Computers and You - Virginia Tech

Computers and You - Virginia Tech

Midterm Exam Sung Hee Park Computer Science Dept. of Math & Computer Science Virginia State University Petersburg, VA 23806 Midterm Exam When: 10:00 10:50AM, Friday, October 5, 2012 Where: Hunter-McDaniel Building 201s Format Close book One letter-size double-sided cheat sheet Question types

Multiple choices Fill in blanks True or false Short answer Review guide to be released in Blackboard on Tuesday. Security Requirements Triad Co nfid en t ia

ility ilab Ava lity Integrity Au th en ti CSCI 451 Computer Security Fall 2012 cit y ilit b

ta n u co c A y 3 Security Terminology Adversary (threat agent) Attack Countermeasure Risk Security Policy System Resource (Asset) Threat Vulnerability

Co nfid en t ia ility ilab Ava lity Integrity Au th en tic ity CSCI 451 Computer Security Fall 2012

c Ac ilit b ta n ou y 4 Security Terminology CSCI 451 Computer Security Fall 2012 5 Vulnerabilities and Attacks

System resource vulnerabilities may be corrupted (loss of integrity) become leaky (loss of confidentiality) become unavailable (loss of availability) Attacks are threats carried out and may be passive active insider outsider

8/24/2011-8/26/2011 CSCI 451 Computer Security Fall 2012 6 Countermeasures Prevent Detect Recover 8/24/2011-8/26/2011 CSCI 451 Computer Security Fall 2012 7 Symmetric Encryption

Symmetric Encryption Shift cipher Encrypt Decrypt Given the alphabet and a key, decrypt gibbish

Attacking Symmetric Encryption Given the alphabet and a key, encrypt Hello, World Cryptanalysis Brute-force attack Key size and the number of keys DES AES 01/27/2020 CSCI 451 Computer Security Fall 2012 8 Example A classical but trial symmetric encryption algorithm

Shift Cipher Secret key Encryption algorithm c = (m + k) % n Decryption algorithm An integer: k

m = (c k) % n Example n = 26 for English alphabet k=3 Encrypt Plaintext input the quick brown fox jumps over the lazy dog Ciphertext output wkh txlfn eurzq

8/27/2012-8/31/2012 CSCI 451 Computer Security Fall 2012 9 In-Class Exercise k=8 Encrypt Hurricane Irene shut down the university! 8/27/2012-8/31/2012 CSCI 451 Computer Security Fall 2012 10

Hurricane Irene shut down the university! P}zzqkivm(Qzmvm({p}|(lwDELv(|pm(}vq~mz{q| start of heading) 9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2011 11 Secure Hash Function and Message Authentication Requirement of hash functions

Applied to any size data H produces a fixed-length output. H(x) is relatively easy to compute for any given x One-way property Weak collision resistance Strong collision resistance 9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2012 12 Public Key Cryptography Why is it called public key cryptograph? Requirements Message confidentiality Authentication

RSA (Rivest, Shamir, Adleman) Diffie-Hellman key exchange algorithm Digital Signature Standard (DSS) Elliptic curve cryptography (ECC) 01/27/2020 CSCI 451 Computer Security Fall 2012 13 Public Key Algorithms RSA (Rivest, Shamir, Adleman)

Diffie-Hellman key exchange algorithm only allows exchange of a secret key Digital Signature Standard (DSS) developed in 1977 only widely accepted public-key encryption alg given tech advances need 1024+ bit keys provides only a digital signature function with SHA-1 Elliptic curve cryptography (ECC) new, security like RSA, but with much smaller keys

9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2012 14 In-Class Activity Example for creating encrypted private key and self-signed certificate for the CA. openssl req -new -x509 -keyout csci451privatekey.pem -out cacert.pem -days 365 -config openssl.cnf Locate openssl.cnf Cp . openssl req -new -x509 -keyout csci451privatekey.pem -out cacert.pem -days 365 -config openssl.cnf

9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2011 15 In-Class Activity to generate the public key from the private key. openssl rsa -in csci451privatekey.pem passin pass:cs03se -pubout -out csci451publickey.pem 9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2011 16 In-Class Activity # create, sign, and verify message digest openssl sha1 -out digest.txt plain.txt

Given the plain.txt, the above command generates the SHA-1 based message digest in digest.txt file. 9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2011 17 In-Class Activity openssl sha1 -sign csci451privatekey.pem -out rsasign.bin plain.txt Given the plain.txt, the above command generates the SHA-1 based hash and then sign it with the private key of CS691. The signed hash is save in rsasign.bin (binary data) file.

9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2011 18 In-Class Activity openssl sha1 -verify csci451publickey.pem signature rsasign.bin plain.txt Given the plain.txt and the signed hash received, the above command verified if it is indeed signed by CS691 using its public key and indeed the hash is correct. [ex2]$ openssl sha1 -verify csci451publickey.pem -signature rsasign.bin plain.txt Verified OK 9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2011

19 In-Class Activity to generate the public key from the private key. openssl rsa -in csci451privatekey.pem passin pass:cs03se -pubout -out csci451publickey.pem 9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2011 20 In-Class Activity # create, sign, and verify message digest openssl sha1 -out digest.txt plain.txt Given the plain.txt, the above command generates the SHA-1 based message digest in digest.txt file.

