CYBER SECURITY MADE SIMPLE

Size: px
Start display at page:

Download "CYBER SECURITY MADE SIMPLE"

Transcription

1 CYBER SECURITY MADE SIMPLE Author: Christopher Gorog Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published Author, Board of Advisors for Cyber Institute of the National Cybersecurity Center, Board of Directors for Cyber Resilience Institute, Host of New Cyber Frontier, and PhD Candidate at UCCS

2 CYBERSECURITY AND SECURITY Security - the state of being protected or safe from harm (merriam-webster.com) Cybersecurity - measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack (merriamwebster.com) Where do we start? Keeping the good guys in line Keeping the bad guys out Preventative security Strengthening defenses Reactive security Blocking attacks

3 INFORMATION SECURITY AND DESIGN SECURITY BASICS Information Security C.I.A. acronym Confidentiality and Integrity are properties of data Availability changes due to dynamic nature of technology For Cyber Physical Designs Additive Property of Reduced Availability 98% Uptime = 2% down time Dependency of 5 components (each 98% uptime) = ~1% downtime Availability = Constant = 1% Design Security P.A.I.N. acronym Privacy Protecting interfaces and data so only authorized actors have access to them Authentication Verify a actors before are trusted to utilize systems and data Integrity Prove that a configurations and/or data has not changed Non-repudiation Prove an action was taken by another actor such that the action cannot be denied

4 COMPUTER DATA BASICS How does a computer understand data? Computers process digital bits Switches which are off or on Translate computer numbers to human readable numbers How do people make sense of data? Grouping pre-set amounts of data together Simplest is called a Byte (8 Bits) Storage is measured in terms of bytes A Megabytes is 1 Million bytes Set length vs. variable length

5 SWITCHES OFF OFF OFF OFF OFF

6 SWITCHES OFF ON PATTERN OFF Groups of ones and zeros can represent a binary number OFF ON 1 OFF OFF ON 1

7 TRANSLATING COMPUTER NUMBERS TO HUMAN

8 BYTE SET LENGTH DATA Set length One Byte = 8 bits Digital is always in multiples of two Cannot count in base ten Count in Hexadecimal Set length for standard computer operations know how much data to use

9 BYTE Byte is smallest set length data Counting is done in Hexadecimal 16 combinations Represented F After 16 combinations caries to next place After F is 1 All ones FF 256 combinations with two digits 65,536 combinations with 4 digits = = 1 2 = 3 = 4 = 5 = 6 = 7 = 8 = 9 A = B = C = D E F = = FF

10 VARIABLE LENGTH DATA Header Byte Byte Byte Byte Footer Byte Array [4] = [ 4][1A][EF][73] Header and footer tells what is in-between Tells what type and how many Computer has to read contents before operating Human functions use data in variable lengths Programs tell computer how to use the data Any type of data can be in variable lengths

11 HOW PEOPLE UNDERSTAND COMPUTER DATA? Characters & symbols (Hexadecimal) ASCII English U.S. standard (1 byte) Unicode Worldwide characters (2 bytes) Commands Instructions for computer Files storage Memory, media, cloud Human content and files people create Separate data into recognizable pieces Headers and footers Tell information about the contents Who owns the content Content type or how to handle Security requirements

12 ASCII AMERICAN STANDARD CODE FOR INFORMATION INTERCHANGE

13 UNICODE TABLE

14 COMMANDS Strings of characters recognized by computer Perform actions or run processes Trace route computer command example

15 COMPUTER NETWORKING BASICS Communication between systems Data is broken up into small pieces to send called Packets Each packet has headers and footers Gives destination and handling instructions Data is reassembled when received Negotiation between sender and receiver Verified completeness Request resend if needed Transporting Data content Packets and Routing Changing path networks Important Security Concepts

16 IMPORTANT CONCEPTS FOR CYBER SECURITY STRUCTURED VS. DYNAMIC DETERMINISTIC VS. NON-DETERMINISTIC SYNCHRONOUS VS. ASYNCHRONOUS Structured transport - - Set size content - - Set path - - Predictable timing Dynamic transport -Variable size content -Variable path -Variable timing

17 BASIC CYBER SECURITY OPERATIONS 1. Identifying data 2. Hiding data in plain sight 3. Creating unique signatures 4. Verifying the people or machines 5. Safe data storage and transmission 6. Tracking and verifying actions 7. Distributing trust worldwide All products and applications in cyber security implement combinations of these basic cyber security operations

