cps 001 32.1 today’s topics computer applications computer security upcoming operating systems (...
TRANSCRIPT
CPS 001 32.1
Today’s topics
Computer ApplicationsComputer Security
UpcomingOperating Systems
(Great Ideas, Chapter 10)
ReadingGreat Ideas, Chapter 11
CPS 001 32.2
Computer Security: Problem
The Problem: Billions in Losses Outright theft Online scams Viruses / Worms
o Actual damageo Actions to avoid damage
Denial of Service Etc.
Possible Traps (Public Systems ! ! ! ) Trojan Horse Onlooker Cameras
CPS 001 32.3
Computer Security: Defenses
Passwords Using Secure Passwords Keeping them Secure
Encryption Simple Strong
Good Practices Like all fields, doing something stupid …
Tradeoffs Is the cure worse than the disease?
Long Live Common Sense!
CPS 001 32.4
Good Passwords and Cracking
Briefcase (style) Combination Locks Brute force methods: Try all combinations1. Number of wheels2. Number of position per wheel3. Time per trial4. How long does it take?
Contrast to BRUTE brute force method (Always Consider!)
Password on a computer + More possibilities per “wheel” + More “wheels” (often up to user) - Computer based cracking faster! - Dictionary attacks
Picking a good UNIX password
CPS 001 32.5
Encryption
When passwords fail, encryption can be fallback Also provides extra level of difficulty
Security vs. Privacy Many levels of encryption:
Go through some of them Single Alphabetic Substitution
Caesar: L FDPH, L VDZ, L FRQTXHUHG Magic decoder ring? Cryptoquote
Cracking single alphabetic substitution Character frequency (Length of text)
CPS 001 32.6
Encryption
Polyalphabetic Substitution The Vignere Cypher The Babbit Solution
Cypher Reuse ! One Time Pads
Can be Absolutely Secure Computers and Random Number Generators ?!
The Key Exchange Problem Threats Using your “secure” channel A padlock analogy Diffie, Hellman, and Merkle solution
CPS 001 32.7
Public Key Encryption
Publishing the Key! Another padlock analogy Diffie Proposal (1975)
Rivest, Shamir, and Adleman (RSA) Finally came up with a practical method that
met the proposed specs Widely used now Based on factoring (not being able to factor!)
Primes and Factoring Examples of primes How to factor into primes For large numbers it is very hard
CPS 001 32.8
Public Key Encryption
Going through an RSA example Public key: N, K Private key: G Message: M RSA: C = (M^K)%N M = (C^G)%N Remainder operator (modulus) %
o Wrap around propertyo Clock or odometer analogy
Follow example in Text . . . Breaking the Code
Factoring Digital Signatures
Using Private Key and Public Key Replay attack ! Time (analogy: newspaper in hostage picture)
CPS 001 32.9
Politics of Strong Encryption
These unbreakable* methods called Strong Encryption *more or less Is any method perfect?
Government tried to keep them from getting out Encryption classified as a munition Export restrictions . . . Anecdotes
PGP – Pretty Good Privacy Zimmerman Legal challenges Cat out of the bag
Recent silence from government Has the NSA cracked it?
CPS 001 32.10
Other Attacks (buzz words)
Many leave no trace Password Cracking
Considered earlier IP Spoofing
Weakness in TCP/IP; modern code deals with it Replay Attack
Saw in Digital Signature discussion Applies in many situations (copy of your key made at hardware store)
Man in the Middle Typically hardware attack
Denial of Service
CPS 001 32.11
Whom can you trust?
How to avoid Viruses and Worms Most infections occur when trying to run unknown Mail or other communications programs the vector
Trapdoors Free software may have its price
Common Sense Consider alternatives The human factor Gun to the head method
The Strong Encryption Trap Forget that password? Bye – bye !