CYBER SECURITY MADE SIMPLE
|
|
- Annis Jefferson
- 6 years ago
- Views:
Transcription
1 CYBER SECURITY MADE SIMPLE Author: Christopher Gorog Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published Author, Board of Advisors for Cyber Institute of the National Cybersecurity Center, Board of Directors for Cyber Resilience Institute, Host of New Cyber Frontier, and PhD Candidate at UCCS
2 CYBERSECURITY AND SECURITY Security - the state of being protected or safe from harm (merriam-webster.com) Cybersecurity - measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack (merriamwebster.com) Where do we start? Keeping the good guys in line Keeping the bad guys out Preventative security Strengthening defenses Reactive security Blocking attacks
3 INFORMATION SECURITY AND DESIGN SECURITY BASICS Information Security C.I.A. acronym Confidentiality and Integrity are properties of data Availability changes due to dynamic nature of technology For Cyber Physical Designs Additive Property of Reduced Availability 98% Uptime = 2% down time Dependency of 5 components (each 98% uptime) = ~1% downtime Availability = Constant = 1% Design Security P.A.I.N. acronym Privacy Protecting interfaces and data so only authorized actors have access to them Authentication Verify a actors before are trusted to utilize systems and data Integrity Prove that a configurations and/or data has not changed Non-repudiation Prove an action was taken by another actor such that the action cannot be denied
4 COMPUTER DATA BASICS How does a computer understand data? Computers process digital bits Switches which are off or on Translate computer numbers to human readable numbers How do people make sense of data? Grouping pre-set amounts of data together Simplest is called a Byte (8 Bits) Storage is measured in terms of bytes A Megabytes is 1 Million bytes Set length vs. variable length
5 SWITCHES OFF OFF OFF OFF OFF
6 SWITCHES OFF ON PATTERN OFF Groups of ones and zeros can represent a binary number OFF ON 1 OFF OFF ON 1
7 TRANSLATING COMPUTER NUMBERS TO HUMAN
8 BYTE SET LENGTH DATA Set length One Byte = 8 bits Digital is always in multiples of two Cannot count in base ten Count in Hexadecimal Set length for standard computer operations know how much data to use
9 BYTE Byte is smallest set length data Counting is done in Hexadecimal 16 combinations Represented F After 16 combinations caries to next place After F is 1 All ones FF 256 combinations with two digits 65,536 combinations with 4 digits = = 1 2 = 3 = 4 = 5 = 6 = 7 = 8 = 9 A = B = C = D E F = = FF
10 VARIABLE LENGTH DATA Header Byte Byte Byte Byte Footer Byte Array [4] = [ 4][1A][EF][73] Header and footer tells what is in-between Tells what type and how many Computer has to read contents before operating Human functions use data in variable lengths Programs tell computer how to use the data Any type of data can be in variable lengths
11 HOW PEOPLE UNDERSTAND COMPUTER DATA? Characters & symbols (Hexadecimal) ASCII English U.S. standard (1 byte) Unicode Worldwide characters (2 bytes) Commands Instructions for computer Files storage Memory, media, cloud Human content and files people create Separate data into recognizable pieces Headers and footers Tell information about the contents Who owns the content Content type or how to handle Security requirements
12 ASCII AMERICAN STANDARD CODE FOR INFORMATION INTERCHANGE
13 UNICODE TABLE
14 COMMANDS Strings of characters recognized by computer Perform actions or run processes Trace route computer command example
15 COMPUTER NETWORKING BASICS Communication between systems Data is broken up into small pieces to send called Packets Each packet has headers and footers Gives destination and handling instructions Data is reassembled when received Negotiation between sender and receiver Verified completeness Request resend if needed Transporting Data content Packets and Routing Changing path networks Important Security Concepts
16 IMPORTANT CONCEPTS FOR CYBER SECURITY STRUCTURED VS. DYNAMIC DETERMINISTIC VS. NON-DETERMINISTIC SYNCHRONOUS VS. ASYNCHRONOUS Structured transport - - Set size content - - Set path - - Predictable timing Dynamic transport -Variable size content -Variable path -Variable timing
17 BASIC CYBER SECURITY OPERATIONS 1. Identifying data 2. Hiding data in plain sight 3. Creating unique signatures 4. Verifying the people or machines 5. Safe data storage and transmission 6. Tracking and verifying actions 7. Distributing trust worldwide All products and applications in cyber security implement combinations of these basic cyber security operations
18 IDENTIFYING DATA Unique Identification Fingerprints uniquely identify people Data can also have a unique fingerprint What are files made of? Files are composed of numbers Computers understand them by formatting into patterns Since they are numbers all files can have mathematical operations done on them