9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2011 21 In-Class Activity openssl sha1 -sign csci451privatekey.pem -out rsasign.bin plain.txt Given the plain.txt, the above command generates the SHA-1 based hash and then sign it with the private key of CSCI451. The signed hash is save in rsasign.bin (binary data) file. 9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2011 22

In-Class Activity openssl sha1 -verify csci451publickey.pem signature rsasign.bin plain.txt Given the plain.txt and the signed hash received, the above command verified if it is indeed signed by CSCI451 using its public key and indeed the hash is correct. [[email protected] ex2]$ openssl sha1 -verify cs691publickey.pem -signature rsasign.bin plain.txt Verified OK 9/7/2011-9/9/2011 CSCI 451 Computer Security Fall 2011 23 User Authentication distinct from message authentication four means of authenticating user's identity

01/27/2020 knows - e.g. password, PIN possesses - e.g. key, token, smartcard is (static biometrics) - e.g. fingerprint, retina does (dynamic biometrics) - e.g. voice, sign CSCI 451 Computer Security Fall 2012 24 Password Authentication Common attacks

offline dictionary attack specific account attack popular password attack password guessing against single user workstation hijacking exploiting user mistakes exploiting multiple password use electronic monitoring Count measures

01/27/2020 stop unauthorized access to password file intrusion detection measures account lockout mechanisms policies against using common passwords but rather hard to guess passwords training & enforcement of policies automatic workstation logout encrypted network links CSCI 451 Computer Security Fall 2012 25 Use of Hashed Password

User id Salt Password Encrypted password/ 01/27/2020 CSCI 451 Computer Security Fall 2012 26 Unix Implementation 01/27/2020 CSCI 451 Computer Security Fall 2011 27 Password Cracking dictionary attacks

rainbow table attacks 01/27/2020 CSCI 451 Computer Security Fall 2012 28 Password File Access Control How password file should be protected (using access control?) 01/27/2020 CSCI 451 Computer Security Fall 2012 29 Token Authentication

object user possesses to authenticate, e.g. 01/27/2020 embossed card magnetic stripe card memory card smartcard CSCI 451 Computer Security Fall 2012 30 Case Study: Unix File Access Control Unix file concepts

Unix file control 01/27/2020 CSCI 451 Computer Security Fall 2012 31 UNIX File Concepts UNIX files administered using inodes Directories form a hierarchical tree [[email protected] total 28 -rw-r--r-- 1 -rwxr-xr-x 1 drwxr-xr-x 2 01/27/2020

passwd]$ ls -ltr hchen faculty 273 Sep 26 10:26 passwd.cc hchen faculty 6749 Sep 26 10:27 passwd hchen faculty 4096 Oct 10 09:44 tmp CSCI 451 Computer Security Fall 2011 32

Recently Viewed Presentations

  • Choosing Your First Radio - gars.org

    Choosing Your First Radio - gars.org

    Digital Modes with a Computer. Digital Modes with Voice. Other Things To Do. ... Historically known as Amateur Radio. Talk around the state, around the world. ... ID-51A PLUS Dual Band D-STAR. ID-5100 Dual Band D-STAR. Prices - HRO -...
  • Acute Decompenstion "slip sliding away" BF

    Acute Decompenstion "slip sliding away" BF

    No AICD/AB blood type/abd USat outside hospital with ascites/periportal echogenicity but no focal hepatic abnormality. Exam reveals muscular appearance, JVP to angle of jaw, clear lungs, S3 gallop, 2/6 MR murmur, 2/6 TR murmur and no peripheral edema ... What...
  • Genetic Engineering of D. radiodurans for uranium bioremediation

    Genetic Engineering of D. radiodurans for uranium bioremediation

    Genetic Engineering of D. radiodurans for uranium bioremediation from high radiation environment. Shree Kumar Apte. Molecular Biology Division. Bhabha Atomic Research Centre, Mumbai-400085, India
  • Introduction to Utah Academic Libraries Consortium September 23,

    Introduction to Utah Academic Libraries Consortium September 23,

    The Committee of Principals. The JSC makes decisions about the content of RDA. The Committee of Principals (COP) is responsible for policies relating to RDA, especially decisions about publication and funding.
  • Safe Assignment at ASU

    Safe Assignment at ASU

    Availability Currently available in Blackboard Stand alone version (testing) Spring 2007 ASURITE/Webauth based web module Mid 2007 Integrated into the Sakai CMS Originality Reports Originality Reports are exact copies of student-submitted papers, except that all sections suspected in plagiarism are...
  • 2009 Altera Corporate Template - PLDWorld.com

    2009 Altera Corporate Template - PLDWorld.com

    Using Altera FPGAs to Implement Wide Dynamic Range (WDR) Image Sensor Pipelines (ISP) and Video Analytics 2010 Technology Roadshow This slide show the IP pilpeline from headend/ sensor side to the backend side Displays from left to the right We...
  • Philosophical approaches to animal ethics Gary Varner, Professor

    Philosophical approaches to animal ethics Gary Varner, Professor

    Rights views: "Individuals have moral 'trump cards' against utilitarian arguments." Utilitarianism and rights views get a lot of attention because they are related to the distinction between "animal welfare" and "animal rights."
  • The Commonwealth's Phase III Watershed Implementation Plan

    The Commonwealth's Phase III Watershed Implementation Plan

    Virginia's 2018 Water Quality Assessment Integrated Report (IR) - Highlights. ... VMI "Our DEQ experts tell us that at our current Bay restoration pace, we will fall millions of pounds short of our goals to reduce nitrogen and phosphorus. So...