SlideShare a Scribd company logo

Lecture 1

Download as PPTX, PDF
F
fadwa_stuka

المحاضرة الأولى - Information Security CS709 - د. ابراهيم المرهاق

EducationTechnologyNews & Politics
1 of 28
Information Security Sunday 10:00 – 13:00
Information Security Instructor: Dr. Ibrahim Ali Almerhag almerhag@yahoo.com Textbook: Information Security Principles And Practices Second Edition, By: Mark Stamp Publisher: J. Wiley & sons Pub Date: 2011
Course Outline This module consists of four major parts o Cryptography (5 weeks) o Access control (2 weeks) o Protocols (3 weeks) o Software (3 weeks)
Assessment  Final exam 50%  Midterm exam 25%  Course work 25% o Assay, Project, Seminar, etc.
Introduction  Alice and Bob are the good guys  Trudy is the bad “guy”  Trudy is our generic “intruder”
Alice’s Online Bank  Alice opens “Alice’s Online Bank” (AOB)  What are Alice’s security concerns?  If Bob is a customer of AOB, what are his security concerns?  How are Alice’s and Bob’s concerns similar? How are they different?  How does Trudy view the situation?
CIA  CIA == Confidentiality, Integrity, and Availability  CIA are the three fundamental goals of information security.
Confidentiality  AOB must prevent Trudy from learning Bob’s account balance  Confidentiality: prevent unauthorized reading of information o Cryptography used for confidentiality
Integrity  Trudy must not be able to change Bob’s account balance  Bob must not be able to improperly change his own account balance  Integrity: detect unauthorized writing of information o Cryptography used for integrity
Availability  AOB’s information must be available whenever it’s needed  Alice must be able to make transaction o If not, she’ll take her business elsewhere  Availability: Data is available in a timely manner when needed  Availability is a “new” security concern o Denial of service (DoS) attacks
Beyond CIA: Crypto  How does Bob’s computer know that “Bob” is really Bob and not Trudy?  Bob’s password must be verified o This requires some clever cryptography  What are security concerns of pwds?  Are there alternatives to passwords?
Beyond CIA: Protocols  When Bob logs into AOB, how does AOB know that “Bob” is really Bob?  As before, Bob’s password is verified  Unlike the previous case, network security issues arise  How do we secure network transactions? o Protocols are critically important o Crypto plays critical role in protocols
Beyond CIA: Access Control  Once Bob is authenticated by AOB, then AOB must restrict actions of Bob o Bob can’t view Charlie’s account info o Bob can’t install new software, etc.  Enforcing these restrictions: authorization  Access control includes both authentication and authorization
Beyond CIA: Software  Cryptography, protocols, and access control are implemented in software o Software is foundation on which security rests  What are security issues of software? o Real world software is complex and buggy o Software flaws lead to security flaws o How does Trudy attack software? o How to reduce flaws in software development? o And what about malware?
The People Problem  People often break security o Both intentionally and unintentionally o Here, we consider the unintentional  For example, suppose you want to buy something online o To make it concrete, suppose you want to buy Information Security: Principles and Practice, 2nd edition from amazon.com
The People Problem  To buy from amazon.com o Your Web browser uses SSL protocol o SSL relies on cryptography o Access control issues arise o All security mechanisms are in software  Suppose all of this security stuff works perfectly o Then you would be safe, right?
The People Problem  What could go wrong?  Trudy tries man-in-the-middle attack o SSL is secure, so attack doesn’t “work” o But, Web browser issues a warning o What do you, the user, do?  If user ignores warning, attack works! o None of the security mechanisms failed o But user unintentionally broke security
Cryptography  “Secret codes”  This topic covers o Classic cryptography o Symmetric ciphers o Public key cryptography o Hash functions++
Access Control  Authentication o Passwords o Biometrics o Other methods of authentication  Authorization o Access Control Lists/Capabilities o Firewalls, intrusion detection (IDS) o Multilevel security (MLS), security modeling, covert channel, inference control
Protocols  “Simple” authentication protocols o Focus on basics of security protocols o Lots of applied cryptography in protocols  Real-world security protocols o SSH, SSL, IPSec, Kerberos o Wireless: WEP, GSM
Software  Security-critical flaws in software o Buffer overflow o Race conditions, etc.  Malware o Examples of viruses and worms o Prevention and detection o Future of malware?
Software  Software reverse engineering (SRE) o How hackers “dissect” software  Digital rights management (DRM) o Shows difficulty of security in software o Also raises OS security issues  Software and testing o Open source, closed source, other topics
Software  Operating systems o Basic OS security issues o “Trusted OS” requirements o NGSCB: Microsoft’s trusted OS for the PC  Software is a BIG security topic o Lots of material to cover o Lots of security problems to consider o But not nearly enough time available…
Think Like Trudy  In the past, no respectable sources talked about “hacking” in detail o After all, such info might help Trudy  Recently, this has changed o Lots of books on network hacking, evil software, how to hack software, etc. o Classes teach virus writing, SRE, etc.
Think Like Trudy  Good guys must think like bad guys!  A police detective… o …must study and understand criminals  In information security o We want to understand Trudy’s methods o Might think about Trudy’s motives o We’ll often pretend to be Trudy
Think Like Trudy  Is all of this security information a good idea?  Bruce Schneier (referring to Security Engineering, by Ross Anderson): o “It’s about time somebody wrote a book to teach the good guys what the bad guys already know.”
Think Like Trudy  We must try to think like Trudy  We must study Trudy’s methods  We can admire Trudy’s cleverness  Often, we can’t help but laugh at Alice’s and/or Bob’s stupidity  But, we cannot act like Trudy o Except in this class…
In This Course…  Think like the bad guy  Always look for weaknesses o Find the weak link before Trudy does  It’s OK to break the rules o What rules?  Think like Trudy  But don’t do anything illegal!