18 IDENTIFYING DATA Unique Identification Fingerprints uniquely identify people Data can also have a unique fingerprint What are files made of? Files are composed of numbers Computers understand them by formatting into patterns Since they are numbers all files can have mathematical operations done on them

19 IDENTIFYING DATA Hash Algorithms Mathematic equation Inputs any length of data Acts as a number crunching machine Outputs a set-length series of bits Each bit change on the input changes output drastically A given input produces same output every time What does this give you? Create Identity for data Then verify the same data later Data fingerprint is a number Output in Hexadecimal Example { A1 2E F F. } Hash algorithms are identified by the size of the string of bits they output SHA 1 (16 bit output) SHA 256 (256 bit output)

20 HASH DEMO Hash Demo

21 HIDING DATA IN PLAIN SIGHT XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Encryption algorithm Mathematical equation Input numbers (files) Input key Uses a process which includes the key to scramble the output Encrypts entire file in blocks Process is reversible to decrypt Algorithm is public Algorithm strength is based on length of the key What does encrypted text look like? Example Apple Computer C F 6D Encrypted it may look like 71 FA 39 7C D 32 8F 9 A7 55 FC 31 qú9! 2 Uü1

22 HIDING DATA IN PLAIN SIGHT Read XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Symmetric (exhibiting symmetry) encryption Encrypt data (use a read/write key) Decrypt using the same key One key shared by everyone that encrypts or decrypts Less complicated math allows rapid operation

23 HIDING DATA IN PLAIN SIGHT Read XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Decrypt using the same key One key shared by everyone that encrypts or decrypts Less complicated math allows rapid operation Challenges include key exchange and key management

24 HIDING DATA IN PLAIN SIGHT Asymmetric (Having no balance or symmetry) encryption Encrypt data with a key

25 HIDING DATA IN PLAIN SIGHT Read Asymmetric (Having no balance or symmetry) encryption Decrypt using a different Read key

26 HIDING DATA IN PLAIN SIGHT Read Read Asymmetric (Having no balance or symmetry) encryption Encrypt data with a key Decrypt using a different Read key Keys managed to keep read key Private Everyone can have key (make it public) Asymmetric algorithms have complicated math Time of operations varies and is unpredictable Usually just key exchanges are Asymmetric

27 CREATING UNIQUE SIGNATURES Read Creating signatures uses combination of last two operations Hash algorithm to create a fingerprint Asymmetric encrypt the fingerprint with Key Create an unchangeable signature

28 CREATING UNIQUE SIGNATURES Read Read Read Read Keys are managed differently Keep key private (Private signing key) Everyone can have Read key (make it public) Anyone can use Read key to decrypt What have you produced? Nobody can change the signature without your private key They verify you signed it if they can decrypt with your Read key They can reproduce the fingerprint to verify the data has not changed

29 VERIFYING THE PEOPLE OR MACHINES THAT MAKE CHANGES TO DATA Authentication Verifying something you know and/or something you have You know a password and/or you have a key Ultimately their must be an accountable person to be trusted Someone issued an authorized person keys Someone issued a person a drivers license or credit card The base trust requires accountability, someone with something to loose. Once initial trust is set up Authentication is done each on some reoccurring basis to verify the continuation of that trust Transferred trust to a computer machine Trust the user accessing the machine Trust for the manufacturer of the machine Trust for the software on the machine Authentication of a machine is only as reliable as the person which can be proven to be responsible for the machine and thus can be held accountable

30 VERIFYING THE PEOPLE OR MACHINES Do they match Password = Memory Authentication knowledge should not be stored on machine being accessed or the network you log into Use Hash or encryption operation and match output Produce Fingerprint from password Retrieve saved fingerprint What does this give you? The machine or system does not have a copy of your password With a strong password they could spend more than a lifetime trying to match the Algorithm output How easy is it to produce a match determines the strength of your password Attackers try to guess password and not to break the Hash 128 Bit (2 128 ) approximately the number of atoms in the Sun 256 Bit (2 256 ) approximately the number of atoms in the known universe

31 SAFE DATA STORAGE AND TRANSMISSION Similar needs for storage and transmitting data Data is moved somewhere and at either another time or in another location it is accessed again Security has to answer questions about what happens between those times and/or locations Did someone see it that was not allowed to? Did an error in the system change something? Did someone change it? Did someone intercept and alter the content? Did intended recipient get the data and not someone pretending to be? Storing and Transmitting safely uses a combinations of previous operations Scrambling communications (Encryption) Data Integrity Monitoring - checks for changes

