View
216
Download
0
Category
Tags:
Preview:
Citation preview
8/30/2010 CS 686
Definition of Security/Privacy
EJ Jungejung@cs.usfca.edu
CS 686 Special Topics in CSPrivacy and Security
8/30/2010 CS 686
AnnouncementsCourse Questionnaire and Consent Form
• No submission, no grades
Service Lab community partners are coming
Reading assignment in schedule• read “ahead”
8/30/2010 CS 686
Course questionnaire results
20 students
Previous courses• 13 networks, 10 OS, 3 crypto, 1 security
Familiar technology• 13 hash, 10 proxy, 9 SSL/TLS, 9 PKC, 3 TOR, 2
PGP, 1 IPsec,
8/30/2010 CS 686
Current challenging problems
Conflicting goals: • privacy vs. utility, anonymity vs. authenticity• safety vs. convenience, usability• right to opt-out• happy medium
HackersUser education and admin educationData sharing among many partiesData leak from social networks
8/30/2010 CS 686
Want to solve
Hacking prevention, Server protection, Data protection Vulnerability (loophole) analysis and mitigation Intrusion detection
• packet sniffing and monitoring User education, usability Malware, e.g. virus, key-loggers, prevention&detection Identity theft, Phishing prevention/detection Right to opt-out, Pay for privacy Anonymity, Finding happy medium between anonymity
and authenticity• TOR
Security software development Secure data sharing among multiple parties, Data tracing
8/30/2010 CS 686
After this course
Become knowledgeable
Find vulnerabilities
Protect systems and websites• without hurting performance and usability too
much
Work as security specialist
8/30/2010 CS 686Henric Johnson 7
Attacks, Services and Attacks, Services and MechanismsMechanisms
Security Attack: Any action that compromises the security of information.
Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
8/30/2010 CS 686
Passive attack (1) - Eavesdrop
Code talkers
8/30/2010 CS 686
Passive attack (2) - Analysis
Alexa
8/30/2010 CS 686
Active attack (1) - impersonation
Impostors on Facebook
8/30/2010 CS 686
Active (2) - replay
8/30/2010 CS 686
Active (3) – intercept&modify
8/30/2010 CS 686
Active (4) - DoS
Distributed DoS
8/30/2010 CS 686
Summary of attacks
Henric Johnson 14
8/30/2010 CS 686Henric Johnson 15
Security ServicesSecurity Services
Confidentiality (privacy)
Authentication (who created or sent the data)
Integrity (has not been altered)
Non-repudiation (the order is final)
Access control (prevent misuse of resources)
Availability (permanence, non-erasure)
• Denial of Service Attacks
• Virus that deletes files
8/30/2010 CS 686
network
Attack on Authenticity
Authenticity is identification and assurance of origin of information
Unauthorized assumption ofanother’s identity
8/30/2010 CS 686
network
Attack on Confidentiality
Confidentiality is concealment of information
Eavesdropping,packet sniffing,illegal copying
8/30/2010 CS 686
network
Attack on Integrity
Integrity is prevention of unauthorized changes
Intercept messages,tamper, release again
8/30/2010 CS 686
network
Attack on Availability
Availability is ability to use information or resources desired
Overwhelm or crash servers,disrupt infrastructure
8/30/2010 CS 686
Famous words
Encrypt and decryptPlaintext and ciphertext
• encrypt plaintext -> ciphertext• decrypt ciphertext -> plaintext• easy example: XOR
Digital signature• as you sign on paper• for non-repudiation and accountability
Session• one conversation/communication unit
8/30/2010 CS 686
Model for Network Security
8/30/2010 CS 686
Access Control Model
Recommended