1 / 40

Security and Privacy

Security and Privacy. Paranoia. How much computer communication can be considered private? How likely are we to put important information on the internet? In e-mail? We can’t continue to use the computer for business transactions or personal communication without a sense of privacy.

fonda
Download Presentation

Security and Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Privacy

  2. Paranoia • How much computer communication can be considered private? • How likely are we to put important information on the internet? In e-mail? • We can’t continue to use the computer for business transactions or personal communication without a sense of privacy.

  3. Step 1: Authentication • Authentication: verifying someone’s identity • Most commonly: password • How much security is given by a 3 digit combination (password)? • 10 x 10 x 10 = 1,000 combinations: easy to crack!

  4. Getting a good password • More slots in the combination & More possibilities for each slot • How many possibilities? • 3 lower-case letters? • 5 lower or upper-case letters, case-sensitive? • 10 upper or lower case letters or numbers? • Consider password combinations of any of 100 letters, numbers, and symbols: a computer that can try a million passwords a second can crack: • passwords of length 6 in 10 days • passwords of length 7 in 3 years • Moore’s law says these times will get shorter each year!

  5. Dictionary Attacks • Longer passwords, more possibilities for each slot means it’s harder to break in without password • So, hackers try to be smart and use any personal information they can find, • Or any word in the dictionary • Don’t use private information or actual words from any language • Make long passwords with letters, symbols, and numbers intermixedd • Change your passwords often

  6. Encryption • 2nd line of defense: encryption • Encryption: the systematic transformation of information that obscures the original meaning • Types: • Alphabet shift • Private Key • Public Key

  7. Cryptoquote: Alphabet shift ES C BCF KHNZ AEZ DNZI, XACI NVZN EZ IANUN? - WNHUWN Z. MCIIHF

  8. Cryptoquote: Alphabet shift ES A BAF KHNZ AEZ DNZI, XAAI NVZN EZ IANUN? - WNHUWN Z. MAIIHF

  9. Cryptoquote: Alphabet shift ES A BAF KHEZ AEZ DEZT, XAAT EVZE EZ TAEUE? - WEHUWE Z. MATTHF

  10. Cryptoquote: Alphabet Shift • Substitute one letter for another • Easy to crack (in the newspaper) • Letter Frequencies • Patterns • Punctuation

  11. More Alphabet Shifts • Can give the substitution using a keyword: XRAYFILMS • Write the word, followed by the rest of the alphabet XRAYFILMSBCDEGHJKNOPQTUVWZ The first letter is the sub for A, the next for B, etc...

  12. Polyalphabetic substitutions • Can it be more secure? • Use more than 1 alphabet shift. • Use 4 – one for 1st, one for 2nd, one for 3rd, one for 4th, then back to 1st, etc… • Problems: More messages = enough frequency information to crack all alphabets • Must transport alphabet keyword to begin with

  13. One-time Pad • Really Secure! • Pad of random numbers • Each is # of letters shifted • Use cipher disk • Drop spacing and punctuation • Problem: Get pad to correspondent

  14. OTP Example Your pad is: 4 3 1 10 3 7 2 1 ... The message is: Y L L F R M C Q

  15. Modern Encryption • Modern encryption = “Strong” encryption • Get rid of problem of needing to securely transport key • Done with public keys

  16. Public-key Encryption • Idea: Distribute open padlocks to everyone. You have the combination. • When they want to send you a message, they close the lock and send it • Only you can open it!

  17. RSA Encryption • Mathematical implementation of public-key encryption - formulated by Rivest, Shamir, and Adleman in 1977. • Use a “Big” number that has only 2 big prime factors • The big number is the public key and the two prime factors are kept secret.

  18. RSA Encryption • Encrypt any message for me using my public key number. • I can decrypt it with the RSA formulas using the only 2 prime factors of the public key. • But... can’t ANYONE decrypt the message if they can factor the big number? YES!

