Add to collection(s) Add to saved
  1. Science
  2. Biology
  3. Virology

General Concepts Alice, Bob and Trudy. Players:

advertisement 
General Concepts

Players:
Alice, Bob and Trudy.

How to communicate securely over an insecure medium?
Alice should be able to send a message to Bob that
Trudy can't understand or modify
and Bob is assured that Alice is the sender.

Passive Attacks:
The attacker eavesdrops and read/record messages in transit.

Active Attacks:
The attacker may transmit new messages, replay old messages,
modify/delete messages on transit.

Layers and Cryptography:
o Application (e.g., PEM),
o Transport (e.g., SSL),
o Network (e.g., IPsec).

Authentication:
Who are you?

Authorization:
Should you be doing that?
ACL (access control list) & Groups.

Trojan horse/virus/worm:
Malicious code written by bad guys.
o
o
Modern mail systems & Internet connectivity (Cable
Modems/DSL) contribute to its spread.
Virus Checkers: looks for instruction sequences for known
viruses
and uses message digests for files.

Security Levels:
unclassified < confidential < secret < top secret

Mandatory Access Control Rules:
No read-up (read higher rating object).
No write-down (write an object with lower rating).

Covert Channels :
Very low bandwidth (e.g., 1 bit every 10 seconds),
but can be used to steal cryptographic keys.
E.g., a Trojan horse may use timing channel
to loops 1 minute if a bit is 1
and waits 1 minute if bit is 0.

Steganography:
Hide secret messages in other messages.
E.g., hide messages in images by replacing the least significant
bit of each byte of the image with the bits of the message.
For example you can store 64Kbyte message in 1024x1204
gray scale picture.
DEMO: home/cs772/public_html/demos/steganography

The Orange Book:
Rates computer systems (D, C1,C2, B1,B2,B3 and A1). E.g.,
o
C1 classical time-sharing system like Unix (use login/password
and access control (owner/group/world) to protect files.
C2 is C1 + access control per user granularity, clearing
allocated memory file space, and audit trails.
o B1 is C2 + use security labels for users/processes/files and
prevent read-up and write-down., printers attach label to each
printed page.
Patents & Export Control:
o

Luckily most patents have expired (e.g. RSA Sept 20, 2000),
and recently most export control has been lifted.
The US considered encryption as danger as the weapons of
mass destruction,
like nuclear and biological technology.
Related documents
General Concepts Alice, Bob and Trudy. Players:
General Concepts Alice, Bob and Trudy. Players:
CRYPTOGRAPHY AND THE DIFFIE–HELLMAN Presentation by CDT Ashcraft
CRYPTOGRAPHY AND THE DIFFIE–HELLMAN Presentation by CDT Ashcraft
Wednesday, February 17 Morgan 202 5:30 pm
Wednesday, February 17 Morgan 202 5:30 pm
TCOM WORKSHEET 1 v1.1
TCOM WORKSHEET 1 v1.1
Massachusetts Institute of Technology
Massachusetts Institute of Technology
Extra Credit 7 (10 pts): x
Extra Credit 7 (10 pts): x
Kaisheng Pang-HW7
Kaisheng Pang-HW7
dreshersguessinggame2011
dreshersguessinggame2011
DCT and DWT
DCT and DWT
Steganography Image in Image using Modified method in Least
Steganography Image in Image using Modified method in Least
Least Significant Bit algorithm for image steganography
Least Significant Bit algorithm for image steganography
a novel hash based least significant bit (2-3-3) image
a novel hash based least significant bit (2-3-3) image
FUNDAMENTALS FOR STEGANOGRPHY USING LEAST
FUNDAMENTALS FOR STEGANOGRPHY USING LEAST
On Robust Key Agreement Based on Public Key Authentication
On Robust Key Agreement Based on Public Key Authentication
On The Limits of Steganography
On The Limits of Steganography
subramanian2021
subramanian2021
Cryptography Engineering
Cryptography Engineering
Introduction to computer security
Introduction to computer security
Information Security Principles and Practice (Mark Stamp) (z-lib.org)
Information Security Principles and Practice (Mark Stamp) (z-lib.org)
Download
advertisement