19 IDENTIFYING DATA Hash Algorithms Mathematic equation Inputs any length of data Acts as a number crunching machine Outputs a set-length series of bits Each bit change on the input changes output drastically A given input produces same output every time What does this give you? Create Identity for data Then verify the same data later Data fingerprint is a number Output in Hexadecimal Example { A1 2E F F. } Hash algorithms are identified by the size of the string of bits they output SHA 1 (16 bit output) SHA 256 (256 bit output)
20 HASH DEMO Hash Demo
21 HIDING DATA IN PLAIN SIGHT XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Encryption algorithm Mathematical equation Input numbers (files) Input key Uses a process which includes the key to scramble the output Encrypts entire file in blocks Process is reversible to decrypt Algorithm is public Algorithm strength is based on length of the key What does encrypted text look like? Example Apple Computer C F 6D Encrypted it may look like 71 FA 39 7C D 32 8F 9 A7 55 FC 31 qú9! 2 Uü1
22 HIDING DATA IN PLAIN SIGHT Read XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Symmetric (exhibiting symmetry) encryption Encrypt data (use a read/write key) Decrypt using the same key One key shared by everyone that encrypts or decrypts Less complicated math allows rapid operation
23 HIDING DATA IN PLAIN SIGHT Read XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Decrypt using the same key One key shared by everyone that encrypts or decrypts Less complicated math allows rapid operation Challenges include key exchange and key management
24 HIDING DATA IN PLAIN SIGHT Asymmetric (Having no balance or symmetry) encryption Encrypt data with a key
25 HIDING DATA IN PLAIN SIGHT Read Asymmetric (Having no balance or symmetry) encryption Decrypt using a different Read key
26 HIDING DATA IN PLAIN SIGHT Read Read Asymmetric (Having no balance or symmetry) encryption Encrypt data with a key Decrypt using a different Read key Keys managed to keep read key Private Everyone can have key (make it public) Asymmetric algorithms have complicated math Time of operations varies and is unpredictable Usually just key exchanges are Asymmetric
27 CREATING UNIQUE SIGNATURES Read Creating signatures uses combination of last two operations Hash algorithm to create a fingerprint Asymmetric encrypt the fingerprint with Key Create an unchangeable signature
28 CREATING UNIQUE SIGNATURES Read Read Read Read Keys are managed differently Keep key private (Private signing key) Everyone can have Read key (make it public) Anyone can use Read key to decrypt What have you produced? Nobody can change the signature without your private key They verify you signed it if they can decrypt with your Read key They can reproduce the fingerprint to verify the data has not changed
29 VERIFYING THE PEOPLE OR MACHINES THAT MAKE CHANGES TO DATA Authentication Verifying something you know and/or something you have You know a password and/or you have a key Ultimately their must be an accountable person to be trusted Someone issued an authorized person keys Someone issued a person a drivers license or credit card The base trust requires accountability, someone with something to loose. Once initial trust is set up Authentication is done each on some reoccurring basis to verify the continuation of that trust Transferred trust to a computer machine Trust the user accessing the machine Trust for the manufacturer of the machine Trust for the software on the machine Authentication of a machine is only as reliable as the person which can be proven to be responsible for the machine and thus can be held accountable
30 VERIFYING THE PEOPLE OR MACHINES Do they match Password = Memory Authentication knowledge should not be stored on machine being accessed or the network you log into Use Hash or encryption operation and match output Produce Fingerprint from password Retrieve saved fingerprint What does this give you? The machine or system does not have a copy of your password With a strong password they could spend more than a lifetime trying to match the Algorithm output How easy is it to produce a match determines the strength of your password Attackers try to guess password and not to break the Hash 128 Bit (2 128 ) approximately the number of atoms in the Sun 256 Bit (2 256 ) approximately the number of atoms in the known universe
31 SAFE DATA STORAGE AND TRANSMISSION Similar needs for storage and transmitting data Data is moved somewhere and at either another time or in another location it is accessed again Security has to answer questions about what happens between those times and/or locations Did someone see it that was not allowed to? Did an error in the system change something? Did someone change it? Did someone intercept and alter the content? Did intended recipient get the data and not someone pretending to be? Storing and Transmitting safely uses a combinations of previous operations Scrambling communications (Encryption) Data Integrity Monitoring - checks for changes
