230 likes | 464 Vues
CS 686 Special Topics in CS Privacy and Security. Definition of Security/Privacy. EJ Jung ejung@cs.usfca.edu. Announcements. Course Questionnaire and Consent Form No submission, no grades Service Lab community partners are coming Reading assignment in schedule read “ahead”.
E N D
CS 686 Special Topics in CS Privacy and Security Definition of Security/Privacy EJ Jung ejung@cs.usfca.edu CS 686
Announcements • Course Questionnaire and Consent Form • No submission, no grades • Service Lab community partners are coming • Reading assignment in schedule • read “ahead” CS 686
Course questionnaire results • 20 students • Previous courses • 13 networks, 10 OS, 3 crypto, 1 security • Familiar technology • 13 hash, 10 proxy, 9 SSL/TLS, 9 PKC, 3 TOR, 2 PGP, 1 IPsec, CS 686
Current challenging problems • Conflicting goals: • privacy vs. utility, anonymity vs. authenticity • safety vs. convenience, usability • right to opt-out • happy medium • Hackers • User education and admin education • Data sharing among many parties • Data leak from social networks CS 686
Want to solve • Hacking prevention, Server protection, Data protection • Vulnerability (loophole) analysis and mitigation • Intrusion detection • packet sniffing and monitoring • User education, usability • Malware, e.g. virus, key-loggers, prevention&detection • Identity theft, Phishing prevention/detection • Right to opt-out, Pay for privacy • Anonymity, Finding happy medium between anonymity and authenticity • TOR • Security software development • Secure data sharing among multiple parties, Data tracing CS 686
After this course • Become knowledgeable • Find vulnerabilities • Protect systems and websites • without hurting performance and usability too much • Work as security specialist CS 686
Attacks, Services and Mechanisms Security Attack: Any action that compromises the security of information. Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. CS 686 Henric Johnson 7
Passive attack (1) - Eavesdrop Code talkers CS 686
Passive attack (2) - Analysis • Alexa CS 686
Active attack (1) - impersonation Impostors on Facebook CS 686
Active (2) - replay CS 686
Active (4) - DoS Distributed DoS CS 686
Summary of attacks CS 686 Henric Johnson 14
Security Services Confidentiality (privacy) Authentication (who created or sent the data) Integrity (has not been altered) Non-repudiation (the order is final) Access control (prevent misuse of resources) Availability (permanence, non-erasure) Denial of Service Attacks Virus that deletes files CS 686 Henric Johnson 15
Attack on Authenticity Unauthorized assumption of another’s identity network Authenticity is identification and assurance of origin of information CS 686
Attack on Confidentiality Eavesdropping, packet sniffing, illegal copying network Confidentiality is concealment of information CS 686
Attack on Integrity Intercept messages, tamper, release again network Integrity is prevention of unauthorized changes CS 686
Attack on Availability Overwhelm or crash servers, disrupt infrastructure network Availability is ability to use information or resources desired CS 686
Famous words • Encrypt and decrypt • Plaintext and ciphertext • encrypt plaintext -> ciphertext • decrypt ciphertext -> plaintext • easy example: XOR • Digital signature • as you sign on paper • for non-repudiation and accountability • Session • one conversation/communication unit CS 686
Model for Network Security CS 686
Access Control Model CS 686