Introduction to Data Security and Cryptography Slides

introduction to data security cryptography n.w
1 / 23
Embed
Share

Explore the concepts of data security and cryptography through slides featuring characters like Alice, Bob, and Trudy. Learn about security goals like CIA (Confidentiality, Integrity, Availability) and the application of cryptography for confidentiality and integrity in scenarios like online banking. Delve into the importance of authentication protocols and the challenges of password security.

  • Data Security
  • Cryptography
  • Confidentiality
  • Integrity
  • Authentication
rayaanacharya
ish_dep Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Introduction to Data Security & Cryptography Slides Original Source: 1. M. Stamp, Information Security: Principles and Practice, John Wiley 2. B. Forouzan, Cryptography and Network Security, McGraw-Hill Introduction 1

  2. The Cast of Characters Alice and Bob are the good guys Trudy is the bad guy Trudy is our generic intruder 2

  3. Alices Online Bank Alice opens Alice s Online Bank (AOB) What are Alice s security concerns? If Bob is a customer of AOB, what are his security concerns? How are Alice s and Bob s concerns similar? How are they different? How does Trudy view the situation? Introduction 3

  4. Security Goals CIA CIA == Confidentiality, Integrity, and _____Availability 4

  5. CIA Confidentiality AOB must prevent Trudy from learning Bob s account balance Confidentiality: prevent unauthorized reading of information o Cryptography used for confidentiality 5

  6. CIA Integrity Trudy must not be able to change Bob s account balance Bob must not be able to improperly change his own account balance Integrity: detect unauthorized writing of information o Cryptography used for integrity 6

  7. CIA Availability AOB s information must be available whenever it s needed Bob must be able to make transaction o If not, he ll take his business elsewhere Availability: Data is available in a timely manner when needed Availability is a new security concern o Denial of service (DoS) attacks Introduction 7

  8. Beyond CIA: Crypto How does Bob s computer know that Bob is really Bob and not Trudy? Bob s password must be verified o This requires some clever cryptography What are security concerns of pwds? Are there alternatives to passwords? Introduction 8

  9. Beyond CIA: Protocols When Bob logs into AOB, how does AOB know that Bob is really Bob? As before, Bob s password is verified Unlike the previous case, network security issues arise How do we secure network transactions? o Protocols are critically important o Crypto plays critical role in protocols Introduction 9

  10. Beyond CIA: Access Control Once Bob is authenticated by AOB, then AOB must restrict actions of Bob o Bob can t view Charlie s account info o Bob can t install new software, etc. Enforcing these restrictions: authorization Access control includes both authentication and authorization 10

  11. The People Problem People often break security o Both intentionally and unintentionally o Here, we consider the unintentional For example, suppose you want to buy something online o To make it concrete, suppose you want to buy a book from amazon.com Introduction 11

  12. The People Problem To buy from amazon.com o Your Web browser uses SSL protocol o SSL relies on cryptography o Access control issues arise o All security mechanisms are in software Suppose all of this security stuff works perfectly o Then you would be safe, right? Introduction 12

  13. The People Problem What could go wrong? Trudy tries man-in-the-middle attack o SSL is secure, so attack doesn t work o But, Web browser issues a warning o What do you, the user, do? If user ignores warning, attack works! o None of the security mechanisms failed o But user unintentionally broke security Introduction 13

  14. Think Like Trudy In the past, no respectable sources talked about hacking in detail o After all, such info might help Trudy Recently, this has changed o Lots of books on network hacking, evil software, how to hack software, etc. o Classes teach virus writing, SRE, etc. Introduction 14

  15. Think Like Trudy Good guys must think like bad guys! A police detective o must study and understand criminals In information security o We want to understand Trudy s methods o Might think about Trudy s motives o We ll often pretend to be Trudy Introduction 15

  16. Think Like Trudy We must try to think like Trudy We must study Trudy s methods We can admire Trudy s cleverness Often, we can t help but laugh at Alice s and/or Bob s stupidity But, we cannot act like Trudy o Except in this class Introduction 16

  17. In This Course Think like the bad guy Always look for weaknesses o Find the weak link before Trudy does It s OK to break the rules o What rules? Think like Trudy But don t do anything illegal! Introduction 17

  18. Attacks Introduction 18

  19. Attacks (Contd.) Cryptography is the main tool to combat attacks that target Confidentiality Integrity So, what s cryptography? Introduction 19

  20. Security Jargons Cryptology The art and science of making and breaking secretcodes Cryptography making secretcodes Cryptanalysis breaking secretcodes Crypto all of the above (and more) 20

  21. How to Speak Crypto A cipher or cryptosystem is used to encrypt the plaintext The result of encryption is ciphertext We decrypt ciphertext to recover plaintext A key is used to configure a cryptosystem A symmetric key cryptosystem uses the same key to encrypt as to decrypt Key must be kept secret! A public key cryptosystem uses a public key to encrypt and a private key to decrypt Both keys must be kept secret? 21

  22. Crypto as Black Box key2 key1 encrypt plaintext plaintext decrypt ciphertext Crypto Keys Symmetric Key Public Key key1 = key2 key1 key2 22

  23. Crypto Basic assumptions o The system is completely known to the attacker o Only the key is secret (and, obviously, the plaintext!) o Crypto algorithms are not secret! This is known as Kerckhoffs Principle Why do we make these assumptions? o Experience has shown that secret algorithms are weak when exposed o Secret algorithms never remain secret o Better to find weaknesses beforehand 23

Related


No related presentations.

More Related Content