1 / 17

CMSC 414 Computer and Network Security Lecture 2

CMSC 414 Computer and Network Security Lecture 2. Jonathan Katz. Administrative items I. No final project Instead, 5 (more difficult) homeworks Work in teams of two students Email TAs if you need a partner All students expected to work on each portion of the homework First homework out.

psingleton
Télécharger la présentation

CMSC 414 Computer and Network Security Lecture 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CMSC 414Computer and Network SecurityLecture 2 Jonathan Katz

  2. Administrative items I • No final project • Instead, 5 (more difficult) homeworks • Work in teams of two students • Email TAs if you need a partner • All students expected to work on each portion of the homework • First homework out

  3. Administrative items II • JCE tutorial: Tuesday at 5:30. Room to be announced.

  4. Everything you wanted to know about cryptography* *But perhaps were afraid to ask…

  5. Caveat • Everything I present will be (relatively) informal • But I will try not to say anything that is an outright lie… • Cryptography is about precise definitions, formal models, and rigorous proofs of security (which we will not cover here) • If you want more details, take CMSC 456!

  6. Attacks • Crypto deals primarily with three goals: • Confidentiality • Integrity (of data) • Authentication (of resources, people, systems) • Other goals also considered • E.g., non-repudiation • E-cash (e.g., double spending) • General secure multi-party computation

  7. Security through obscurity? • Always assume full details of crypto protocols and algorithms are public • Only secret information is a key • “Security through obscurity” is a bad idea…

  8. Private- vs. public-key • For many security goals, there are two types of cryptographic algorithms • Private-key / shared-key / symmetric-key / secret-key • Public-key

  9. Private-key cryptography • The parties communicating share a completely random and secret key • Main point: key is not known to an attacker • This key must be shared (somehow) before they communicate • All “classical” cryptosystems are private-key based • Can also be used for secure storage

  10. Private-key cryptography • For confidentiality: • Private-key (symmetric-key) encryption • For data integrity: • Message authentication codes • (sometimes called cryptographic checksums)

  11. Public-key cryptography • One party (Alice) generates both a public key and a private key (or secret key) • The public key is published; the private key is kept secret • An attacker knows the public key! • The other communicating party (Bob) need not have any key of his own; knows Alice’s key • Techniques for this first developed in the 70’s

  12. Public-key cryptography • For confidentiality: • Public-key encryption • For data integrity: • Digital signatures

  13. To review… • Confidentiality: • Private-key encryption (schemes) • Public-key encryption (schemes) • Integrity: • Message authentication (codes) • Digital signature (schemes) • We will discuss authentication later

  14. Private- vs. public-key I • Disadvantages of private-key • Need to securely share a key • If you can share a key securely, why not just share the message itself? • What if not possible? • Need to know with whom you wish to communicate in advance! • O(n2) keys needed for point-to-point channels in an n-party network

  15. Private- vs. public-key II • Why study private-key at all? • Private-key is much more efficient (3 orders of magnitude) • Public-key crypto is “harder” to get right • Needs stronger assumptions, more math • Can combine private-key with public-key to get the best of both worlds (for encryption)

  16. Private- vs. public-key III • More disadvantages of public-key crypto • Public-key crypto still requires secure distribution and binding of public keys (PKI) • May (sometimes) be just as hard as sharing a key • Not clear with whom you are communicating (for public-key encryption)

  17. In more detail… • Alice and Bob share a key K • Must be shared securely • Must be completely random • Must be kept completely secret from attacker • We don’t discuss (for now) how they do this • Plaintext - encryption - ciphertext - decryption • Decryption must recover the message! • We have not yet said anything about security…

More Related