32 SETTING UP SECURE SESSIONS RN2 2 Setting up a communication session starts with exchanging keys Asymmetric encryption used for key exchange Simplified exchange process Both ends of communication exchange public keys Remember these are different pairs of keys for each computer The message is decrypted on both ends using each systems Read keys and Once again these Read keys are different on each system Finally the two exchanged portion which were exchanged are put together

33 SETTING UP SECURE SESSIONS 1 RN RN2 1 RN2 Each end generates a random number Encrypts it and sends to other Both sides will have the others random input without anyone being able to see it during transit

34 SETTING UP SECURE SESSIONS RN1 2 RN1 2 RN1 Each end generates a random number Encrypts it and sends to other Both sides will have the others random input without anyone being able to see it during transit

35 SETTING UP SECURE SESSIONS RN2 1 2 Read Private Read Key Encryption Key RN2 + RN1 = Read The message is decrypted on both ends using each systems Read key Once again these Read keys are different on each system Finally the locally created and exchanged random numbers are put together

36 SETTING UP SECURE SESSIONS 1 2 RN1 Encryption Key Private Read Key Read Read = RN2 + RN1 Both sides already have the random number they generated This side also decrypts the others random using its private Read key Once again these Read keys are different on each system The combination of both sides now becomes the total key which was exchanged without anyone being able to see it during transit.

37 SETTING UP SECURE SESSIONS 1 2 Encrypt Read Read Data Data Scrambling data while in transit or storage The Encryption (Read/) Key is used on both ends Data in is scrambled before sending (Encrypted)

38 SETTING UP SECURE SESSIONS Read 1 2 Encrypted Data Read Data On the wire or in storage it is not readable Both Side have the capability of encrypting or decrypting Shared keys can be placed in more then two location or systems

39 SETTING UP SECURE SESSIONS 1 2 Read Read Data Decrypt Data When it is received it is unscrambled (Decrypted) Data can be stored for indefinitely and then decrypted as long as the key is stored safely

40 Read VERIFYING INTEGRITY IN SESSIONS, OR WHILE STORED Do they match = Setting up to perform integrity verification Create a fingerprint of data before storage or transmission Create signatures to accompany files or data Store or transmit data content as needed for operations When retrieved from memory or after transmission re-hash data Use Read key included in certificate to decrypt certificate fingerprint Verify the original Fingerprint matches the re-created one A match proves the data's integrity

41 TRACKING AND VERIFYING ACTIONS Many Transactions Stored in Database Signing a computer transaction Digital information is comprised of numbers Current User and Computer Information about the action Time action took place Put information together to build a transaction signature Signatures of events can be verified later Use and event logging Each action and/or Signature can be logged Verifying transactions later tell us, who, when, where and on which systems performed the actions.

42 TRACKING AND VERIFYING ACTIONS Linking the people, systems, actions, and the times they take place together Security operations makes it possible to mathematically verify any computer generated content As long the person or system holding the private key has not been compromised Signing the fingerprint provides a certifiable record of that exact data combination. Actions are non-reputable, and can prove that they were performed Credit card transaction Banking transfer User information changes Access or updating confidential material Log files store transactions Elevated access logging -Log any time users log in with higher then normal access The dilemma is always how do you track and watch the watchers

43 DISTRIBUTING TRUST WORLDWIDE Monetary Transactions Integrity of communications Supply Chain Tracking Accountability of Ownership Digital Rights Managements Allowed Software Profiles Individualized Privacy and Permission Verifiable Audit Records Immutable Accountability of Actions Distributed Access to Single Data Storage Location Immutable proof of origin Risk becomes deterministic and quantifiable Verifiable Quality Comparisons

44 BLOCKCHAIN DEMO Block Chain Demo

45 COMBINATIONS OF BASIC CYBER SECURITY OPERATIONS 1. Identifying data 2. Hiding data in plain sight 3. Creating unique signatures 4. Verifying the people or machines 5. Safe data storage and transmission 6. Tracking and verifying actions 7. Distributing Trust Worldwide What are the most sensitive components of data we need to protect?

