Computer Security and Cryptography - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Computer Security and Cryptography

Description:

Computer Security and Cryptography Partha Dasgupta, Arizona State University – PowerPoint PPT presentation

Number of Views:205
Avg rating:3.0/5.0
Slides: 21
Provided by: ZMK4
Category:

less

Transcript and Presenter's Notes

Title: Computer Security and Cryptography


1
Computer Security and Cryptography
Partha Dasgupta, Arizona State University
2
The Problem
If I didn't wake up, I'd still be sleeping.
3
Not just hype paranoia
  • Internet hosts are under constant attack
  • Financial losses are mounting
  • Miscreants are getting smarter
  • (and so are consumers)
  • National Security risks were stated and then
    underplayed
  • Data loss threatens normal users, corporations,
    financial institutions, government and more
  • Questions
  • HOW? WHY? and What can we do?

4
Overview
  • Part 1 Security Basics
  • Part 2 Attacks
  • Part 3 Countermeasures
  • Part 4 Cryptography
  • Part 5 Network Security
  • Part 6 System Security
  • Part 7 State of the Art and Future

5
Part 1 Security Basics
  • Computer and Network Security basics
  • Hacking
  • Attacks and Risks
  • Countermeasures
  • Secrets and Authentication
  • Paranoia

6
Computer and Network Security
  • Keep computers safe from program execution that
    is not authorized
  • Keep data storage free from corruption
  • Keep data storage free from leaks
  • Keep data transmissions on the network private
    and un-tampered with
  • Ensure the authenticity of the transactions (or
    executions)
  • Ensure that the identification of the human,
    computer, resources are established
  • With a high degree of confidence
  • Do not get stolen, misused or misrepresented

7
Hacking or Cracking
  • Plain old crime
  • Phone Phreaking
  • Credit cards, the old fashioned way
  • Technology Hacks
  • Design deficiencies and other vulnerabilite
  • ATM, Coke Machines, Credit Cards, Social
    Engineering
  • Software hacks
  • Second channel attacks
  • RFID issues
  • Cell phone vulnerabilities
  • Grocery cards?

8
Attacks and Risks
  • Attacks
  • An attack is a method that compromises one or
    more of- privacy (or confidentiality)- data
    integrity- execution integrity
  • Attacks can originate in many ways
  • System based attacks
  • Network based attacks
  • Unintended Consequences
  • Risk a successful attack leads to compromise
  • Data can be stolen, changed or spoofed
  • Computer can be used for unauthorized purposes
  • Identity can be stolen
  • RISK can be financial

9
Attack Types
  • System based attacks
  • Virus, Trojan, rootkit
  • Adware, spyware, sniffers
  • A program has potentially infinite power
  • Can execute, spawn, update, communicate
  • Can mimic a human being
  • Can invade the operating system
  • Network based attacks
  • Eavesdropping
  • Packet modifications, packet replay
  • Denial of Service
  • Network attacks can lead to data loss and system
    attacks

10
Countermeasures
  • System Integrity Checks
  • Virus detectors
  • Intrusion detection systems
  • Software signatures
  • Network Integrity checks
  • Encryption
  • Signatures and digital certificates
  • Firewalls
  • Packet integrity, hashes and other cryptographic
    protocols
  • Bottom Line
  • We have an arsenal for much of the network
    attacks
  • System security is still not well solved

11
What is at Risk?
  • Financial Infrastructure
  • Communication Infrastructure
  • Corporate Infrastructure
  • Confidentiality and Privacy at many levels
  • Economy
  • Personal Safety

12
The Shared Secret Fiasco
  • Our authentication systems (personal, financial,
    computing, communications) are all based on
    shared secrets
  • ID numbers, Account numbers, passwords, SS, DOB
  • When secrets are shared, they are not secrets
  • They will leak!
  • Given the ability of computers to disseminate
    information, all shared secret schemes are at
    extreme risk
  • Media reports of stolen data is rampant
  • The Fake ATM attack
  • The check attack
  • The extortion attack

13
How do secrets leak?
  • Malicious reasons
  • Simple mistakes
  • Oversight
  • Bad human trust management
  • Bad computer trust management
  • Nothing can go wrong
  • Please believe in Murphy!

14
Keeping Secrets?
  • Simple answer, not possible.
  • Encryption is good, but data has to be
    unencrypted somewhere
  • Disappearing Ink?
  • Use paper based documents, not scanned.
  • Public Key Encryption has much promise (PKI
    systems)
  • Shared secrets need to be eliminated as much as
    possible
  • Separate out of band communications
  • Phone, postal mail, person-to-person

15
Authentication
  • Shared secrets are used for authentication
  • Username/passwords
  • Multi-factor authentication
  • What you know
  • What you have
  • What you are, what you can do.
  • Most of the authentication methods are quite
    broken
  • Designed when networking was not around
  • PKI systems are better, but not deployed
  • Too many false solutions (dangerous, gives a
    feeling of security)

16
Passwords
  • The password is known to the host and the client
  • Under some password schemes the host does not
    know the password (e.g. Unix)
  • Passwords can leak from host or from client
  • Same password is used for multiple sites
  • Password managers are not too effective
  • Good passwords are not as good as you think
  • Invented for a completely different purpose,
    using passwords on the web, even with SSL
    encryption, is a bad idea

17
False Solutions
  • Biometrics
  • A digital bit string, or password that cannot be
    changed
  • Plenty of attacks possible, including framing
  • RFID identification
  • Plenty of attacks possible
  • Multi-Factor authentication
  • Better, but still not good
  • Smart cards (the not-so-smart ones)
  • Again, based on shared secrets, have attacks and
    limitations

18
Paranoia?
  • A large number of computers (consumer, business)
    are compromised or used for fraud
  • Viral infections, zombies
  • Many web servers are for fraudulent reasons
  • Spam is an indicator
  • Unprecedented lying, cheating
  • Adware, popups, spyware
  • All attempting to mislead, steer, and victimize
  • Identity theft, financial theft, cheating
  • Probably at an all time high
  • Security Awareness is often coupled with paranoia
  • It is necessary to be paranoid!

19
What is the point of an attack?
  • Get your shared secrets for financial gain
  • Espionage
  • Disruption

PersonalCorporateFinancialSystem Identification
20
Computer Security
  • Software needs to be verifiably untampered and
    trusted
  • Networks need to be free from tampering/sniffing
  • Data has to be secure from stealing and tampering
  • End user protection
  • A coalescing of software, hardware and
    cryptography along with human intervention and
    multi-band communication.
Write a Comment
User Comments (0)
About PowerShow.com