22 April

22 April

Final Deliverables and Presentations

Privacy and Security

Final Deliverables:due at start of final

On your home page

In a single easily visible box, links/directionsNot in the box means not there

Project Executable Code

Presentation

Documentation Functional spec Design

document User manuals

Project Executable Access

Desktop: instructions for download and install These should be the instructions for any user, not just for

me Web-based: url and supported browsers

Log-ins Login name and password if needed If there is an administrator or super-user, I need an id

with that privilege Hardware needed to run

Give it to me after presentation or Where in Sitterson I can get it

Project code

Where I can find it If I need to be given access to it, do it

[email protected] or [email protected]

How I can view it Do I need to install any software? Is there a preferred IDE or tool?

General description of who wrote which pieces

Documentation

List of user manuals If they are part of your program (e.g.,

on-line help), explain how I find it SINGLE web page or document

that incorporates each of Functional spec Design document Each user manual

Retrospective

Final essay Team evaluation

Final Presentations:A Celebration of Your

Achievement

The Plan Final is 4-7 on Thursday, May 1

Pizza dinner to be provided at 7 Pot luck dessert

Each team has 20 minutes including set-up

Clients will be invited Scheduling based on client availability and

preference Open to the public

Presentation Content

What the project is Why it is important How it was built

Platform Architecture (Interesting development aspects)

Process lessons: NOT personal Most important piece: demo

Privacy

Aspects of Privacy

Freedom from surveillance Control of our own information Freedom from intrusion

Historical Basis of Privacy Justice of Peace Act (England 1361)

Provides for arrest of Peeping Toms and eavesdroppers

Universal Declaration of Human Rights (1948) No one shall be subjected to arbitrary

interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation.

European Convention on Human Rights (1970) Everyone has the right to respect for his private

and family life, his home and his correspondence.

Legal Realities of Privacy Self-regulation approach in US, Japan Comprehensive laws in Europe,

Canada, Australia European Union

Limits data collection Requires comprehensive disclosures Prohibits data export to unsafe countries

Or any country for some types of data

Implementing Privacy

Anonymity Security Transparency and Control:

knowing what is being collected

Privacy and Trust Right of individuals to determine if, when,

how, and to what extent data about themselves will be collected, stored, transmitted, used, and shared with others

Includes right to browse the Internet or use applications

without being tracked unless permission is granted in advanced

right to be left alone True privacy implies invisibility Without invisibility, we require trust

Technologies privacy aware technologies (reactive)

non-privacy-related solutions that enable users to protect their privacy

Examples password and file-access security programs unsubscribe encryption access control

privacy enhancing technologies (proactive) solutions that help consumers and companies protect their

privacy, identity, data and actions Examples

popup blockers anonymizers Internet history clearing tools anti-spyware software

Impediments to Privacy Data collection and sharing Cookies

Web site last year was discovered capturing cookies that it retained for 5 years

Sniffing, Snarfing, Snorting All are forms of capturing packets as they

pass through the network Differ by how much information is captured

and what is done with it

P3P Platform for Privacy Preference

World Wide Web Consortium (W3C) project Voluntary standard published as a

“note” Web site

Policy machine readable, structured Browsers

Understand policy Behave according to user’s preferences

Privacy and Wireless “Wardriver” program: scans for broadcast SSIDs

broadcasting improves network access, but at a cost once the program finds the SSID

obtains the IP address obtains the MAC address …

Lowe’s was penetrated this way Stole credit card numbers

Security

Network Security

“Using encryption on the Internet is the equivalent of arranging an

armored car to deliver credit card information from someone living in a cardboard box to someone living on

a park bench”

– Gene Spafford (Purdue)

Attacks

Information Transmission Information Systems

Information Transmission Attack

Trusted Third Partyarbiter, distributor of

secret informationS

ecur

e M

essa

ge

Sec

ure

Mes

sage

Mes

sage

Information channel

Sender Receiver

Secret Information Security related

transformation

Secret Information

Mes

sage

Opponent

Information Systems Attack

GateKeeper

Opponent - hackers - software

Access Channel InternalSecurity Control

DataSoftware

Gatekeeper – firewall or equivalent, password-based loginInternal Security Control – Access control, logs, audits, virus scans etc.

