definition of security/privacy
DESCRIPTION
CS 686 Special Topics in CS Privacy and Security. Definition of Security/Privacy. EJ Jung [email protected]. Announcements. Course Questionnaire and Consent Form No submission, no grades Service Lab community partners are coming Reading assignment in schedule read “ahead”. - PowerPoint PPT PresentationTRANSCRIPT
8/30/2010 CS 686
Definition of Security/Privacy
CS 686 Special Topics in CSPrivacy and Security
8/30/2010 CS 686
AnnouncementsCourse Questionnaire and Consent Form
• No submission, no grades
Service Lab community partners are coming
Reading assignment in schedule• read “ahead”
8/30/2010 CS 686
Course questionnaire results
20 students
Previous courses• 13 networks, 10 OS, 3 crypto, 1 security
Familiar technology• 13 hash, 10 proxy, 9 SSL/TLS, 9 PKC, 3 TOR, 2
PGP, 1 IPsec,
8/30/2010 CS 686
Current challenging problems
Conflicting goals: • privacy vs. utility, anonymity vs. authenticity• safety vs. convenience, usability• right to opt-out• happy medium
HackersUser education and admin educationData sharing among many partiesData leak from social networks
8/30/2010 CS 686
Want to solve Hacking prevention, Server protection, Data protection Vulnerability (loophole) analysis and mitigation Intrusion detection
• packet sniffing and monitoring User education, usability Malware, e.g. virus, key-loggers, prevention&detection Identity theft, Phishing prevention/detection Right to opt-out, Pay for privacy Anonymity, Finding happy medium between anonymity
and authenticity• TOR
Security software development Secure data sharing among multiple parties, Data tracing
8/30/2010 CS 686
After this courseBecome knowledgeable
Find vulnerabilities
Protect systems and websites• without hurting performance and usability too
much
Work as security specialist
8/30/2010 CS 686Henric Johnson 7
Attacks, Services and Attacks, Services and MechanismsMechanisms
Security Attack: Any action that compromises the security of information.
Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
8/30/2010 CS 686
Passive attack (1) - Eavesdrop
Code talkers
8/30/2010 CS 686
Active attack (1) - impersonation
Impostors on Facebook
8/30/2010 CS 686
Active (2) - replay
8/30/2010 CS 686
Active (3) – intercept&modify
8/30/2010 CS 686
Active (4) - DoSDistributed DoS
8/30/2010 CS 686
Summary of attacks
Henric Johnson 14
8/30/2010 CS 686Henric Johnson 15
Security ServicesSecurity Services Confidentiality (privacy) Authentication (who created or sent the data) Integrity (has not been altered) Non-repudiation (the order is final) Access control (prevent misuse of resources) Availability (permanence, non-erasure)
• Denial of Service Attacks• Virus that deletes files
8/30/2010 CS 686
network
Attack on AuthenticityAuthenticity is identification and assurance
of origin of informationUnauthorized assumption ofanother’s identity
8/30/2010 CS 686
network
Attack on ConfidentialityConfidentiality is concealment of
informationEavesdropping,packet sniffing,illegal copying
8/30/2010 CS 686
network
Attack on Integrity Integrity is prevention of unauthorized
changesIntercept messages,tamper, release again
8/30/2010 CS 686
network
Attack on AvailabilityAvailability is ability to use information or
resources desiredOverwhelm or crash servers,disrupt infrastructure
8/30/2010 CS 686
Famous wordsEncrypt and decryptPlaintext and ciphertext
• encrypt plaintext -> ciphertext• decrypt ciphertext -> plaintext• easy example: XOR
Digital signature• as you sign on paper• for non-repudiation and accountability
Session• one conversation/communication unit
8/30/2010 CS 686
Model for Network Security
8/30/2010 CS 686
Access Control Model