Securitatea in secolul 21

DefCamp
DefCampDefCamp
Securitateaîn secolul 21,[object Object],IlieValentin (em),[object Object],eminemix@gmail.com,[object Object]
Cine generează probleme?,[object Object]
Probleme de securitate,[object Object],Confidențialitatea,[object Object],Autentificarea,[object Object],Controlul accesului,[object Object],Integritatea,[object Object],Non-repudierea,[object Object]
Metode de rezolvare,[object Object],Servicii de securitate,[object Object],Mecanisme (criptare, hash),[object Object],Semnaturadigitala,[object Object],Politici de securitate,[object Object],Software (antivirus),[object Object],Educatie,[object Object],Măsuri legale,[object Object]
Modelul de bază al criptării,[object Object],Trudy,[object Object],text cifrat,[object Object],text modif,[object Object],M,[object Object],M’,[object Object],Disp cifrare,[object Object],Disc descif.,[object Object],text clar,[object Object],text clar,[object Object],txt cifrat,[object Object],Cheie cifrare K,[object Object],Cheie descif. K’,[object Object],Alice,[object Object],Bob,[object Object]
Definitii,[object Object],Spargereacifrurilor – criptanaliza,[object Object],Text cifratcunoscut,[object Object],Text clarcunoscut,[object Object],Text clar ales,[object Object],Proiectareacifrurilor – criptografie,[object Object],Notatii:,[object Object],F: {M} x {K} -> {C},[object Object],Cifrare/Descifrare: C=Ek(M) / D=Dk’(C) ,[object Object]
Caracteristicilesistemelor secrete,[object Object],Neconditionatsigur,[object Object],Rezistă la orice atac, indiferent de cantitatea de text interceptat.,[object Object],Computational tare,[object Object],Nu poate fi spart printr-o analiza sistematica cu resursele disponibile,[object Object],Sistem ideal,[object Object],Indiferent de volum interceptat, exista mai multe solutii, cu probabilitati apropiate,[object Object]
Problemecetrebuieluate in considerare,[object Object],Redundanta,[object Object],Magazin online, comenzi,[object Object],Prospetimea,[object Object],100 x,[object Object],Bogdan,[object Object],Ana,[object Object]
Clasificare,[object Object],Metode criptografice,[object Object],Clasice,[object Object],Substitutie,[object Object],Monoalfabetica,[object Object],Poliaflabetica,[object Object],Poligrafica,[object Object],Transpozitie,[object Object],Computationale,[object Object],Simetrice,[object Object],Asimetrice,[object Object],Cu coduri redundante,[object Object]
Metode clasice,[object Object],Cezar ,[object Object],Vignere,[object Object],Poligrafica,[object Object],Transpozitie,[object Object],Cheie – (Cezarsuccesiv),[object Object],Mama are mere ,[object Object],Gigi ace face,[object Object]
One time pads,[object Object],Un de bitipe post de cheie.,[object Object],Se face un XOR intrecheiesimesaj.,[object Object],Ex: Mesaj– DefCampDefcamp. Cheie: Albastru. ,[object Object],Criptanalistul nu le poatesparge. Diferitecheiacoperitoarerezultadiferitemesajevalide.,[object Object]
One time pads (2),[object Object],De ce nu suntfolosite in practica?,[object Object],Cum transmit cheia?,[object Object],Probleme cu desincronizare. Dacă se pierde un singur bit de informatie restul mesajului devine invalid.,[object Object],Solutia – Criptografie cuantica,[object Object],Criptografie cuantica,[object Object],Polarizarea luminii,[object Object],Probleme: Tehnologiecomplexasiscumpa.,[object Object]
Metodecomputationale,[object Object],Sistemecriptofrafice,[object Object],Simetrice,[object Object],Asimetrice,[object Object],Cerinte generale,[object Object],Cifrare/descifrareeficientapentrutoatecheile,[object Object],Sistemusor de folosit,[object Object],Securitateasadepinda de chei, nu de algoritm,[object Object],Confidentialitate – sa nu poata fi determinatDk din C chiardaca se cunoaste M,[object Object],Autentificare – sa nu poate fi determinatEk din C chiardaca se cunoaste M,[object Object]
