Security Attacks Active and Passive Active Masquerade impersonation
- Slides: 19
Security Attacks: Active and Passive • Active • • • Masquerade (impersonation) Replay Modification of message Denial of service Passive • Traffic analysis • Release of message contents Códigos y Criptografía Francisco Rodríguez Henríquez
Classes of Security Attacks • • Interruption Interception Modification Fabrication Códigos y Criptografía Anita Betito Francisco Rodríguez Henríquez
Classes of Security Attacks: Interruption • Interruption • Availability • Interception • Modification • Fabrication Códigos y Criptografía Anita Betito Francisco Rodríguez Henríquez
Classes of Security Attacks: Interception • Interruption • Interception • Confidentiality • Modification • Fabrication Códigos y Criptografía Anita Betito Francisco Rodríguez Henríquez
Classes of Security Attacks: modification • Interruption • Interception • Modification • Integrity • Fabrication Códigos y Criptografía Anita Betito Francisco Rodríguez Henríquez
Classes of Security Attacks: fabrication • • Interruption Interception Modification Fabrication • Authenticity Códigos y Criptografía Anita Betito Francisco Rodríguez Henríquez
Security Services • Confidentiality - protect info value • Authentication - protect info origin (sender) • Identification - ensure identity of users • Integrity - protect info accuracy • Non-repudiation - protect from deniability • Access control - access to info/resources • Availability Códigos y Criptografía - ensure info delivery Francisco Rodríguez Henríquez
Some Practical Applications "Any sufficiently advanced technology is indistinguishable from magic. ” Arthur C. Clarke. • • secure mail secure communications network authentication electronic voting electronic notary digital money (digital wallet) data distribution Códigos y Criptografía Francisco Rodríguez Henríquez
Secure Mail: PGP (Pretty Good Privacy) • Pretty Good Privacy was created by Philip R. Zimmermann. For that, he was the target of a three-year criminal investigation, because the US government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite of this government persecution, PGP nonetheless became the most widely used email encryption software in the world. • PGP is a freeware. A copy of the software can be obtain at, PGP download site: http: //web. mit. edu/network/pgp. html Códigos y Criptografía Francisco Rodríguez Henríquez
Secure Communications • Scenarios – – Security for real time electronic links local area networks link encryption cellular (and ordinary) phones and faxes • Goals – message privacy – sender and recipient authentication – non repudiation • Tools – – – Códigos y Criptografía key agreement protocols secret key cryptosystems public key cryptosystems digital signatures certicates Francisco Rodríguez Henríquez
Data Distribution • Scenarios – conditional access TV – software distribution via CD ROM – information bulletin boards • Goals – broadcast operation (TV, CD ROM) – message privacy – selective reception • Tools – secret key cryptography – public key cryptography – secure hardware Códigos y Criptografía Francisco Rodríguez Henríquez
Electronic Voting • Scenarios – general elections – shareholders meetings – secure distributed computation • Goals – anonymity – fairness – accountability • Tools – RSA based mathematics – blind signatures – sender untraceability protocols Códigos y Criptografía Francisco Rodríguez Henríquez
Digital Money (Digital Wallet) • Scenarios – replacement for paper money – more flexible than credit cards • Goals – – – – anonymity untraceability fairness dividability transferability off line (from bank) operations universality • Tools – more RSA based mathematics – zero knowledge protocols – secure hardware tokens Códigos y Criptografía Francisco Rodríguez Henríquez
Some Research Interests in Cryptography • • • Design of cryptographic algorithms Analysis of cryptographic algorithms Design of cryptographic protocols Hardware and software implementations Applications of cryptography Códigos y Criptografía Francisco Rodríguez Henríquez
Cryptography Schemes Sender Message Receiver Adversary Problem: How to have secure communication over an insecure channel? Códigos y Criptografía Francisco Rodríguez Henríquez
Solution A: Trusted Third Party using this model requires us to: • • design an algorithm for the security transformation generate the secret information used by the algorithm develop methods to distribute the secret information specify a protocol enabling the principals to use the transformation & secret info for a security service Códigos y Criptografía Francisco Rodríguez Henríquez
Solution B: Secret-key cryptography key: e or d Sender Ciphertext C : = f(e; M) Receiver M : = g(d; C) Adversary • Exchange the key over a secure channel • Functions f(e; -) and g(d; -) are inverses of one another • Encryption and decryption processes are symmetric Códigos y Criptografía Francisco Rodríguez Henríquez
Problems with secret key cryptography: • requires establishment of a secure channel for key exchange • two parties cannot start communication if they never met Códigos y Criptografía Francisco Rodríguez Henríquez
Alternative: Public Key Cryptography • requires establishment of a public key directory in which everyone publishes their encryption keys • two parties can start communication even they never met • provides ability to sign digital data Códigos y Criptografía Francisco Rodríguez Henríquez
- What is impersonation
- Security attacks services and mechanisms
- Private security
- Masquerade falsification and repudiation
- Historical masquerade masks
- Chankara troupe bronx masquerade
- His masquerade of a jester irony
- Queens college yaba
- Delonix regia common name
- Masquerade syndrome
- Gartner authentication
- Malicious attacks threats and vulnerabilities
- Cache attacks and countermeasures: the case of aes
- Computer network vulnerabilities
- Wireless security in cryptography
- Electronic commerce security
- Passive voice present perfect
- Impersonal passive voice exercises with answers
- Deliberative listeners strive to remember information and:
- Passive voice exercises 11th grade