictionnaire_eng.html
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CS672 Information Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!