View
5
Download
0
Category
Preview:
Citation preview
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Computer Security — Part 1:Introduction
Dusko Pavlovic
OxfordMichaelmas Term 2008
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Outline
Preamble
Security examples
What is computer security?
Structure of the course
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Outline
Preamble
Security examples
What is computer security?
Structure of the course
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Contact
I Dusko Pavlovic
I email: dusko@comlab.ox.ac.uk
I mailing list: oxford-security@googlegroups.com
I phone: 273 883
I office: 305
I office hours: after class or email for appointment
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Announcements
I sign up sheets for classesI timetable tweaks:
I weeks 1–2: 3 lecturesI week 4: no lectures
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Announcements
I sign up sheets for classesI timetable tweaks:
I weeks 1–3: 3 lecturesI week 4: no lecturesI November 19: no lecture
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Course
I What do we expect from the course?
I Why security?
I What is security?
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Course
I What do we expect from the course?
I Why security?
I What is security?
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Course
I What do we expect from the course?
I Why security?
I What is security?
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Outline
Preamble
Security examples
Securing resources: authorization
Securing information: secrecy
Securing information: authenticity
Securing social interactions and networks
What is computer security?
Structure of the course
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing resources: authorization
Digital Rights Management (DRM)
I
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing resources: authorization
Digital Rights Management (DRM)
I art used to be bound to an artistI music was available only from a musicianI a story from a storytellerI a painting could only be seen in one place
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing resources: authorization
Digital Rights Management (DRM)
I mass reproduction bound art to copiable mediaI copying technologies led to copyright-based marketsI artists could sell lots of books and recordsI Copyright Management: branding, celebrities
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing resources: authorization
Digital Rights Management (DRM)
I digital networks freed art (science, religion. . . )from physical tokens (books, CDs. . . )
I copying of digital content is essentially costlessI Copyright Management becomes unviableI Digital Rights Management: seeks to
I prevent (sandboxing, Vista. . . )I detect (watermarking . . . )I deter (lawyers . . . )
unauthorized copying of digital content
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing information: secrecy
Task: Fair deal of virtual cards
Design a P2P application for mobile devices to dealvirtual cards.
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing information: secrecy
Problem
The players mistrust each other’s device. The dealingdevice must not see the cards that it is dealing.
Hint
Each device can encrypt messages, i.e. make themunreadable for others. Encryptions can be removed inany order.
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing information: secrecy
Problem
The players mistrust each other’s device. The dealingdevice must not see the cards that it is dealing.
Hint
Each device can encrypt messages, i.e. make themunreadable for others.
Encryptions can be removed inany order.
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing information: secrecy
Problem
The players mistrust each other’s device. The dealingdevice must not see the cards that it is dealing.
Hint
Each device can encrypt messages, i.e. make themunreadable for others. Encryptions can be removed inany order.
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing social computation
Special case: Virtual coin flipping
Flip a virtual coin (without using a physical coin).
Variations: Millionaires’ Problem
Two millionaires need to truthfully find out which one isricher, without telling how rich they are.
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing social computation
Special case: Virtual coin flipping
Flip a virtual coin (without using a physical coin).
Variations: Millionaires’ Problem
Two millionaires need to truthfully find out which one isricher, without telling how rich they are.
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing information: authenticity
Task
Spammers need lots of webmail accounts. They writebots who visit Hotmail, Yahoo! etc, to open disposableaccounts, to distribute spam.
Design a protocol for setting up a webmail account whichwill be able to tell apart bots from humans.
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
First computer
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
First authentication protocol
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
First authentication protocol
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
First authentication protocol
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
CAPTCHA
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
CAPTCHA
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
CAPTCHA
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
CAPTCHA
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
CAPTCHA
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Agent Bot Smith in the Middle
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Agent Bot Smith in the Middle
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Agent Bot Smith in the Middle
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Agent Bot Smith in the Middle
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
ProblemSmart card relay attacks
This becomes much easier with NFC phones!
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
ProblemSmart card relay attacks
This becomes much easier with NFC phones!
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing social interactions and networks
Task
There are 11 voters and 3 candidates A, B and C. Thevoters need to elect one candidate. They have differentpreferences.
Describe a method to elect the candidate which satisfiesmost voters.
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing social interactions and networksProblem
Suppose the preferences are distributed as follows:
voters preference
3 A � B � C2 A � C � B2 B � C � A4 C � B � A
I If each voter casts 1 vote, then the tally is5:4:2 for A � C � B.
I If each voter casts 1+1 votes, then the tally is9:8:5 for B � C � A.
I If each voter casts 2+1 votes, then the tally is12:11:10 for C � B � A
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing social interactions and networksProblem
Suppose the preferences are distributed as follows:
voters preference
3 A � B � C2 A � C � B2 B � C � A4 C � B � A
I If each voter casts 1 vote, then the tally is5:4:2 for A � C � B.
I If each voter casts 1+1 votes, then the tally is9:8:5 for B � C � A.
I If each voter casts 2+1 votes, then the tally is12:11:10 for C � B � A
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing social interactions and networksProblem
Suppose the preferences are distributed as follows:
voters preference
3 A � B � C2 A � C � B2 B � C � A4 C � B � A
I If each voter casts 1 vote, then the tally is5:4:2 for A � C � B.