46 TAKING PRECAUTIONS HANDLING THE MOST SENSITIVE MATERIAL What is the most sensitive digital material? What are most cybersecurity operation we looked at based on? Storage and handling of Keys Relatively small pieces of data The better quality of the key the more random its bits But this makes them different then other files Files have patterns with headers & footers Focus of a strong digital security is making processes and designs which protect these keys

47 CYBER SECURITY MADE SIMPLE Author: Christopher Gorog Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published Author, Board of Advisors for Cyber Institute of the National Cybersecurity Center, Board of Directors for Cyber Resilience Institute, Host of New Cyber Frontier, and PhD Candidate at UCCS

Introduction to Cryptography in Blockchain Technology. December 23, 2018

Introduction to Cryptography in Blockchain Technology. December 23, 2018 Introduction to Cryptography in Blockchain Technology December 23, 2018 What is cryptography? The practice of developing protocols that prevent third parties from viewing private data. Modern cryptography

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

Most Common Security Threats (cont.)

Most Common Security Threats (cont.) Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?

More information

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4 IJSRD - International Journal for Scientific Research & Development Vol. 2, Issue 08, 2014 ISSN (online): 2321-0613 A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam

More information

Network Security and Cryptography. 2 September Marking Scheme

Network Security and Cryptography. 2 September Marking Scheme Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,

More information

Pretty Good Privacy (PGP

Pretty Good Privacy (PGP PGP - S/MIME - Internet Firewalls for Trusted System: Roles of Firewalls Firewall related terminology- Types of Firewalls - Firewall designs - SET for E-Commerce Transactions. Pretty Good Privacy (PGP

More information

CS 425 / ECE 428 Distributed Systems Fall 2017

CS 425 / ECE 428 Distributed Systems Fall 2017 CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your

More information

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a

More information

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the

More information

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any

More information

Security in ECE Systems

Security in ECE Systems Lecture 11 Information Security ECE 197SA Systems Appreciation Security in ECE Systems Information security Information can be very valuable Secure communication important to protect information Today

More information

Cryptography (Overview)

Cryptography (Overview) Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography

More information

(2½ hours) Total Marks: 75

(2½ hours) Total Marks: 75 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

More information

How Secured2 Uses Beyond Encryption Security to Protect Your Data

How Secured2 Uses Beyond Encryption Security to Protect Your Data Secured2 Beyond Encryption How Secured2 Uses Beyond Encryption Security to Protect Your Data Secured2 Beyond Encryption Whitepaper Document Date: 06.21.2017 Document Classification: Website Location: Document

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives

More information

Computers and Security

Computers and Security The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright

More information

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two

More information

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1 IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service

More information

Cryptographic Concepts

Cryptographic Concepts Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general

More information

Authentication. Chapter 2

Authentication. Chapter 2 Authentication Chapter 2 Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication

More information

Lesson 13 Securing Web Services (WS-Security, SAML)

Lesson 13 Securing Web Services (WS-Security, SAML) Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element

More information

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability

More information

BS801E-BSCS. Cryptography

BS801E-BSCS. Cryptography Jay-Ar Baliguat BS801E-BSCS Ms.Myrlen Maria Antoni Cryptography Cryptography can be defined as the conversion of data into a scrambled code that can be deciphered and sent across a public or private network.

More information

Public-key Cryptography: Theory and Practice

Public-key Cryptography: Theory and Practice Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of

More information

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by

More information

NETWORK SECURITY & CRYPTOGRAPHY

NETWORK SECURITY & CRYPTOGRAPHY Assignment for IT Applications in Management Project On NETWORK SECURITY & CRYPTOGRAPHY Course Instructor Submitted By: Mr. ANIL KUMAR ROHIT BARVE 2013240 Section E PGDM 2013-15 Table of Contents Chapter

More information

Service Managed Gateway TM. Configuring IPSec VPN

Service Managed Gateway TM. Configuring IPSec VPN Service Managed Gateway TM Configuring IPSec VPN Issue 1.2 Date 12 November 2010 1: Introduction 1 Introduction... 3 1.1 What is a VPN?... 3 1.2 The benefits of an Internet-based VPN... 3 1.3 Tunnelling

More information

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Distributed Systems. Lecture 14: Security. Distributed Systems 1 06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication

More information

Distributed Systems. Lecture 14: Security. 5 March,

Distributed Systems. Lecture 14: Security. 5 March, 06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

20-CS Cyber Defense Overview Fall, Network Basics

20-CS Cyber Defense Overview Fall, Network Basics 20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter

