Scribd
Upload
25 views20 pages

Conclusion

This document provides a summary of topics covered in a course on information security including cryptography, access control, protocols, software flaws and malware. It also discusses predictions for the future of these areas.

Uploaded by

asmm.rahaman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
25 views20 pages

Conclusion

This document provides a summary of topics covered in a course on information security including cryptography, access control, protocols, software flaws and malware. It also discusses predictions for the future of these areas.

Uploaded by

asmm.rahaman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

Conclusion

Conclusion 1
Course Summary
 Crypto
o Basics, symmetric key, public key, hash
functions and other topics, cryptanalysis
 Access Control
o Authentication, authorization, firewalls, IDS
 Protocols
o Simplified authentication protocols
o Real-World protocols
 Software
o Flaws, malware, SRE, development

Conclusion 2
Crypto Basics
 Terminology
 Classic ciphers
o Simple substitution
o Double transposition
o Codebook
o One-time pad
 Basic cryptanalysis

Conclusion 3
Symmetric Key
 Stream ciphers
o A5/1
o RC4
 Block ciphers
o DES
o AES, TEA, etc.
o Modes of operation
 Data integrity (MAC)

Conclusion 4
Public Key
 Knapsack (insecure)
 RSA

 Diffie-Hellman

 Elliptic curve crypto (ECC)


 Digital signatures and non-repudiation
 PKI

Conclusion 5
Hashing and Other
 Birthday problem
 SHA-3
 HMAC
 Clever uses (online bids, blockchain and
cryptocurrency)
 Other topics
o Secret sharing, random numbers, information
hiding (stego, watermarking)

Conclusion 6
Authentication
 Passwords
o Verification and storage (salt, etc.)
o Cracking (math)
 Biometrics
o Fingerprint, hand geometry, iris scan, etc.
o Error rates
 Two-factor, single sign on, Web cookies

Conclusion 7
Authorization
 History/system certification
 ACLs and capabilities
 Multilevel security (MLS)
o BLP, Biba, compartments, covert channel,
inference control
 CAPTCHA
 Firewalls
 IDS

Conclusion 8
Simple Protocols
 Authentication
o Using symmetric key
o Using public key
o Session key
o Perfect forward secrecy (PFS)
o Timestamps
 Zero knowledge proof (Fiat-Shamir)

Conclusion 9
Real-World Protocols
 SSH
 SSL
 IPSec
o IKE
o ESP/AH, tunnel/transport modes, …
 Kerberos
 Wireless: WEP & GSM
Conclusion 10
Software Flaws and Malware
 Flaws
o Buffer overflow
o Incomplete mediation, race condition, etc.
 Malware
o Brain, Morris Worm, Code Red, Slammer
o Malware detection
o Future of malware, botnets, etc.
 Other software-based attacks
o Salami, linearization, etc.

Conclusion 11
Insecurity in Software
 Software reverse engineering (SRE)
o Software protection
 Software development
o Open vs closed source
o Finding flaws (do the math)

Conclusion 12
Crystal Ball
 Cryptography
o Well-established field
o Don’t expect major changes
o But some systems will be broken
o ECC is a major “growth” area
o Quantum crypto may prove worthwhile…
o …but for now it’s mostly (all?) hype

Conclusion 13
Crystal Ball
 Authentication
o Passwords will continue to be a problem
o Biometrics should become more widely used
o Smartcard/tokens will be used more
 Authorization
o ACLs, etc., well-established areas
o CAPTCHA’s interesting new topic
o IDS (based on machine learning/AI) is hot topic

Conclusion 14
Crystal Ball
 Protocols are challenging
 Difficult to get protocols right
 Protocol development often haphazard
o “Kerckhoffs’ Principle” for protocols?
o Would it help?
 Protocols will continue to be a source of
subtle problem

Conclusion 15
Crystal Ball
 Software is a huge security problem today
o Buffer overflows are on the decline…
o …but race condition attacks might increase
 Virus writers are getting smarter
o Botnets
o Polymorphic, metamorphic, sophisticated attacks, …
o Future of malware detection?
 Malware will continue to be a BIG problem
Conclusion 16
Crystal Ball
 Other software issues
o Reverse engineering will not go away
o Secure development will remain hard
o Open source is not a panacea

Conclusion 17
The Bottom Line
 Security knowledge is needed today…
 …and it will be needed in the future
 Necessary to understand technical issues
o The focus of this class
 But technical knowledge is not enough
o Human nature, legal issues, business issues, ...
o As with anything, experience is helpful

Conclusion 18
A True Story
 The names have been changed…
 “Bob” took my information security class
 Bob then got an intern position
o At a major company that does lots of security
 One meeting, an important customer asked
o “Why do we need signed certificates?”
o “After all, they cost money!”
 The silence was deafening

Conclusion 19
A True Story
 Bob’s boss remembered that Bob had taken
a security class
o So he asked Bob, the lowly intern, to answer
o Bob mentioned man-in-the-middle attack on SSL
 Customer wanted to hear more
o So, Bob explained MiM attack in some detail
 The next day, “Bob the lowly intern” became
“Bob the fulltime employee”

Conclusion 20

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy