Information Security CS 526 Lecture 1 - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Information Security CS 526 Lecture 1

Description:

... to explore in Nigeria due to the poor credit ratings of most 95% of Nigerians. ... Is your car secure? What does 'secure' mean? ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 17
Provided by: NINGH7
Category:

less

Transcript and Presenter's Notes

Title: Information Security CS 526 Lecture 1


1
Information Security CS 526Lecture 1
  • Overview of the Course

2
See the Course Homepage
  • http//www.cs.purdue.edu/homes/ninghui/courses/526
    _Fall08/index.html

3
Why Information Security?
  • Information systems (and stored information) are
    under attacks and suffer damages
  • Who are the attackers?
  • bored teenagers, criminals, organized crime
    organizations, rogue states, industrial
    espionage, malicious insiders,
  • Why they do it?
  • fun,
  • fame,
  • profit,
  • information is money

4
Information Security Issues
  • Computer break-ins
  • Computer worms
  • Distributed denial of service attacks
  • Email spams
  • Identity theft
  • Spyware
  • Botnets
  • Serious security flaws in many important systems
  • electronic voting machines

5
A likely spam email
  • From Femi Madariola (maddey2001_at_yahoo.com)
  • To imolloy_at_cs.purdue.edu ninghui_at_cs.purdue.edu
    jiangtao.li_at_intel.com
  • Subject RE Dynamic Virtual Credit Card Numbers
  • Dear Sir/Ma,
  • I'm mailing you as regards a project i read which
    was co-authored by you with the aforementioned
    title. I will like to commend you on the project
    which was well written, well doctored piece of
    work and very enlightening.
  • I'm writing this mail on behalf of BottomNaira
    enterprises for two reasons and they are
  • 1.) we want to know if the project you wrote
    about is implementable as a business solution,
  • 2.) we also want to know if you would be willing
    to provide us with the algorithm for the software
    or help us in the implementation of the software.

6
A likely spam email (cond)
  • BottomNaira Enterprises is a small business
    company based in Nigeria run by young
    entrepreneurs, that helps Nigerians pay for
    purchases made abroad using e-commerce. This is a
    niche we were able to explore in Nigeria due to
    the poor credit ratings of most 95 of Nigerians.
    Our website is undergoing some repairs at the
    moment but you can google bottomnaira, to be sure
    this is not a scam mail. We have outdated system
    that we use currently which is costing the
    company much more money, time and team effort.
    That is why we've been looking around for a more
    improved model and refined model like the one
    proposed in your project.
  • We would really appreciate it if you can get back
    to us as soon as possible with a reply to this
    mail.
  • Thank you for your anticipated co-operation.
  • Femi Madariola
  • for BottomNaira enterprises.

7
Security is Secondary
  • What protection/security mechanisms one has in
    the physical world?
  • Why the need for security arises?
  • Security is secondary to the interactions that
    make security necessary.

8
Security is not Absolute
  • Is your car secure?
  • What does secure mean?
  • What security mechanisms improve your cars
    security?
  • Security is relative
  • to the kinds of loss one consider
  • security objectives/properties need to be stated
  • to the threats/adversaries under consideration.
  • security is always under certain assumptions

9
Information Security is Interesting
  • The most interesting/challenging threats to
    security are posed by human adversaries
  • security is harder than reliability
  • Information security is a self-sustained field
  • Security is about risk/cost tradeoff
  • thought often the tradeoff analysis is not
    explicit
  • Security is not all technological
  • humans are often the weakest link

10
Information Security is Challenging
  • In which ways information security is more
    difficult than physical security?
  • adversaries can come from anywhere
  • computers enable large-scale automation
  • adversaries can be difficult to identify
  • adversaries can be difficult to punish
  • potential payoff can be much higher
  • In which ways information security is easier than
    physical security?

11
Information Security Goals
  • Confidentiality (secrecy, privacy)
  • only those who are authorized to know can know
  • Integrity (authenticity)
  • only modified by authorized parties and in
    authorized ways
  • Availability
  • those authorized to access can get access

12
Tools for Information Security
  • Cryptography
  • Access control
  • Processes and tools for developing more secure
    software
  • Monitoring and analysis
  • Recovery and response

13
Security Principles
  • Principle of adequate protection
  • Goal is not to maximize security, but to maximize
    utility while limiting risk to an acceptable
    level within reasonable cost
  • Principle of effectiveness
  • Controls must be used?and used properly?to be
    effective. they must be efficient, easy to use,
    and appropriate
  • Psychological acceptability
  • Principle of weakest link
  • Principle of defense in depth
  • Security by obscurity doesnt work

14
Ethical use of security information
  • We discuss vulnerabilities and attacks
  • Most vulnerabilities have been fixed
  • Some attacks may still cause harm
  • Do not try these at home
  • Purpose of this class
  • Understand information security threats
  • Learn to prevent malicious attacks and/or limit
    their consequences
  • Learn to think about security when doing things

15
Readings for This Lecture
  • Information Security
  • on wikipedia
  • http//en.wikipedia.org/wiki/Information_security

16
Coming Attractions
  • Symmetric Cryptography
Write a Comment
User Comments (0)
About PowerShow.com