Outline for January 7, 1999
- Greetings and Felicitations
- Review general information
- Quote of the Day
- Basic components
- Confidentiality
- Integrity
- Availability
- Threats
- snooping
- modification
- masquerading; contrast with delegation
- repudiation of origin
- denial of receipt
- delay
- denial of service
- Role of policy
- example of student copying files from another
- emphasize: policy defines security
- distinguish between policy and mechanism
- Goals of security
- prevention
- detection
- recovery
- Trust
- hammer this home: all security rests on trust
- first problem: security mechanisms correctly implement security
policy; walk through example of a program that logs you in; point out
what is trusted
- second problem: policy does what you want; define secure, precise
- Operational issues; change over time
- cost-benefit analysis
- risk analysis (comes into play in cost-benefit too)
- laws and customs
- Human Factors
- organizational problems
- people problems (include social engineering)
- What is cryptography?
- cipher vs. code
- plaintext (cleartext) M, ciphertext C, key k
- encryption Ek, decryption Dk
- Requirements for a cryptosystem
- enciphering, deciphering is efficient for all keys
- easy to use
- strength is depends on secrecy of keys only,
not on secrecy of E or D
- What it can do: Secrecy
- computationally infeasible to determine Dk
from C even if corresponding M known
- computationally infeasible to determine M from C
if k unknown
- What it can do: Data Authenticity (Integrity)
- computationally infeasible to determine Ek
from C even if corresponding M known
- computationally infeasible to find a C'
such that Dk(C') is valid plaintext
- Attacks
- ciphertext only
- known plaintext
- chosen plaintext
- chosen ciphertext
Quote
"All warfare is based on deception. Hence, when able to attack, we
must seem unable; when using our forces, we must seem inactive; when we
are near, we must make the enemy believe we are far away; when far
away, we must make him believe we are near. Hold out baits to entice
the enemy. Feign disorder, and crush him. If he is secure at all
points, be prepared for him. If he is in superior strength, evade him.
If your opponent is of choleric temper, seek to irritate him. Pretend
to be weak, that he may grow arrogant. If he is taking his ease, give
him no rest. If his forces are united, separate them. Attack him where
he is unprepared, appear where you are not expected."
-- Sun Tzu, The Art of War, (Translated by James Clavell), Dell
Publishing, New York, NY 10036 (1983).
You can get this document in
ASCII text,
Framemaker+SGML version 5.5,
PDF (for Acrobat 3.0 or later),
or
Postscript.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 1/15/99