Sistemesimetrice (Chei secrete),[object Object],Implementare hardware,[object Object],DES, Triple DES,[object Object],AES,[object Object]
Sistemeasimetrice,[object Object],Utilizatorul,[object Object],Face publicacheiaEu de criptare.,[object Object],PastreazasecretacheiaDude decriptare.,[object Object],Cheilecomută– Eu(Du(M))=Du(Eu(M)),[object Object],Avantaje,[object Object],Nu se pot deduce usorsa se deduca D din E,[object Object],Nu poate fi spartprincriptanaliza.,[object Object]
Aplicatiecheiasimetrice (RSA),[object Object],1. Se alegdouanumere prime p, q.,[object Object],2. Se calculeaza n=pxq, z=(p-1)x(q-1),[object Object],3. Se alege d a.i. (z,d)=1,[object Object],4. Se alege e a.i. exd=1 mod z,[object Object],Exemplu. Aleg p=3, q=11 => n=33, z=20, d=7, e=3,[object Object]
Demonstratie RSA,[object Object],Th Fermat : (a,p)=1  ap-1 mod p = 1,[object Object],Th Euler : (a,n)=1  aɸ(n) mod n = 1  undeɸ(n)numarul de intregipozitivi < n, primi cu n.,[object Object],e, d au fostalesea.i. ɸ(n)=1, un mesaj Mϵ [0,n-1) a.i (M,n)=1 avem(ME mod n)d mod n = M,[object Object],Dem,[object Object],(ME mod n)d mod n =,[object Object],= MED mod n,[object Object],= Mtɸ (n)+1 mod n ,[object Object],= M((Mɸ(n) mod n)t mod n) mod n,[object Object],= M,[object Object]
Semnaturadigitala,[object Object],Cu cheiesecreta – Big Brother.,[object Object],Fiecareutilizatorisi duce cheiasecreta la BB.,[object Object],Cand Alice vreasatrimita un mesaj, BB ii recunoastecheiasecreta, decripteazamesajul, semneaza cu cheiapublica a lui Bob, si cu cheiapublica a BB sitrimitemesajul.,[object Object]
Semnaturadigitala cu cheiepublica,[object Object],Trudy,[object Object],EB(DA(M)),[object Object],DA (M),[object Object],DA (M),[object Object],cifrare,[object Object],cifrare,[object Object],cifrare,[object Object],cifrare,[object Object],Alice,[object Object],Bob,[object Object],DA ,[object Object],ϙ priv,[object Object],EB ,[object Object],ϙ pub,[object Object],DB,[object Object],ϙ priv,[object Object],EA ,[object Object],ϙ pub,[object Object]
Rezumareamesajelor,[object Object],De ceesteimportanta?,[object Object],Multi biti -> Putinibiti,[object Object],Dispersia mare,[object Object],Autentificare.,[object Object],Ex: MD5, SHA-1.,[object Object],Dezavantaje,[object Object],Coliziuni calculate in timprezonabil,[object Object]
PKI, X509,[object Object],De ce e nevoie? ,[object Object],Probleme cu cheilepublice,[object Object],Implementatca un lant,[object Object],Ierarhicsaulant de incredere,[object Object],(web of trust).,[object Object],ROOT,[object Object],RA1,[object Object],RA2,[object Object],CA1,[object Object],CA2,[object Object],CA3,[object Object]
Quiz,[object Object],Ceschimbari se producdacaalegemsainterschimbamceledoua faze? (A intaisemneaza cu cheiapublica a lui B apoi cu a lui),[object Object],A descoperacacheialuiprivataesteidentica cu cheiapublica a lui T. Ceartrebuisafaca A in cazulasta? Artrebuisafacaceva?,[object Object]
Securitateaparolelor,[object Object],student:$1$5exrrU9Z$hqy39CPEydK46LLhZR8br1:15157:0:99999:7:::,[object Object],http://howsecureismypassword.net/,[object Object],Litere + Cifre, Caracterespeciale.,[object Object],Tastare cu tastaturavirtuala, cu spatii.,[object Object],Nu aceeasiparolapeste tot.,[object Object],Faranumelemamei, zile de nastere, nume de telefon.,[object Object],mkpasswd,[object Object],Autentificare cu cheiepublicapeservere.,[object Object]
Bibliografie,[object Object],Andrew S. Tanenbaum, Computer Networks,[object Object],http://en.wikipedia.org/wiki/Public-key_cryptography,[object Object],http://en.wikipedia.org/wiki/MD5,[object Object]
1 of 24