More information

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard

More information

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security 1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of

More information

Authentication CHAPTER 17

Authentication CHAPTER 17 Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance

More information

Linux Network Administration

Linux Network Administration Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH

More information

Security. Communication security. System Security

Security. Communication security. System Security Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security

More information

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM 109 CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM Security is considered to be the most critical factor in many applications. The main issues of such

More information

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems

More information

WHITE PAPER. Authentication and Encryption Design

WHITE PAPER. Authentication and Encryption Design WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption

More information

2.1 Basic Cryptography Concepts

2.1 Basic Cryptography Concepts ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts

More information

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS

More information

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved.  Worldwide Education Services Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will

More information

CS 161 Computer Security

CS 161 Computer Security Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be

More information

Digital Certificates Demystified

Digital Certificates Demystified Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Transparent Multi-Factor Authentication June 2015 910 E HAMILTON AVENUE. SUITE 430. CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview...

More information

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) -- PGP services -- PGP key management (c) Levente Buttyán (buttyan@crysys.hu) What is PGP? general purpose application to protect (encrypt and/or sign) files can be used to protect

More information

WHITE PAPER. Secure communication. - Security functions of i-pro system s

WHITE PAPER. Secure communication. - Security functions of i-pro system s WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro

More information

Wireless Attacks and Countermeasures

Wireless Attacks and Countermeasures Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections

More information

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.

More information

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key? ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should

More information

UNIT - IV Cryptographic Hash Function 31.1

UNIT - IV Cryptographic Hash Function 31.1 UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service

More information

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions

More information

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy

More information

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The

More information

Network Security and Cryptography. December Sample Exam Marking Scheme

Network Security and Cryptography. December Sample Exam Marking Scheme Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers

More information

SMart esolutions Information Security

SMart esolutions Information Security Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart

More information

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification

More information

Wireless LAN Security. Gabriel Clothier

Wireless LAN Security. Gabriel Clothier Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

More information

Systems Analysis and Design in a Changing World, Fourth Edition

Systems Analysis and Design in a Changing World, Fourth Edition Systems Analysis and Design in a Changing World, Fourth Edition Learning Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements

More information

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros

More information

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against: Message authentication and secure hashing Why message authentication To prevent against: Masquerade/impersonation Modification of message content Modification of message sequence Acceptance of replayed/delayed

More information

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper

More information

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment. CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How

More information

HOST Authentication Overview ECE 525

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure

More information

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,

More information

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions

More information

Authenticating on a Ham Internet

Authenticating on a Ham Internet Authenticating on a Ham Internet The FCC regulations for amateur radio, part 97, rule that encryption cannot be used to obscure the meaning of communications. Many read the rules and assume that there

More information

Viability of Cryptography FINAL PROJECT

Viability of Cryptography FINAL PROJECT Viability of Cryptography FINAL PROJECT Name: Student Number: 0151677 Course Name: SFWR ENG 4C03 Date: April 5, 2005 Submitted To: Kartik Krishnan Overview: The simplest definition of cryptography is The

More information

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing Outline CSCI 454/554 Computer and Network Security Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues Topic 2. Introduction to Cryptography 2 Cryptography Basic Concepts

More information

18-642: Cryptography 11/15/ Philip Koopman

18-642: Cryptography 11/15/ Philip Koopman 18-642: Cryptography 11/15/2017 Cryptography Overview Anti-Patterns for Cryptography Using a home-made cryptographic algorithm Using private key when public key is required Not considering key distribution

More information

Outline Key Management CS 239 Computer Security February 9, 2004

Outline Key Management CS 239 Computer Security February 9, 2004 Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your

More information

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture

More information

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and

More information

Authentication & Authorization

Authentication & Authorization Authentication & Authorization Anuj Gupta 1, 1 M.Tech Scholar, Department of C.F.I.S, G.I.T.A.M, Kablana, Jhajjar Ashish Kumar Sharma 2 2 Assistant Professor, Department of C.F.I.S & C.S.E, G.I.T.A.M,

More information

BreezeACCESS VL Security

BreezeACCESS VL Security BreezeACCESS VL Security Technical Paper Alvarion Ltd. All rights reserved. The material contained herein is proprietary. No part of this publication may be reproduced in any form without the express written

