Computer and Information Security: Simen Hagen

Backup Cryptography PGP Pretty Good Privacy
Computer and Information Security

Lecture 3 Simen Hagen
Basic information security
university-logo
Simen Hagen
Security
Last week
Faults and threats Cause and effect Fault tree analysis
university-logo
Simen Hagen
Security
Outline
1 2
Backup Cryptography Hashes and digests Encryption Signing & certicates Trust PGP Pretty Good Privacy Generate Key Export Key Import Key Notation
Simen Hagen Security
university-logo
Backup
A copy of data Unlikely to be destroyed together with original Types of backup

Full dump
Backup all les
Incremental dump
Just new les
Select a backup policy
university-logo
Simen Hagen
Security
Backup considerations
A Backup should be easy to do automated, and rely on as little human interaction as possible made regularly
university-logo
Simen Hagen
Security
When making backups, make sure to have at least two copies of the data store backups on different media kept backups at different locations
university-logo
Simen Hagen
Security
A backup should rely on standard, well-established formats A backup should not use compression.
Compression reduces data redundancy Redundancy might be useful when restoring data from damaged media
university-logo
Simen Hagen
Security
Incremental dumps
Incremental dumps have levels Level 0 Copy everything Level 1 Everything since last level 0 Level 2 Everything since last level 1, 0 Level N Everything since last level N-1, N-2, . . . , 0
university-logo
Simen Hagen
Security
Backup Schedule
Daily backups
Example Monday Tuesday Wednesday Thursday Friday Saturday 0 1 2 3 4 1
university-logo
Simen Hagen
Security
Backup Schedule
Towers of Hanoi
Example 032546 132546 132546 132546 (repeat until end of month) Overlapping backups means multiple redundancy.
Figure: Picture from
http://www.computerrepair.com/Backup.htm
university-logo
Simen Hagen
Security
Hashes and digests Encryption Signing & certicates Trust
Fact of the week
RSA Encryption In 1977, three MIT professors Ronald Rivest, Adi Shamir and Len Adleman, building on the work of Dife and Hellmann created a method of encrypting data for transmission which has become a standard for the transmission of sensitive information. This is known as RSA encryption. The method was patented in the US and a company was formed to license the technology.
university-logo
Simen Hagen
Security
Hashes and digests
How can we tell if a message has been altered? Tool that generate a hash or a message digest
A single number from the whole message A small change (one bit) leads to big changes in hash value
university-logo
Simen Hagen
Security
Similar terms
Hash Message Digest Digital Fingerprint One Way Function
university-logo
Simen Hagen
Security
Terminology
Denition Checksum sum of byte values Hash sum of (function of byte values) No two les (should) give the same hash.
university-logo
Simen Hagen
Security
Some hash algorithms
crypt old Unix hash weak MD4 used in Windows registry weak MD5 very common stronger SHA1 US department of commerce strong HMAC used in communications (Message Authentication Code)
university-logo
Simen Hagen
Security
Calculating a hash
Example (Calculating a MD5 hash) # md5 message.txt MD5 (message.txt) = e0858b175b432024afd90a3cc70a44b0
university-logo
Simen Hagen
Security
Encryption
Encrypt/encipher
Make a message secret
Decrypt/Decipher
Make secret message readable
Greek: Kryptos = secret
university-logo
Simen Hagen
Security
Symmetric encryption
Same key is used to both encrypt and decrypt Need many pairs of keys
N (N 1) 2
university-logo
Simen Hagen
Security
Asymmetric encryption
For example the RSA Algorithm One key is used to encrypt Another key is used to decrypt The key pair is called public and private/secret keys Total of 2N keys RSA was patented until 2000
university-logo
Simen Hagen
Security
Asymmetric keys
The two keys are related The public key is used to encrypt a message The private key is the only key who can decrypt the message
university-logo
Simen Hagen
Security
Applications of asymmetric keys

Encryption
Encryption Anyone can encrypt a message to X Only X can decrypt it
university-logo
Simen Hagen
Security
Applications of asymmetric keys

Signatures
Digital signature X can encrypt a message to everyone Everyone can decrypt the message
university-logo
Simen Hagen
Security
Signing and certicates
Use private key to sign a message

Encrypt a digest that is included in the message
Public key can be used to verify that the message came from the private key Use to identify the sender (encryption without privacy) Keys are sometimes called certicates
university-logo
Simen Hagen
Security
Certicates
Used in online SSL/TLS transactions (https) SSL Secure Sockets Layer TLS Transport Layer Security Download a certicate
Agree on a common secret key
university-logo
Simen Hagen
Security
Trust
How do we know who owns the private key?

Web of trust Trusted 3rd parties Manual decision
PKI Public Key Infrastructure

Any method of distributing public keys
university-logo
Simen Hagen
Security
Web of trust
Use your private key to sign the public keys you import Can add several signatures Voting for trust by multiple signing
university-logo
Simen Hagen
Security
Trusted 3rd Parties
We can buy trust from a trusted company Everyone pays to register with Verisign Verisign makes sure keys are authentic in physical world Verisign signs keys/certicates
university-logo
Simen Hagen
Security
Certicates
university-logo
Simen Hagen
Security
Generate Key Export Key Import Key Notation
PGP Pretty Good Privacy
Program that implements a asymmetric key scheme Easy to use Free Started a civil lawsuit against the author (Phil Zimmerman)
university-logo
Simen Hagen
Security
Generate a key gpg --gen-key Uses a pass phrase (password) to encrypt the private key.
university-logo
Simen Hagen
Security
Export your key gpg --export -a username > file You can now send this le to anyone you want to communicate with.
university-logo
Simen Hagen
Security
You can import someone elses public key into your keyring. Import a public key gpg --import file
university-logo
Simen Hagen
Security
Too much trust?
Many have come to naively trust public key/certicate methods Two main kinds of attack that could be used against early systems
university-logo
Simen Hagen
Security
Notation for communication
Notation for representing encryption and signing of messages. Public keys Private keys Encryption with public key A Signing with private key b capital letters small letters {message}A (message)b
university-logo
Simen Hagen
Security
Sign+encrypt
Alice signs and encrypts a message for her hearts desire Bob
A B : {( I love you!! )a }B
Bob does not like Alice and wants to embarrass her. He decrypts Alices message, leaving her signed message
{( I love you!! )a }B ( I love you!! )a
and re-encrypts the message for Charlie to read

B C : {( I love you!! )a }C
university-logo
Simen Hagen
Security
Sign+encrypt
Alice encrypts a document

A C : ({My patent}B )a
Charlie strips off Alices signature and signs the message himself
({My patent}B )a {My patent}B {My patent}B ({My patent}B )c
He then sends it to Bob, the patent lawyer

C B : ({My patent}B )c
It now appears that the idea came from Charlie
university-logo
Simen Hagen
Security
Thought of the Week
If you would wish another to keep your secret, rst keep it yourself. Seneca in Hippolytus , c. 60AD
university-logo
Simen Hagen
Security

Computer and Information Security: Simen Hagen

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Computer and Information Security: Simen Hagen

Uploaded by

Copyright:

Available Formats

Backup Cryptography PGP Pretty Good Privacy