I If each voter casts 1+1 votes, then the tally is9:8:5 for B � C � A.
I If each voter casts 2+1 votes, then the tally is12:11:10 for C � B � A
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing social interactions and networksProblem
Suppose the preferences are distributed as follows:
voters preference
3 A � B � C2 A � C � B2 B � C � A4 C � B � A
I If each voter casts 1 vote, then the tally is5:4:2 for A � C � B.
I If each voter casts 1+1 votes, then the tally is9:8:5 for B � C � A.
I If each voter casts 2+1 votes, then the tally is12:11:10 for C � B � A
Security 1:Introduction
Dusko Pavlovic
Preamble
ExamplesAuthorization
Secrecy
Authentication
Voting
Security?
Structure
Securing social interactions and networksProblem
Suppose the preferences are distributed as follows:
voters preference
3 A � B � C2 A � C � B2 B � C � A4 C � B � A
I If each voter casts 1 vote, then the tally is5:4:2 for A � C � B.
I If each voter casts 1+1 votes, then the tally is9:8:5 for B � C � A.
I If each voter casts 2+1 votes, then the tally is12:11:10 for C � B � A
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
Outline
Preamble
Security examples
What is computer security?
What is a computer?
What is security
Structure of the course
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
What is a computer?
A computer performs computation:
I computation as calculation:I data processing through language, symbols,
calculators. . .
I computation as communication:I data processing with other people, other computers,
web. . .
Computation is
I data processing (thinking, gene activation. . . )
I using tools (laptops, networks, tRNA. . . ).
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
What is a computer?
A computer performs computation
:
I computation as calculation:I data processing through language, symbols,
calculators. . .
I computation as communication:I data processing with other people, other computers,
web. . .
Computation is
I data processing (thinking, gene activation. . . )
I using tools (laptops, networks, tRNA. . . ).
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
What is a computer?
A computer performs computation:
I computation as calculation:I data processing through language, symbols,
calculators. . .
I computation as communication:I data processing with other people, other computers,
web. . .
Computation is
I data processing (thinking, gene activation. . . )
I using tools (laptops, networks, tRNA. . . ).
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
What is a computer?
A computer performs computation:
I computation as calculation:I data processing through language, symbols,
calculators. . .
I computation as communication:I data processing with other people, other computers,
web. . .
Computation is
I data processing (thinking, gene activation. . . )
I using tools (laptops, networks, tRNA. . . ).
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
What is a computer?
A computer performs computation:
I computation as calculation:I data processing through language, symbols,
calculators. . .
I computation as communication:I data processing with other people, other computers,
web. . .
Computation is
I data processing (thinking, gene activation. . . )
I using tools (laptops, networks, tRNA. . . ).
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
What is a computer?
Examples of computers
I pocket calculator, brake stabilizer, flight controller
I laptop, desktop, mainframe
I Google cluster, StormWorm botnet
I the Web
I networks: cell, tissue, organism
I social groups and networks. . .
They all have their
I security requirements
I vulnerabilities
I attackers and adversaries
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
What is a computer?
Examples of computers
I pocket calculator, brake stabilizer, flight controller
I laptop, desktop, mainframe
I Google cluster, StormWorm botnet
I the Web
I networks: cell, tissue, organism
I social groups and networks. . .
They all have their
I security requirements
I vulnerabilities
I attackers and adversaries
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
Software engineering
Program dependability
I safety: "bad things (actions) don’t happen"
I liveness: "good things (actions) do happen"
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
Software engineering
Program dependability
I safety: "bad things (actions) don’t happen"
I liveness: "good things (actions) do happen"
In sequential computation
I all first order constraints are dependability properties
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
Security engineering: Systems
Resource security (access control)
I authorization: "bad resource calls don’t happen"
I availability: "good resource calls do happen"
In an operating or a computer system
I all resource constraints are security properties
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
Security engineering: Systems
Information security
I secrecy: "bad information flows don’t happen"
I authenticity: "good information flows do happen"
In network computation
I all information flow constraints are security properties
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
Security engineering: Networks
Social choice (voting) and market economy
I neutrality: "bad data aggregations don’t happen"
I fairness: "good data aggregations do happen"
In social data processing
I all aggregation constraints are security properties
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
Security vs dependability
processing dependability security
System centralized distributedobservations global local
Environment neutral adversarialthreats accidents attacks
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?What is a computer?
What is security
Structure
Security implementation
Protection and enforcement counter attacks in threephases
I prevention: security properties cannot be breachedI firewalls, cryptography
I detection: security breaches are detectedI intrusion detection, digital forensics
I policy: recovery, penalties, incentivesI legal measures (RIAA, MPAA), economics of security
(cost of an attack must be higher than the expectedprofit of success)
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Outline
Preamble
Security examples
What is computer security?
Structure of the course
Security 1:Introduction
Dusko Pavlovic
Preamble
Examples
Security?
Structure
Structure of the course
Security
xxqqqqqqqqqq
&&NNNNNNNNNNN
Systems sec.
��
Networks sec.
�� &&LLLLLLLLLLL
Resource sec.Part 2 Information sec.
yyttttttttttt
��
Social sec.Part 7
CryptographyPart 3
ProtocolsPart 4
yyttttttttt
%%KKKKKKKKKK
Web sec.Part 5
Pervasive sec.Part 6
Recommended