Firewall Techniques Filtering

Doesn’t allow unauthorized messages through

Can be used for both sending and receiving Most common method

Proxy The firewall actually sends and receives the

information Sets up separate sessions and controls what

passes in the secure part of the network

DMZ: Demilitarized Zone

Arrangement of firewalls to form a buffer or transition environment between networks with different trust levels

Internet Firewall

Firewall

Internal resources

Three Tier DMZ

Internet Firewall

Firewall

Firewall

Internal resources

WebServer

AppServer

Issues in Network Security Physical and logical placement of

security mechanisms Effect of communication protocols Encryption (cryptography) can provide

several of the security services Private key vs. public key

Distribution of secret information to enable secure exchange of information is important

Key Technologies

Encryption Authentication

Encryption All encryption algorithms from BC till

1976 were secret key algorithms Also called private key algorithms or

symmetric key algorithms Julius Caesar used a substitution cipher Widespread use in World War II (enigma)

Public key algorithms were introduced in 1976 by Whitfield Diffie and Martin Hellman

Security Level of Encrypted Data

Unconditionally Secure Unlimited resources + unlimited time Still the plaintext CANNOT be recovered

from the ciphertext Computationally Secure

Cost of breaking a ciphertext exceeds the value of the hidden information

The time taken to break the ciphertext exceeds the useful lifetime of the information

PRIVATE KEY

Caesar Cipher Substitute the letter 3 ahead for

each one Example:

Et tu, Brute Hw wx, Euxwh

Quite sufficient for its time High illiteracy New idea

Enigma Machine(Germany, World War II)

Simple Caesar cipher through each rotor

But rotors shifted at different rates Roller 1 rotated

one position after every encryption

Roller 2 rotated every 26 times…

http://www.trincoll.edu/depts/cpsc/cryptography/enigma.html

Types of Attacks Ciphertext only

adversary has only ciphertext goal is to find plaintext, possibly key

Known plaintext adversary has plaintext and ciphertext goal is to find key

Chosen plaintext adversary can get a specific plaintext

enciphered goal is to find key

Attack Mechanisms

Brute force Statistical analysis

Knowledge of natural language Examples:

All English words have vowels There are only 2 1-letter words in English High probability that u follows q …

Private Key Cryptography Sender, receiver share common key

Keys may be the same, or trivial to derive from one another

Sometimes called symmetric cryptography or classical cryptography

Two basic types Transposition ciphers (rearrange bits) Substitution ciphers

Product ciphers Combinations of the two basic types

DES (Data Encryption Standard)

A block cipher: encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher

performs both transposition (permutation) and substitution on the bits

Considered weak Susceptible to brute force attack

http://www.tropsoft.com/strongenc/des.htm

History of DES IBM develops Lucifer for banking systems (1970’s )

NIST and NSA evaluate and modify Lucifer (1974)

Modified Lucifer adopted as federal standard (1976) Name changed to Data Encryption Standard (DES) Defined in FIPS (46-3) and ANSI standard X9.32

NIST defines Triple DES (3DES) (1999) Single DES use deprecated - only legacy systems.

NIST approves Advanced Encryption Std. (AES) (2001)

AES which will replaces DES and 3DES.

Cracking DES 1998: Electronic Frontier

Foundation cracked DES in 56 hrs using a supercomputer

1999: Distributed.net cracked DES in 22 hrs

For an investment of $1 million for specialized hardware, DES can be cracked in less than an hour.

PUBLIC KEY

Public Key Cryptography Two keys

Private key known only to individual Public key available to anyone

Public key, private key inverses Confidentiality

encipher using public key decipher using private key

Integrity/authentication encipher using private key decipher using public one

Public Key Requirements

1. Computationally easy to encipher or decipher a message given the appropriate key

2. Computationally infeasible to derive the private key from the public key

3. Computationally infeasible to determine the private key using a chosen plaintext attack

RSA Public key algorithm described in 1977 by

Rivest, Shamir, and Adelman Exponentiation cipher Relies on the difficulty of factoring a large

integer RSA Labs FAQ document

http://www.rsasecurity.com/rsalabs/node.asp?id=2152

Summary Private key (classical)

cryptosystems encipher and decipher using the

same key Public key cryptosystems

encipher and decipher using different keys

computationally infeasible to derive one from the other

Authentication

Assurance of the identity of the party that you’re talking to

Primary technologies Digital Signature Kerberos

Digital Signature Authenticates origin, contents of message in a

manner provable to a disinterested third party (“judge”)

Sender cannot deny having sent message (service is “nonrepudiation”)

Limited to technical proofs Inability to deny one’s cryptographic key was used to

sign One could claim the cryptographic key was stolen or

compromised Legal proofs, etc., probably required

Protocols based on both public and private key technologies

RSA for Digital Signature

Private key to sign Public key to validate

Kerberos Authentication system

Central server plays role of trusted third party Ticket (credential)

Issuer vouches for identity of requester of service Authenticator

Identifies sender User must

1. Authenticate to the system2. Obtain ticket to use server S

Problems Relies on synchronized clocks Vulnerable to attack

The Bottom Line

Cyberspace will always have exposures But so does our physical space

All decisions are based on risk-benefit analysis System owners, developers, users