Today’s topics Computer Applications Upcoming Reading
Download
Report
Transcript Today’s topics Computer Applications Upcoming Reading
Today’s topics
Computer Applications
Computer Security
Upcoming
Operating Systems
(Great Ideas, Chapter 10)
Reading
Great Ideas, Chapter 11
CompSci 001
32.1
Computer Security: Problem
The Problem: Billions in Losses
Outright theft
Online scams
Viruses / Worms
o Actual damage
o Actions to avoid damage
Denial of Service
Etc.
Possible Traps (Public Systems ! ! ! )
Trojan Horse
Onlooker
Cameras
CompSci 001
32.2
Computer Security: Defenses
Passwords
Encryption
Like all fields, doing something stupid …
Tradeoffs
Simple
Strong
Good Practices
Using Secure Passwords
Keeping them Secure
Is the cure worse than the disease?
Long Live Common Sense!
CompSci 001
32.3
Good Passwords and Cracking
Briefcase (style) Combination Locks
1.
2.
3.
4.
Contrast to BRUTE brute force method (Always Consider!)
Password on a computer
Brute force methods: Try all combinations
Number of wheels
Number of position per wheel
Time per trial
How long does it take?
+
+
-
More possibilities per “wheel”
More “wheels” (often up to user)
Computer based cracking faster!
Dictionary attacks
Picking a good UNIX password
CompSci 001
32.4
Encryption
When passwords fail, encryption can be fallback
Security vs. Privacy
Many levels of encryption sophistication:
Go through some of them
Single Alphabetic Substitution
Also provides extra level of difficulty
Caesar: L FDPH, L VDZ, L FRQTXHUHG
Magic decoder ring?
Cryptoquote
Cracking single alphabetic substitution
Character frequency
(Length of text)
CompSci 001
32.5
Encryption
Polyalphabetic Substitution
Cypher Reuse !
One Time Pads
The Vignere Cypher
The Babbit Solution
Can be Absolutely Secure
Computers and Random Number Generators ?!
The Key Exchange Problem
Threats
Using your “secure” channel
A padlock analogy
Diffie, Hellman, and Merkle solution
CompSci 001
32.6
Public Key Encryption
Publishing the Key!
Rivest, Shamir, and Adleman (RSA)
Another padlock analogy
Diffie Proposal (1975)
Finally came up with a practical method that met the
proposed specs
Widely used now
Based on factoring (not being able to factor!)
Primes and Factoring
Examples of primes
How to factor into primes
For large numbers it is very hard
CompSci 001
32.7
Public Key Encryption
Going through an RSA example
Breaking the Code
Public key: N, K
Private key: G
Message: M
RSA: C = (M^K)%N
M = (C^G)%N
Remainder operator (modulus) %
o Wrap around property
o Clock or odometer analogy
Follow example in Text . . .
Factoring
Digital Signatures
Using Private Key and Public Key
Replay attack !
Time (analogy: newspaper in hostage picture)
CompSci 001
32.8
Politics of Strong Encryption
These unbreakable* methods called Strong Encryption
Government tried to keep methods from getting out
Encryption classified as a munition
Export restrictions . . .
Anecdotes
PGP – Pretty Good Privacy
*more or less
Is any method perfect?
Zimmerman
Legal challenges
Cat out of the bag
Recent silence from government
Has the NSA cracked it?
CompSci 001
32.9
Other Attacks (buzz words)
Many leave no trace
Password Cracking
IP Spoofing
Saw in Digital Signature discussion
Applies in many situations
(copy of your key made at hardware store)
Man in the Middle
Weakness in TCP/IP; modern code deals with it
Replay Attack
Considered earlier
Typically hardware attack
Denial of Service
CompSci 001
32.10
Whom can you trust?
How to avoid Viruses and Worms
Trapdoors
Free software may have its price
Common Sense
Most infections occur when trying to run unknown
Mail or other communications programs the vector
Consider alternatives
The human factor
Gun to the head method
The Strong Encryption Trap
Forget that password?
Bye – bye (;-(
CompSci 001
32.11