Recommended

Plagiarism, Copyright, and Netiquette
Plagiarism, Copyright, and NetiquettePlagiarism, Copyright, and Netiquette
Plagiarism, Copyright, and NetiquetteMya0726
 
Plagiarism, netiquette, copyrighting powerpoint
Plagiarism, netiquette, copyrighting powerpointPlagiarism, netiquette, copyrighting powerpoint
Plagiarism, netiquette, copyrighting powerpointkelseygarris
 
Don't Be A Fool on The Web
Don't Be A Fool on The WebDon't Be A Fool on The Web
Don't Be A Fool on The WebMrChickenPotPie
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Plagiarism
PlagiarismPlagiarism
PlagiarismCheck-For-Plag Anti Plagiarism Software
 
Internet safety
Internet safetyInternet safety
Internet safetydsansford
 
Netiquette on using internet
Netiquette on using internetNetiquette on using internet
Netiquette on using internetMaricrs Alfarö
 
Internet security
Internet securityInternet security
Internet securityCarmen Gorda
 

Recommended

Plagiarism, Copyright, and Netiquette
Plagiarism, Copyright, and NetiquettePlagiarism, Copyright, and Netiquette
Plagiarism, Copyright, and NetiquetteMya0726
 
Plagiarism, netiquette, copyrighting powerpoint
Plagiarism, netiquette, copyrighting powerpointPlagiarism, netiquette, copyrighting powerpoint
Plagiarism, netiquette, copyrighting powerpointkelseygarris
 
Don't Be A Fool on The Web
Don't Be A Fool on The WebDon't Be A Fool on The Web
Don't Be A Fool on The WebMrChickenPotPie
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Plagiarism
PlagiarismPlagiarism
PlagiarismCheck-For-Plag Anti Plagiarism Software
 
Internet safety
Internet safetyInternet safety
Internet safetydsansford
 
Netiquette on using internet
Netiquette on using internetNetiquette on using internet
Netiquette on using internetMaricrs Alfarö
 
Internet security
Internet securityInternet security
Internet securityCarmen Gorda
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityVibrant Technologies & Computers
 
