Transcript Today’s topics Computer Applications Upcoming Reading

Today’s topics
Computer Applications
Computer Security
Upcoming
Operating Systems
(Great Ideas, Chapter 10)
Reading
Great Ideas, Chapter 11
CPS 001
32.1
Computer Security: Problem

The Problem: Billions in Losses






Outright theft
Online scams
Viruses / Worms
o Actual damage
o Actions to avoid damage
Denial of Service
Etc.
Possible Traps (Public Systems ! ! ! )



CPS 001
Trojan Horse
Onlooker
Cameras
32.2
Computer Security: Defenses

Passwords



Encryption



Like all fields, doing something stupid …
Tradeoffs


Simple
Strong
Good Practices


Using Secure Passwords
Keeping them Secure
Is the cure worse than the disease?
Long Live Common Sense!
CPS 001
32.3
Good Passwords and Cracking

Briefcase (style) Combination Locks

1.
2.
3.
4.


Contrast to BRUTE brute force method (Always Consider!)
Password on a computer





Brute force methods: Try all combinations
Number of wheels
Number of position per wheel
Time per trial
How long does it take?
+
+
-
More possibilities per “wheel”
More “wheels” (often up to user)
Computer based cracking faster!
Dictionary attacks
Picking a good UNIX password
CPS 001
32.4
Encryption

When passwords fail, encryption can be fallback




Security vs. Privacy
Many levels of encryption:
Go through some of them
Single Alphabetic Substitution




Also provides extra level of difficulty
Caesar: L FDPH, L VDZ, L FRQTXHUHG
Magic decoder ring?
Cryptoquote
Cracking single alphabetic substitution


CPS 001
Character frequency
(Length of text)
32.5
Encryption

Polyalphabetic Substitution




Cypher Reuse !
One Time Pads



The Vignere Cypher
The Babbit Solution
Can be Absolutely Secure
Computers and Random Number Generators ?!
The Key Exchange Problem




CPS 001
Threats
Using your “secure” channel
A padlock analogy
Diffie, Hellman, and Merkle solution
32.6
Public Key Encryption

Publishing the Key!



Rivest, Shamir, and Adleman (RSA)




Another padlock analogy
Diffie Proposal (1975)
Finally came up with a practical method that met the
proposed specs
Widely used now
Based on factoring (not being able to factor!)
Primes and Factoring



CPS 001
Examples of primes
How to factor into primes
For large numbers it is very hard
32.7
Public Key Encryption

Going through an RSA example





Breaking the Code


Public key: N, K
Private key: G
Message: M
RSA: C = (M^K)%N
M = (C^G)%N
Remainder operator (modulus) %
o Wrap around property
o Clock or odometer analogy
Follow example in Text . . .
Factoring
Digital Signatures



CPS 001
Using Private Key and Public Key
Replay attack !
Time (analogy: newspaper in hostage picture)
32.8
Politics of Strong Encryption

These unbreakable* methods called Strong Encryption



Government tried to keep them from getting out




Encryption classified as a munition
Export restrictions . . .
Anecdotes
PGP – Pretty Good Privacy




*more or less
Is any method perfect?
Zimmerman
Legal challenges
Cat out of the bag
Recent silence from government

CPS 001
Has the NSA cracked it?
32.9
Other Attacks (buzz words)


Many leave no trace
Password Cracking


IP Spoofing




Saw in Digital Signature discussion
Applies in many situations
(copy of your key made at hardware store)
Man in the Middle


Weakness in TCP/IP; modern code deals with it
Replay Attack


Considered earlier
Typically hardware attack
Denial of Service
CPS 001
32.10
Whom can you trust?

How to avoid Viruses and Worms



Trapdoors


Free software may have its price
Common Sense




Most infections occur when trying to run unknown
Mail or other communications programs the vector
Consider alternatives
The human factor
Gun to the head method
The Strong Encryption Trap


CPS 001
Forget that password?
Bye – bye !
32.11