Recommended

Tip de date String Pascal by
Tip de date String PascalTip de date String Pascal
Tip de date String Pascalm_gutu
1.3K views47 slides
Java While Loop by
Java While LoopJava While Loop
Java While Loopm_gutu
226 views16 slides
Analiza si evolutia vulnerabilitatilor web by
Analiza si evolutia vulnerabilitatilor webAnaliza si evolutia vulnerabilitatilor web
Analiza si evolutia vulnerabilitatilor webDefCamp
3.2K views67 slides
Advanced data mining in my sql injections using subqueries and custom variables by
Advanced data mining in my sql injections using subqueries and custom variablesAdvanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variablesDefCamp
4.9K views20 slides
Cross Site Request Forgery Attacks by
Cross Site Request Forgery AttacksCross Site Request Forgery Attacks
Cross Site Request Forgery AttacksDefCamp
1.2K views18 slides
Social Engineering - DefCamp 2012 by
Social Engineering - DefCamp 2012Social Engineering - DefCamp 2012
Social Engineering - DefCamp 2012DefCamp
1.1K views19 slides

More Related Content

More from DefCamp

Remote Yacht Hacking by
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
1.7K views89 slides
Mobile, IoT, Clouds… It’s time to hire your own risk manager! by
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
974 views167 slides
The Charter of Trust by
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
558 views24 slides
Internet Balkanization: Why Are We Raising Borders Online? by
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?DefCamp
309 views22 slides
Bridging the gap between CyberSecurity R&D and UX by
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXDefCamp
260 views13 slides
Secure and privacy-preserving data transmission and processing using homomorp... by
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
470 views102 slides

More from DefCamp(20)

Remote Yacht Hacking by DefCamp
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
DefCamp1.7K views
Mobile, IoT, Clouds… It’s time to hire your own risk manager! by DefCamp
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
DefCamp974 views
The Charter of Trust by DefCamp
The Charter of TrustThe Charter of Trust
The Charter of Trust
DefCamp558 views
Internet Balkanization: Why Are We Raising Borders Online? by DefCamp
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
DefCamp309 views
Bridging the gap between CyberSecurity R&D and UX by DefCamp
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
DefCamp260 views
Secure and privacy-preserving data transmission and processing using homomorp... by DefCamp
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
DefCamp470 views
Drupalgeddon 2 – Yet Another Weapon for the Attacker by DefCamp
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
DefCamp269 views
Economical Denial of Sustainability in the Cloud (EDOS) by DefCamp
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
DefCamp254 views
Trust, but verify – Bypassing MFA by DefCamp
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
DefCamp323 views
Threat Hunting: From Platitudes to Practical Application by DefCamp
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
DefCamp218 views
Building application security with 0 money down by DefCamp
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
DefCamp179 views
Implementation of information security techniques on modern android based Kio... by DefCamp
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
DefCamp215 views
Lattice based Merkle for post-quantum epoch by DefCamp
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
DefCamp241 views
The challenge of building a secure and safe digital environment in healthcare by DefCamp
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
DefCamp323 views
Timing attacks against web applications: Are they still practical? by DefCamp
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
DefCamp258 views
Tor .onions: The Good, The Rotten and The Misconfigured by DefCamp
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
DefCamp816 views
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t... by DefCamp
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp294 views
We will charge you. How to [b]reach vendor’s network using EV charging station. by DefCamp
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
DefCamp442 views
Connect & Inspire Cyber Security by DefCamp
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
DefCamp290 views
The lions and the watering hole by DefCamp
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
DefCamp225 views

Securitatea in secolul 21

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.

Editor's Notes

  1. Confidentialitatea – Intrusulsa nu paotareconstituimesajulAutentificarea – Intrusulsa nu poatamodificamesajulfaraca Bob saisideaseama
  2. TCifC – Un text cifrat, metoda, limbajultextuluiclar, subiect, cuvintecheie din text;TClaC – Un text clar, text cifratcunoscut, anumitecuvintecheie;TClaA – Mod cifrareanumiteportiune text, exemplubaza de date, (modificare -&gt; efect).
  3. Este siguracestsistem? Nu estesigurdacaavem un fostangajatrauvoitor. Totusidacaadaugamredundanta le facemviatamaiusoara la criptanalistiPrincipiul criptografic 1: Mesajele trebuie să conţină redundanţă.Principiul criptografic 2: Este necesară o metodă pentru a dejuca atacurile prin replicarea mesajelor.
  4. Cezar,monoalfabetica. Vignere, polialfabetica. Poligrafica
  5. DES a fost învăluit în controverse de cand a aparut. NSA voia o cheia de 56 de biti. IBM de 128 de biti. Conspiratie. A fostabandonat. A fostdemonstratcapoate fi spartprincautareexhaustiva 2^56 de pass-uri in maiputin de o zi. =&gt; Triple DES.Chiar dacă NSA reuşeşte să construiască o maşină cu un miliard de procesoare, fiecare fiindcapabil să evalueze o cheie în fiecare picosecundă, ar trebui pentru o astfel de maşină aproximativ 10^10 saspargaparola.
  6. Un text cifrat cu E_u nu poate fi descifrat tot cu E_u.PentruautentificareEu(Du(M))=Du(Eu(M))
  7. Puterilemari nu se calculeazaniciodata.
  8. Dezavantaje? Cine este BB? El poatecitittotul.Avantaje: Alice nu poatenegaca a trimismesajul.
  9. Alice nu maipoatespuneca nu i-a trimismesajullui Bob o data trimis. (A semnatmesajul cu cheiaeiprivata).
  10. De ceestemaifolosit MD5decat SHA-1.
  11. User/Parola/UltimadatacandafostSchimbata/Numar minim de zile in care trebuieschimbata/NrMaximDezileValida/NumarDeZileInainteAvertisment/NumarDeZileDupaExpirare=&gt;Disabled/Data candcontuldevine Disabled