Cyber Security Workshop GDSC-BITW
Cyber Security Workshop GDSC-BITWCyber Security Workshop GDSC-BITW
Cyber Security Workshop GDSC-BITWChanchalHiwanj1
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoJohn Bambenek
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerSteve Poole
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018Codemotion
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesBlake Carver
 
How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities- Mark - Fullbright
 
I hack you hack we all hack
I hack you hack we all hackI hack you hack we all hack
I hack you hack we all hackKaraMichelleHarkins
 
How to Secure America
How to Secure AmericaHow to Secure America
How to Secure AmericaSecurityStudio
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mindsblom
 
Access Control authentication and authorization .pptx
Access Control authentication and authorization .pptxAccess Control authentication and authorization .pptx
Access Control authentication and authorization .pptxbirhanugirmay559
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxRAM LAL ANAND COLLEGE, DELHI UNIVERSITY.
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 

More Related Content

Similar to Lecture 1

An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
Cyber Security Workshop GDSC-BITW
Cyber Security Workshop GDSC-BITWCyber Security Workshop GDSC-BITW
Cyber Security Workshop GDSC-BITWChanchalHiwanj1
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoJohn Bambenek
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerSteve Poole
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018Codemotion
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesBlake Carver
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mindsblom
 
Access Control authentication and authorization .pptx
Access Control authentication and authorization .pptxAccess Control authentication and authorization .pptx
Access Control authentication and authorization .pptxbirhanugirmay559
 

Similar to Lecture 1 (20)

An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Cyber Security Workshop GDSC-BITW
Cyber Security Workshop GDSC-BITWCyber Security Workshop GDSC-BITW
Cyber Security Workshop GDSC-BITW
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
 
How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities
 
I hack you hack we all hack
I hack you hack we all hackI hack you hack we all hack
I hack you hack we all hack
 
How to Secure America
How to Secure AmericaHow to Secure America
How to Secure America
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mind
 
Access Control authentication and authorization .pptx
Access Control authentication and authorization .pptxAccess Control authentication and authorization .pptx
Access Control authentication and authorization .pptx
 

Recently uploaded

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 

Recently uploaded (20)

