Security Matters. V.T. Raja, Ph.D., Oregon State University. Security Matters. Outline Summary Example to illustrate RSA Algorithm A framework to help managers understand their role in security . Summary from first lecture on Security. Characteristics of Secure Communication
V.T. Raja, Ph.D.,
Oregon State University
(See additional handouts for answers)
(For those who are interested in this area, refer to Kaufman 1995 for answers to the above mentioned questions).
(Alice encrypts DES key with Bob’s public key. Bob decrypts and obtains DES key with his private key. The data is encrypted using DES key, which now both Alice and Bob have access to in order to encrypt/decrypt data).
Alice transmits, “I am Alice.”
Trudy (alias Eve) eavesdrops.
Bob sends a nonce = r.
Trudy intercepts nonce, and sends Bob encrypted nonce (encrypted using her private key).
Bob sends a message to Alice asking her for a public key.
Trudy intercepts message, and sends Bob Trudy’s public key.
Bob decrypts nonce with Trudy’s public key (thinking that he is using Alice’s public key), and inadvertently authenticates Trudy.
While Bob is encrypting new data using Trudy’s public key, Trudy is busy posing as Bob to Alice. In particular,
Trudy transmits Bob’s nonce to Alice
Alice transmits encrypted nonce (encrypted using Alice’s private key).
Trudy intercepts encrypted nonce, and asks Alice for her public key.
Alice sends her public key
Management’s Role in Security
A framework to help managers understand that security rests on three cornerstones
(e.g., Limiting e-mail attachments)
CI in large part is owned by the private sector, used by both private and public sectors, and protected in large part by public sector.
Security is a Mindset, not a service. It must be a part of all decisions and implementations.
Apply the Dutta/McCrohan framework and help iPremier’s management react appropriately to the security incident.