32 SETTING UP SECURE SESSIONS RN2 2 Setting up a communication session starts with exchanging keys Asymmetric encryption used for key exchange Simplified exchange process Both ends of communication exchange public keys Remember these are different pairs of keys for each computer The message is decrypted on both ends using each systems Read keys and Once again these Read keys are different on each system Finally the two exchanged portion which were exchanged are put together
33 SETTING UP SECURE SESSIONS 1 RN RN2 1 RN2 Each end generates a random number Encrypts it and sends to other Both sides will have the others random input without anyone being able to see it during transit
34 SETTING UP SECURE SESSIONS RN1 2 RN1 2 RN1 Each end generates a random number Encrypts it and sends to other Both sides will have the others random input without anyone being able to see it during transit
35 SETTING UP SECURE SESSIONS RN2 1 2 Read Private Read Key Encryption Key RN2 + RN1 = Read The message is decrypted on both ends using each systems Read key Once again these Read keys are different on each system Finally the locally created and exchanged random numbers are put together
36 SETTING UP SECURE SESSIONS 1 2 RN1 Encryption Key Private Read Key Read Read = RN2 + RN1 Both sides already have the random number they generated This side also decrypts the others random using its private Read key Once again these Read keys are different on each system The combination of both sides now becomes the total key which was exchanged without anyone being able to see it during transit.
37 SETTING UP SECURE SESSIONS 1 2 Encrypt Read Read Data Data Scrambling data while in transit or storage The Encryption (Read/) Key is used on both ends Data in is scrambled before sending (Encrypted)
38 SETTING UP SECURE SESSIONS Read 1 2 Encrypted Data Read Data On the wire or in storage it is not readable Both Side have the capability of encrypting or decrypting Shared keys can be placed in more then two location or systems
39 SETTING UP SECURE SESSIONS 1 2 Read Read Data Decrypt Data When it is received it is unscrambled (Decrypted) Data can be stored for indefinitely and then decrypted as long as the key is stored safely
40 Read VERIFYING INTEGRITY IN SESSIONS, OR WHILE STORED Do they match = Setting up to perform integrity verification Create a fingerprint of data before storage or transmission Create signatures to accompany files or data Store or transmit data content as needed for operations When retrieved from memory or after transmission re-hash data Use Read key included in certificate to decrypt certificate fingerprint Verify the original Fingerprint matches the re-created one A match proves the data's integrity
41 TRACKING AND VERIFYING ACTIONS Many Transactions Stored in Database Signing a computer transaction Digital information is comprised of numbers Current User and Computer Information about the action Time action took place Put information together to build a transaction signature Signatures of events can be verified later Use and event logging Each action and/or Signature can be logged Verifying transactions later tell us, who, when, where and on which systems performed the actions.
42 TRACKING AND VERIFYING ACTIONS Linking the people, systems, actions, and the times they take place together Security operations makes it possible to mathematically verify any computer generated content As long the person or system holding the private key has not been compromised Signing the fingerprint provides a certifiable record of that exact data combination. Actions are non-reputable, and can prove that they were performed Credit card transaction Banking transfer User information changes Access or updating confidential material Log files store transactions Elevated access logging -Log any time users log in with higher then normal access The dilemma is always how do you track and watch the watchers
43 DISTRIBUTING TRUST WORLDWIDE Monetary Transactions Integrity of communications Supply Chain Tracking Accountability of Ownership Digital Rights Managements Allowed Software Profiles Individualized Privacy and Permission Verifiable Audit Records Immutable Accountability of Actions Distributed Access to Single Data Storage Location Immutable proof of origin Risk becomes deterministic and quantifiable Verifiable Quality Comparisons
44 BLOCKCHAIN DEMO Block Chain Demo
45 COMBINATIONS OF BASIC CYBER SECURITY OPERATIONS 1. Identifying data 2. Hiding data in plain sight 3. Creating unique signatures 4. Verifying the people or machines 5. Safe data storage and transmission 6. Tracking and verifying actions 7. Distributing Trust Worldwide What are the most sensitive components of data we need to protect?