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 

Lecture 1

  • 1. Information Security Sunday 10:00 – 13:00
  • 2. Information Security Instructor: Dr. Ibrahim Ali Almerhag almerhag@yahoo.com Textbook: Information Security Principles And Practices Second Edition, By: Mark Stamp Publisher: J. Wiley & sons Pub Date: 2011
  • 3. Course Outline This module consists of four major parts o Cryptography (5 weeks) o Access control (2 weeks) o Protocols (3 weeks) o Software (3 weeks)
  • 4. Assessment  Final exam 50%  Midterm exam 25%  Course work 25% o Assay, Project, Seminar, etc.
  • 5. Introduction  Alice and Bob are the good guys  Trudy is the bad “guy”  Trudy is our generic “intruder”
  • 6. Alice’s Online Bank  Alice opens “Alice’s Online Bank” (AOB)  What are Alice’s security concerns?  If Bob is a customer of AOB, what are his security concerns?  How are Alice’s and Bob’s concerns similar? How are they different?  How does Trudy view the situation?
  • 7. CIA  CIA == Confidentiality, Integrity, and Availability  CIA are the three fundamental goals of information security.
  • 8. Confidentiality  AOB must prevent Trudy from learning Bob’s account balance  Confidentiality: prevent unauthorized reading of information o Cryptography used for confidentiality
  • 9. Integrity  Trudy must not be able to change Bob’s account balance  Bob must not be able to improperly change his own account balance  Integrity: detect unauthorized writing of information o Cryptography used for integrity
  • 10. Availability  AOB’s information must be available whenever it’s needed  Alice must be able to make transaction o If not, she’ll take her business elsewhere  Availability: Data is available in a timely manner when needed  Availability is a “new” security concern o Denial of service (DoS) attacks
  • 11. Beyond CIA: Crypto  How does Bob’s computer know that “Bob” is really Bob and not Trudy?  Bob’s password must be verified o This requires some clever cryptography  What are security concerns of pwds?  Are there alternatives to passwords?
  • 12. Beyond CIA: Protocols  When Bob logs into AOB, how does AOB know that “Bob” is really Bob?  As before, Bob’s password is verified  Unlike the previous case, network security issues arise  How do we secure network transactions? o Protocols are critically important o Crypto plays critical role in protocols
  • 13. Beyond CIA: Access Control  Once Bob is authenticated by AOB, then AOB must restrict actions of Bob o Bob can’t view Charlie’s account info o Bob can’t install new software, etc.  Enforcing these restrictions: authorization  Access control includes both authentication and authorization
  • 14. Beyond CIA: Software  Cryptography, protocols, and access control are implemented in software o Software is foundation on which security rests  What are security issues of software? o Real world software is complex and buggy o Software flaws lead to security flaws o How does Trudy attack software? o How to reduce flaws in software development? o And what about malware?
  • 15. The People Problem  People often break security o Both intentionally and unintentionally o Here, we consider the unintentional  For example, suppose you want to buy something online o To make it concrete, suppose you want to buy Information Security: Principles and Practice, 2nd edition from amazon.com
  • 16. The People Problem  To buy from amazon.com o Your Web browser uses SSL protocol o SSL relies on cryptography o Access control issues arise o All security mechanisms are in software  Suppose all of this security stuff works perfectly o Then you would be safe, right?
  • 17. The People Problem  What could go wrong?  Trudy tries man-in-the-middle attack o SSL is secure, so attack doesn’t “work” o But, Web browser issues a warning o What do you, the user, do?  If user ignores warning, attack works! o None of the security mechanisms failed o But user unintentionally broke security
  • 18. Cryptography  “Secret codes”  This topic covers o Classic cryptography o Symmetric ciphers o Public key cryptography o Hash functions++
  • 19. Access Control  Authentication o Passwords o Biometrics o Other methods of authentication  Authorization o Access Control Lists/Capabilities o Firewalls, intrusion detection (IDS) o Multilevel security (MLS), security modeling, covert channel, inference control
  • 20. Protocols  “Simple” authentication protocols o Focus on basics of security protocols o Lots of applied cryptography in protocols  Real-world security protocols o SSH, SSL, IPSec, Kerberos o Wireless: WEP, GSM
  • 21. Software  Security-critical flaws in software o Buffer overflow o Race conditions, etc.  Malware o Examples of viruses and worms o Prevention and detection o Future of malware?
  • 22. Software  Software reverse engineering (SRE) o How hackers “dissect” software  Digital rights management (DRM) o Shows difficulty of security in software o Also raises OS security issues  Software and testing o Open source, closed source, other topics
  • 23. Software  Operating systems o Basic OS security issues o “Trusted OS” requirements o NGSCB: Microsoft’s trusted OS for the PC  Software is a BIG security topic o Lots of material to cover o Lots of security problems to consider o But not nearly enough time available…
  • 24. Think Like Trudy  In the past, no respectable sources talked about “hacking” in detail o After all, such info might help Trudy  Recently, this has changed o Lots of books on network hacking, evil software, how to hack software, etc. o Classes teach virus writing, SRE, etc.
  • 25. Think Like Trudy  Good guys must think like bad guys!  A police detective… o …must study and understand criminals  In information security o We want to understand Trudy’s methods o Might think about Trudy’s motives o We’ll often pretend to be Trudy
  • 26. Think Like Trudy  Is all of this security information a good idea?  Bruce Schneier (referring to Security Engineering, by Ross Anderson): o “It’s about time somebody wrote a book to teach the good guys what the bad guys already know.”
  • 27. Think Like Trudy  We must try to think like Trudy  We must study Trudy’s methods  We can admire Trudy’s cleverness  Often, we can’t help but laugh at Alice’s and/or Bob’s stupidity  But, we cannot act like Trudy o Except in this class…
  • 28. In This Course…  Think like the bad guy  Always look for weaknesses o Find the weak link before Trudy does  It’s OK to break the rules o What rules?  Think like Trudy  But don’t do anything illegal!