  19. RSA Encryption • Takes a computer years and years to factor into big primes - currently no known efficient way to do this. • However, it’s really easy to come up with the prime numbers to start with. • If anyone figures out how to factor large numbers, all current cryptography schemes collapse.

  20. Digital Signatures • Nice property of RSA encryption: works in reverse • I want to send you a message and I want you to know it’s from me. • I encrypt it using my private key. • You decrypt it using my public key. • It MUST have come from me! I’m the only one that has my private key!

  21. Digital Signatures • Wait - Can’t anybody read it with my public key? YEP! • Whatever signature you send must be public knowledge because anyone can decode it with my public key. • Generally, encode most of message the first way, and send only the signature part the second way.

  22. Computer Break-ins • Try to guess a user’s password, or use an old account that is no longer used • General users only have limited privileges • A break-in hacker that gets administrator privileges is hard to stop! • Defenses: Firewall to limit computer internet traffic

  23. Network-based Attack • Attacker can get into network and then monitor other communication in the network • Attacker can usually get enough information to transfer to different machines, leaving a trail of “infected” machines

  24. Man in the Middle Attack • Other, more surreptitious attacks come from a machine that sits in the middle of a communication channel • Machine can listen to and change information being transferred

  25. Other attacks • Physical Attack – using physical means (video camera, spying, using an unlocked computer) to gain access • Denial of Service Attack – intent is to make parts of the communication or the functionality of the computer unusable

  26. Web Security • What information is transmitted when you • Access websites? • Fill out web forms? • What is kept on your computer? (Cookies!) • How could someone know what web sites you visited? • How would someone find that information? • Keyboard sniffers • Encryption cracking

  27. Issues • Should you be forced to give up your encryption keys to the police? • Should encryption algorithms be secret from foreign governments? • How much do you trust the theory? • How afraid are we of viruses?

  28. Steganography: Hidden Messages An encrypted message is “asking” to be cracked. What if the message looks quite innocent? The message is not encrypted, it is hidden... (Parts by Dr. Kenny Hunt, The University of Wisconsin – La Crosse)

  29. Definitions • Steganography • “the art of concealing the existence of information within seemingly innocuous carriers” • “an encrypted message may draw suspicion while a hidden message will not” • Neil Johnson

  30. Hiding text within text • Message sent by a German spy in WWII: “Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils.”

  31. Hiding text within text • Message sent by a German spy in WWII: “Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils.” Pershing sails from NY June I.

  32. Looking for hidden messages... • “Beautiful Mind”: Prof Nash looks for hidden messages in magazines. • Al-Qaeda images on the internet, supposedly concealed messages

  33. Background(Bit Planes) An Image is a 2D array of pixels Each pixel (in gray-scale) is 8 bits Each bit carries information Not all bits carry the same amount

  34. A0 A7 Bit Planes One pixel split into its 8-bits

  35. (a) (b) (c) (d) Background(Bit Planes) • White indicates an ON bit and black an OFF bit • 8-bit grayscale source image • Most significant bit plane (a7) of the source • Least significant bit plane (a0) of the source • Bit plane a4 of the source image

  36. Cover Image A7 A6 A5 A4 A3 A2 A1 A0 Secret Message A7 A6 A5 A4 A3 M2 M1 M0 Stego Image (Cover image with message) The Big Idea(LSB embedding) • An image contains more information than can be perceived. • Replace the “imperceptible bits” of a cover image with the bits of a “secret message”. The Challenge: Write code to LSB embed a secret message in an image. The secret message can be “any object”.

  37. Result • Messages hidden in images, and you can’t see the difference.

  38. Images within images • Take last 2 bits of each RGB value, result is nearly black. But, make the result 85 times brighter, and you get:

  39. More Hidden Messages • You can hide any media within any other media • Words • Pictures • Music • Movies The amount of information you can hide is bigger as the media is bigger.

  40. Discussion • What advantages does steganography have over cryptography? Vice versa? • How could a hidden message in an image get corrupted? • If you suspected a message of having a hidden meaning, what algorithm could you use to see if you are right?

More Related