More information

CRYPTOGRAPHY. BY, Ayesha Farhin

CRYPTOGRAPHY. BY, Ayesha Farhin CRYPTOGRAPHY BY, Ayesha Farhin Overview Introduction Types Advantages n Disadvantages Future Developments Bibliography Introduction Cryptography considered as a branch of both mathematics and computer

More information

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another

More information

2/24/2018. Computer Security CS433 Luai E. Hasnawi, PhD

2/24/2018. Computer Security CS433 Luai E. Hasnawi, PhD Computer Security CS433 Luai E. Hasnawi, PhD lhasnawi@taibahu.edu.sa Bits (or characters) in a file are independent from each other. These elements has no binding. If one element is changed, it can go

More information

CS 111. Operating Systems Peter Reiher

CS 111. Operating Systems Peter Reiher Operating System Principles: Distributed Systems Operating Systems Peter Reiher Page 1 Outline Introduction Distributed system paradigms Remote procedure calls Distributed synchronization and consensus

More information

A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography

A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography Ashok Kumar J 1, and Gopinath Ganapathy 2 1,2 School of Computer Science, Engineering and Applications

More information

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction ECE646 Fall 2012 Lab 1: Pretty Good Privacy Instruction PLEASE READ THE FOLLOWING INSTRUCTIONS CAREFULLY: 1. You are expected to address all questions listed in this document in your final report. 2. All

More information

BlackBerry Enterprise Solution Security

BlackBerry Enterprise Solution Security Release 4.1 Technical Overview 2006 Research In Motion Limited. All rights reserved. Contents Wireless security... 4 BlackBerry Enterprise Solution security... 4 New security features...6 BlackBerry encryption

More information

Ralph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development

Ralph Durkee Independent Consultant  Security Consulting, Security Training, Systems Administration, and Software Development Ralph Durkee Independent Consultant www.rd1.net Security Consulting, Security Training, Systems Administration, and Software Development PGP and GnuPG Rochester OWASP Agenda: Generic Public Key Encryption

More information

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols

More information

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

key distribution requirements for public key algorithms asymmetric (or public) key algorithms topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems

More information

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content

More information

e-commerce Study Guide Test 2. Security Chapter 10

e-commerce Study Guide Test 2. Security Chapter 10 e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the

More information

Network Security Issues and Cryptography

Network Security Issues and Cryptography Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi

More information

Security Handshake Pitfalls

Security Handshake Pitfalls Hello Challenge R f(k, R f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone

More information

Security PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India

Security PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India Email Security PGP / Pretty Good Privacy SANOGXXX 10-18 July, 2017 Gurgaon, Haryana, India Issue Date: [31-12-2015] Revision: [V.1] Security issues for E-mail Confidentiality Network admin can read your

More information

1.264 Lecture 28. Cryptography: Asymmetric keys

1.264 Lecture 28. Cryptography: Asymmetric keys 1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver

More information

WAVE: A decentralised authorization system for IoT via blockchain smart contracts

WAVE: A decentralised authorization system for IoT via blockchain smart contracts WAVE: A decentralised authorization system for IoT via blockchain smart contracts Michael P Andersen, John Kolb, Kaifei Chen, Gabe Fierro, David E. Culler, Raluca Ada Popa The problem Authorization mechanisms

More information

Internet Architecture

Internet Architecture Internet Architecture Lecture 10: How Email Work Assistant Teacher Samraa Adnan Al-Asadi 1 How Email Works Electronic mail, or email, might be the most heavily used feature of the Internet. You can use

More information

Introduction Classical Confidentiality Modern Confidentiality Integrity Authentication

Introduction Classical Confidentiality Modern Confidentiality Integrity Authentication Cryptography Introduction Classical Confidentiality Modern Confidentiality Integrity Authentication Introduction Cryptography in the Real World Cryptography is the process of writing or reading secret

More information

The Match On Card Technology

The Match On Card Technology Precise Biometrics White Paper The Match On Card Technology Magnus Pettersson Precise Biometrics AB, Dag Hammarskjölds väg 2, SE 224 67 Lund, Sweden 22nd August 2001 Abstract To make biometric verification

More information

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from

More information

14. Internet Security (J. Kurose)

14. Internet Security (J. Kurose) 14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:

More information

SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9

SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9 SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9 Schweitzer Engineering Laboratories, Inc. May 21, 2007 Copyright 2005-2007 Schweitzer Engineering Laboratories, Inc. May be reproduced

More information

PKI Credentialing Handbook

PKI Credentialing Handbook PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key

More information