46 TAKING PRECAUTIONS HANDLING THE MOST SENSITIVE MATERIAL What is the most sensitive digital material? What are most cybersecurity operation we looked at based on? Storage and handling of Keys Relatively small pieces of data The better quality of the key the more random its bits But this makes them different then other files Files have patterns with headers & footers Focus of a strong digital security is making processes and designs which protect these keys
47 CYBER SECURITY MADE SIMPLE Author: Christopher Gorog Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published Author, Board of Advisors for Cyber Institute of the National Cybersecurity Center, Board of Directors for Cyber Resilience Institute, Host of New Cyber Frontier, and PhD Candidate at UCCS
Introduction to Cryptography in Blockchain Technology. December 23, 2018
Introduction to Cryptography in Blockchain Technology December 23, 2018 What is cryptography? The practice of developing protocols that prevent third parties from viewing private data. Modern cryptography
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationA New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4
IJSRD - International Journal for Scientific Research & Development Vol. 2, Issue 08, 2014 ISSN (online): 2321-0613 A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationPretty Good Privacy (PGP
PGP - S/MIME - Internet Firewalls for Trusted System: Roles of Firewalls Firewall related terminology- Types of Firewalls - Firewall designs - SET for E-Commerce Transactions. Pretty Good Privacy (PGP
More informationCS 425 / ECE 428 Distributed Systems Fall 2017
CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationSecurity in ECE Systems
Lecture 11 Information Security ECE 197SA Systems Appreciation Security in ECE Systems Information security Information can be very valuable Secure communication important to protect information Today
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationHow Secured2 Uses Beyond Encryption Security to Protect Your Data
Secured2 Beyond Encryption How Secured2 Uses Beyond Encryption Security to Protect Your Data Secured2 Beyond Encryption Whitepaper Document Date: 06.21.2017 Document Classification: Website Location: Document
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationAuthentication. Chapter 2
Authentication Chapter 2 Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationBS801E-BSCS. Cryptography
Jay-Ar Baliguat BS801E-BSCS Ms.Myrlen Maria Antoni Cryptography Cryptography can be defined as the conversion of data into a scrambled code that can be deciphered and sent across a public or private network.
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationNETWORK SECURITY & CRYPTOGRAPHY
Assignment for IT Applications in Management Project On NETWORK SECURITY & CRYPTOGRAPHY Course Instructor Submitted By: Mr. ANIL KUMAR ROHIT BARVE 2013240 Section E PGDM 2013-15 Table of Contents Chapter
More informationService Managed Gateway TM. Configuring IPSec VPN
Service Managed Gateway TM Configuring IPSec VPN Issue 1.2 Date 12 November 2010 1: Introduction 1 Introduction... 3 1.1 What is a VPN?... 3 1.2 The benefits of an Internet-based VPN... 3 1.3 Tunnelling
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationAuthentication CHAPTER 17
Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance
More informationLinux Network Administration
Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationCHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM
109 CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM Security is considered to be the most critical factor in many applications. The main issues of such
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationWHITE PAPER. Authentication and Encryption Design
WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationJunos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationVidder PrecisionAccess
Vidder PrecisionAccess Transparent Multi-Factor Authentication June 2015 910 E HAMILTON AVENUE. SUITE 430. CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview...
More informationPretty Good Privacy (PGP)
Pretty Good Privacy (PGP) -- PGP services -- PGP key management (c) Levente Buttyán (buttyan@crysys.hu) What is PGP? general purpose application to protect (encrypt and/or sign) files can be used to protect
More informationWHITE PAPER. Secure communication. - Security functions of i-pro system s
WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationOther Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?
ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationBasic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline
CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationDeprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018
Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationSMart esolutions Information Security
Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationSystems Analysis and Design in a Changing World, Fourth Edition
Systems Analysis and Design in a Changing World, Fourth Edition Learning Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationMessage authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:
Message authentication and secure hashing Why message authentication To prevent against: Masquerade/impersonation Modification of message content Modification of message sequence Acceptance of replayed/delayed
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationProf. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG
Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,
More informationCSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography
CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationAuthenticating on a Ham Internet
Authenticating on a Ham Internet The FCC regulations for amateur radio, part 97, rule that encryption cannot be used to obscure the meaning of communications. Many read the rules and assume that there
More informationViability of Cryptography FINAL PROJECT
Viability of Cryptography FINAL PROJECT Name: Student Number: 0151677 Course Name: SFWR ENG 4C03 Date: April 5, 2005 Submitted To: Kartik Krishnan Overview: The simplest definition of cryptography is The
More informationOutline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing
Outline CSCI 454/554 Computer and Network Security Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues Topic 2. Introduction to Cryptography 2 Cryptography Basic Concepts
More information18-642: Cryptography 11/15/ Philip Koopman
18-642: Cryptography 11/15/2017 Cryptography Overview Anti-Patterns for Cryptography Using a home-made cryptographic algorithm Using private key when public key is required Not considering key distribution
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationProtecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and
More informationAuthentication & Authorization
Authentication & Authorization Anuj Gupta 1, 1 M.Tech Scholar, Department of C.F.I.S, G.I.T.A.M, Kablana, Jhajjar Ashish Kumar Sharma 2 2 Assistant Professor, Department of C.F.I.S & C.S.E, G.I.T.A.M,
More informationBreezeACCESS VL Security
BreezeACCESS VL Security Technical Paper Alvarion Ltd. All rights reserved. The material contained herein is proprietary. No part of this publication may be reproduced in any form without the express written
More informationCRYPTOGRAPHY. BY, Ayesha Farhin
CRYPTOGRAPHY BY, Ayesha Farhin Overview Introduction Types Advantages n Disadvantages Future Developments Bibliography Introduction Cryptography considered as a branch of both mathematics and computer
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More information2/24/2018. Computer Security CS433 Luai E. Hasnawi, PhD
Computer Security CS433 Luai E. Hasnawi, PhD lhasnawi@taibahu.edu.sa Bits (or characters) in a file are independent from each other. These elements has no binding. If one element is changed, it can go
More informationCS 111. Operating Systems Peter Reiher
Operating System Principles: Distributed Systems Operating Systems Peter Reiher Page 1 Outline Introduction Distributed system paradigms Remote procedure calls Distributed synchronization and consensus
More informationA Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography
A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography Ashok Kumar J 1, and Gopinath Ganapathy 2 1,2 School of Computer Science, Engineering and Applications
More informationECE646 Fall Lab 1: Pretty Good Privacy. Instruction
ECE646 Fall 2012 Lab 1: Pretty Good Privacy Instruction PLEASE READ THE FOLLOWING INSTRUCTIONS CAREFULLY: 1. You are expected to address all questions listed in this document in your final report. 2. All
More informationBlackBerry Enterprise Solution Security
Release 4.1 Technical Overview 2006 Research In Motion Limited. All rights reserved. Contents Wireless security... 4 BlackBerry Enterprise Solution security... 4 New security features...6 BlackBerry encryption
More informationRalph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development
Ralph Durkee Independent Consultant www.rd1.net Security Consulting, Security Training, Systems Administration, and Software Development PGP and GnuPG Rochester OWASP Agenda: Generic Public Key Encryption
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationNetwork Security Issues and Cryptography
Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi
More informationSecurity Handshake Pitfalls
Hello Challenge R f(k, R f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone
More informationSecurity PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India
Email Security PGP / Pretty Good Privacy SANOGXXX 10-18 July, 2017 Gurgaon, Haryana, India Issue Date: [31-12-2015] Revision: [V.1] Security issues for E-mail Confidentiality Network admin can read your
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationWAVE: A decentralised authorization system for IoT via blockchain smart contracts
WAVE: A decentralised authorization system for IoT via blockchain smart contracts Michael P Andersen, John Kolb, Kaifei Chen, Gabe Fierro, David E. Culler, Raluca Ada Popa The problem Authorization mechanisms
More informationInternet Architecture
Internet Architecture Lecture 10: How Email Work Assistant Teacher Samraa Adnan Al-Asadi 1 How Email Works Electronic mail, or email, might be the most heavily used feature of the Internet. You can use
More informationIntroduction Classical Confidentiality Modern Confidentiality Integrity Authentication
Cryptography Introduction Classical Confidentiality Modern Confidentiality Integrity Authentication Introduction Cryptography in the Real World Cryptography is the process of writing or reading secret
More informationThe Match On Card Technology
Precise Biometrics White Paper The Match On Card Technology Magnus Pettersson Precise Biometrics AB, Dag Hammarskjölds väg 2, SE 224 67 Lund, Sweden 22nd August 2001 Abstract To make biometric verification
More informationNetwork Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions
CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationSEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9
SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9 Schweitzer Engineering Laboratories, Inc. May 21, 2007 Copyright 2005-2007 Schweitzer Engineering Laboratories, Inc. May be reproduced
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More information