Professional Documents
Culture Documents
Computer and Information Security: Simen Hagen
Computer and Information Security: Simen Hagen
university-logo
Simen Hagen
Security
Last week
university-logo
Simen Hagen
Security
Outline
1 2
Backup Cryptography Hashes and digests Encryption Signing & certicates Trust PGP Pretty Good Privacy Generate Key Export Key Import Key Notation
Simen Hagen Security
university-logo
Backup
Incremental dump
Just new les
university-logo
Simen Hagen
Security
Backup considerations
A Backup should be easy to do automated, and rely on as little human interaction as possible made regularly
university-logo
Simen Hagen
Security
Backup considerations
When making backups, make sure to have at least two copies of the data store backups on different media kept backups at different locations
university-logo
Simen Hagen
Security
Backup considerations
A backup should rely on standard, well-established formats A backup should not use compression.
Compression reduces data redundancy Redundancy might be useful when restoring data from damaged media
university-logo
Simen Hagen
Security
Incremental dumps
Incremental dumps have levels Level 0 Copy everything Level 1 Everything since last level 0 Level 2 Everything since last level 1, 0 Level N Everything since last level N-1, N-2, . . . , 0
university-logo
Simen Hagen
Security
Backup Schedule
Daily backups
university-logo
Simen Hagen
Security
Backup Schedule
Towers of Hanoi
Example 032546 132546 132546 132546 (repeat until end of month) Overlapping backups means multiple redundancy.
Figure: Picture from
http://www.computerrepair.com/Backup.htm
university-logo
Simen Hagen
Security
RSA Encryption In 1977, three MIT professors Ronald Rivest, Adi Shamir and Len Adleman, building on the work of Dife and Hellmann created a method of encrypting data for transmission which has become a standard for the transmission of sensitive information. This is known as RSA encryption. The method was patented in the US and a company was formed to license the technology.
university-logo
Simen Hagen
Security
How can we tell if a message has been altered? Tool that generate a hash or a message digest
A single number from the whole message A small change (one bit) leads to big changes in hash value
university-logo
Simen Hagen
Security
Similar terms
university-logo
Simen Hagen
Security
Terminology
Denition Checksum sum of byte values Hash sum of (function of byte values) No two les (should) give the same hash.
university-logo
Simen Hagen
Security
crypt old Unix hash weak MD4 used in Windows registry weak MD5 very common stronger SHA1 US department of commerce strong HMAC used in communications (Message Authentication Code)
university-logo
Simen Hagen
Security
Calculating a hash
university-logo
Simen Hagen
Security
Encryption
Encrypt/encipher
Make a message secret
Decrypt/Decipher
Make secret message readable
university-logo
Simen Hagen
Security
Symmetric encryption
Same key is used to both encrypt and decrypt Need many pairs of keys
N (N 1) 2
university-logo
Simen Hagen
Security
Asymmetric encryption
For example the RSA Algorithm One key is used to encrypt Another key is used to decrypt The key pair is called public and private/secret keys Total of 2N keys RSA was patented until 2000
university-logo
Simen Hagen
Security
Asymmetric keys
The two keys are related The public key is used to encrypt a message The private key is the only key who can decrypt the message
university-logo
Simen Hagen
Security
university-logo
Simen Hagen
Security
Digital signature X can encrypt a message to everyone Everyone can decrypt the message
university-logo
Simen Hagen
Security
Public key can be used to verify that the message came from the private key Use to identify the sender (encryption without privacy) Keys are sometimes called certicates
university-logo
Simen Hagen
Security
Certicates
Used in online SSL/TLS transactions (https) SSL Secure Sockets Layer TLS Transport Layer Security Download a certicate
Agree on a common secret key
university-logo
Simen Hagen
Security
Trust
university-logo
Simen Hagen
Security
Web of trust
Use your private key to sign the public keys you import Can add several signatures Voting for trust by multiple signing
university-logo
Simen Hagen
Security
We can buy trust from a trusted company Everyone pays to register with Verisign Verisign makes sure keys are authentic in physical world Verisign signs keys/certicates
university-logo
Simen Hagen
Security
Certicates
university-logo
Simen Hagen
Security
Program that implements a asymmetric key scheme Easy to use Free Started a civil lawsuit against the author (Phil Zimmerman)
university-logo
Simen Hagen
Security
Generate a key gpg --gen-key Uses a pass phrase (password) to encrypt the private key.
university-logo
Simen Hagen
Security
Export your key gpg --export -a username > file You can now send this le to anyone you want to communicate with.
university-logo
Simen Hagen
Security
You can import someone elses public key into your keyring. Import a public key gpg --import file
university-logo
Simen Hagen
Security
Many have come to naively trust public key/certicate methods Two main kinds of attack that could be used against early systems
university-logo
Simen Hagen
Security
Notation for representing encryption and signing of messages. Public keys Private keys Encryption with public key A Signing with private key b capital letters small letters {message}A (message)b
university-logo
Simen Hagen
Security
Sign+encrypt
Alice signs and encrypts a message for her hearts desire Bob
A B : {( I love you!! )a }B
Bob does not like Alice and wants to embarrass her. He decrypts Alices message, leaving her signed message
{( I love you!! )a }B ( I love you!! )a
university-logo
Simen Hagen
Security
Sign+encrypt
Charlie strips off Alices signature and signs the message himself
({My patent}B )a {My patent}B {My patent}B ({My patent}B )c
university-logo
Simen Hagen
Security
If you would wish another to keep your secret, rst keep it yourself. Seneca in Hippolytus , c. 60AD
university-logo
Simen Hagen
Security