• Tidak ada hasil yang ditemukan

Outline Integrity The forth A

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2025

Membagikan "Outline Integrity The forth A"

Copied!
6
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 6 Halaman )

Teks penuh

(1)

2110413 Computer Security

Krerk Piromsopa, Ph.D.

Department of Computer Engineering Chulalongkorn University

Lecture 5 Integrity, encryption, & buffer overflow

1 1

Outline

Definition

Trust

Hardware

Cryptography (intro.)

Physical Temper Resistance

Protection against Buffer-overflow attacks

2 2

Integrity

Integrity is a characteristic that belongs to people who are self-actualized. It is the quality or condition of being whole, complete, unbroken, and undivided. Knowing oneself heightens a person's integrity.

Applying to data, it also refers to the state of being whole and undivided or the condition of being unified and

“Integrity without knowledge is weak and useless, and knowledge without integrity is dangerous and dreadful.”

Samuel Johnson (1709 - 1784)

3 3

The forth A

Integrity is sometime referred as Authenticity—hence it is sometime mentioned as the forth “A” of security components.

How can we preserve the integrity of data?

4 4

(2)

Trust

Trust is a a basis for every security model.

I trusted you. What does it mean?

believe in the reliability, truth, ability, or strength of [M-W]

What do you trust?

“Real integrity is doing the right thing, knowing that nobody's going to know whether you did it or not.”

Oprah Winfrey, in Good Housekeeping

5 5

Trust in action

single user operating system with no protection (DOS, CP/M, Windows < NT)

Embedded Systems (Appliances)

What else?

6 6

How to minimize trust?

Trust with respect to boundary

Sandbox

Domains (isolation)

7 7

Pop Quiz

Who do you trust to sign your code?

Is a signed applet (or ActiveX) a safe program?

What mechanism is necessary to implement sandbox and/or domain?

8 8

(3)

Hardware support

Electronic curtain

Ring

Segmentation

Page

Tagged Memory

9 9

Ring

Back as far as Multics (1960)

Processor provides memory compartments

Segmentation

Page

How many rings do we really need?

10 10

Intel 386

11 11

Integrity without hardware support

12 12

(4)

Encryption: History

Monoalphabetic Substitution Cipher

Julius Caesar (50 BC) used it.

abcdefghijklmnopqrstuvwxyz

SECURITYABDFGHJKLMNOPQVWXZ

What is...? YRFFJ VJMFU

13 13

Hacking

Given a sufficiently large encoded message, it can readily be "cracked" by comparing the

frequency of letter occurrences in the coded message with the frequency of letter occurrences in the language used for the message.

14 14

Try this

Gur fbyhgvba gb gur pvcure vf gur anzr nhoerl juvpu jnf qvssvphyg gb fbyir orpnhfr yvfgf bs cgbyrzl pbafgryyngvbaf jrer vapbafvfgrag. Vg gbbx frireny snvyrq nggrzcgf orsber svaqvat n jbexnoyr yvfg.

15 15

Modern Encryption

Hash Digests(short input > long output)

Stream Cipher

RC4 (SSL, WEP, WPA, etc...)

Block Cipher

DES, Blowfish, AES

Public Key

16 16

(5)

Hash function

Collision ??

17 17

Early Stream Cipher

LUCKYLUCK COMPUTING NIOZSECPQ

Vigenere (1467) first Polyalphabetic cipher

18 18

Early Block Cipher

F I R S T A M E N D B C G H K L O P Q U V W X Y Z

Playfair

Grouping data in two, and use the corner to encode data.

Example,

CO MP UT ER OW EO ZD GE

19 19

Public Key

20 20

(6)

Digital Signature

2 Approving Authority: Secretary of Commerce.

Maintenance Agency: U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Information Technology Laboratory (ITL).

Applicability: This standard is applicable to all Federal departments and agencies for the protection of sensitive unclassified information that is not subject to section 2315 of Title 10, United States Code, or section 3502(2) of Title 44, United States Code. This standard shall be used in designing and implementing public-key based signature systems which Federal departments and agencies operate or which are operated for them under contract. Adoption and use of this standard is available to private and commercial organizations.

Applications: A digital signature (ds) algorithm authenticates the integrity of the signed data and the identity of the signatory. A ds algorithm may also be used in proving to a third party that data was actually signed by the generator of the signature. A ds algorithm is intended for use in electronic mail, electronic funds transfer, electronic data interchange, software distribution, data storage, and

21 21

POP Quiz

What kind of security do we get from encryption?

Most people think that encryption is secure.

Do you agree or disagree?

22 22

Other issues

Key management (see PKI)

Collision of hashing function

http://www.mathstat.dal.ca/~selinger/md5collision/

23 23

Referensi

Unduh sekarang ( PDF - 6 Halaman - 1.64 MB )

Dokumen terkait

View of The Role of Audit Quality as a Moderating Variable in Relationship Between Quality of Audit Committee, Company Size and Financial Report Integrity of Manufacturing Companies Listed in IDX

THE ROLE OF AUDIT QUALITY AS A MODERATING VARIABLE IN RELATIONSHIP BETWEEN QUALITY OF AUDIT COMMITTEE, COMPANY SIZE AND FINANCIAL REPORT INTEGRITY OF MANUFACTURING COMPANIES LISTED

AN EVALUATION OF THE IMPACT OF A LIFE SKILLS PROGRAMME IN THE WORKPLACE FM Taute

TABLE 2 LAYOUT OF THE LIFE SKILLS PROGRAMME GOAL: THE ENHANCEMENT OF KNOWLEDGE, SKILLS AND ATTITUDE MODULE THEME 1 Locality of control 2 Well-being 3 Problem solving 4