Security and Cryptography 1 Stefan Köpsell, Thorsten

Transcription

Security and Cryptography 1
Stefan Köpsell, Thorsten Strufe
Disclaimer: this course has been created with very valuable input
from Dan Boneh (go check his videos!), Stefan Katzenbeisser,
Mark Manulis, Günter Schäfer, and the members of the Chair.
Dresden, WS 15/16
Lecture Outline
Who are we?
Organizational matters
Course outline
Basic concepts of security and cryptography
15.10.2015
Privacy and Security
Folie Nr. 2
Who we are
Professur „Datenschutz und Datensicherheit“
For this lecture:
• Thorsten Strufe (Lectures)
• INF 3070 / +49 351 463 38247
• thorsten.strufe [at] tu-dresden.de
• Dr. Stefan Köpsell (Lectures and Exercises)
• INF 3062
• stefan.koepsell [at] tu-dresden.de
https://dud.inf.tu-dresden.de
15.10.2015
Folie Nr. 3
What we‘re interested in
• Can we prevent surveillance and retain our privacy?
• How can networks be made robust and secure?
• How can you communicate with confidentiality?
• Can we provide competitive (useful and performant) services
without snooping on the users?
•
•
•
Social Networking?
Recommendation Systems?
Data Mining on confidential data (biomedical!)?
• How can we analyse this context and develop sustainable
solutions (scientifically)?
• With everything getting digital: how can we avoid the next big
data-loss desaster? [1] [2] [3] [4]
15.10.2015
Folie Nr. 4
A Case Study: Social Media and the Web
Web traffic is converging to sites of 6 corporations
• Success due to integration and strong personalization
• Data minimization and avoidance in conflict to business modell
Convergence of communication and expression
• Facebook evolves to integrated communication platform with
1.3 Bn users
• Google, g+: 500 Mio User
• Clear name: perfectly identifiable
Increasingly mobile utilization
• Perfect location, easy tracking
• Configuration more tedious
[Nielsen]
15.10.2015
Folie Nr. 5
The Stakeholders
Subscribers
Provider
Partner
Advertisers
Extending
Partner
Public
15.10.2015
Institutions
Network Provider
Folie Nr. 6
The Providers and the Data at their Hands
Explicit
Incidental / „metadata“
• created content
(profile, posts)
• annotations/comments
• preferences/structural interaction
(contacts, +1, etc)
• Observed:
session artifacts (time of
actions), interest (retrieved
profiles; membership in groups/
participation in discussions),
influence (users)
clickstreams, ad preferences,
exact sessions, communication
(end points, type, intensity,
frequency, extent), location (IP;
shared; gps coordinates), udid
• Inferred
 derived from observations
 homophily
Extracted
• Profiling
• preference models
• image recognition models
15.10.2015
Externally correlated
• interest/preferences (clickstreams
through ad networks, fb-connect)
Folie Nr. 7
Model and Adversaries
Communication
Relation
“Friend”, Social
Engineering
Trust
Real Time
Application Server
End device
A
Add Interface
DB
B
delegated
Secondary Server
App Server
SNS-Provider,
Prism (TAO)
Alice
SNP
ISP, Echelon,
Eikonal, Tempora
Internet
15.10.2015
Folie Nr. 8
Our Research Clusters
•
Network Security
•
•
Protecting the transmission
Protecting the network
A
•
Privacy Enhancing Tech
•
•
B
D
B
Network anonymisation
Anonymous services
Alice
Alice
InternetSNP
15.10.2015
SNP
Folie Nr. 9
Dezentralize to Encounter Censorship
Entire distribution of data and control
•
•
Decentralize everything
Use trusted service providers only
System classes:
•
•
•
Federated SNS
P2P / D-OSN
Social Overlays and Darknets
15.10.2015
Folie Nr. 10
Lösungsklassen / Research Clusters
•
Network Security
•
•
•
•
Protecting the transmission
Resilient networks
Data Analysis
User understanding
Inference assessment
Intention recognition
•
•
•
Privacy Enhancing Tech
•
•
•
Network anonymisation
Anonymous services
Darknets/Social Overlays
A
•
Content protection
•
•
A
BB
Secure Computation
Oblivious Recommenders
D
B
Alice
Alice
InternetSNP
15.10.2015
SNP
Folie Nr. 11
What we offer you
FS
Wintersemester
1
FS
Sommersemester
2
Informations- und
Kodierungstheorie
3
Betriebssysteme & Sicherheit
4
Forschungslinie
5
BAS-4
SaC-1 / Kanalkodierung
6
BAS-4
SaC-2/Crypto
8
Vert-4, ANW/AFT, Beleg
SaC-2/Crypto/Resilient Networking
10
Diplomarbeit
7
9
Vert-4, ANW/AFT
FB-Mining/Kanalkodierung
B-510/B-520:
• Security & Crypto 1
• S&C 2 (PETs)
• Kanalkodierung
• Seminare/Praktika
FS
Wintersemester
BAS-4:
• Security & Crypto 1
• S&C 2 (PETs)
• Crypto
• Kanalkodierung
Vert-4:
• S&C 1&2
• Crypto
• Resilient Networking
• Mining Facebook
• Kanalkodierung
FS
Sommersemester
B1
B2
Informations- und
Kodierungstheorie
B3
B4
B5
B-510
Betriebssysteme & Sicherheit
B6
B-520
Bachelor-Thesis
M1
BAS-4
M2
BAS-4, VERT-4, ANW
M3
Vert-4, FPA
M4
Master-Thesis
15.10.2015
Folie Nr. 12
Topics of this Lecture
Basic concepts of privacy, IT security, and crypto
A little mathematical background
• discrete probability
• some number theory
Crypto
• Symmetric crypto
• Asymmetric crypto
Additional Services and Primitives
• Modification/Integrity checks
• Key agreement and key exchange
• Authentication
• Access Control
Network security
15.10.2015
Folie Nr. 13
Material
Slides/recordings will be on the web site
Literature/References
• Dan Boneh‘s coursera course.
• Boneh & Shoup: Graduate course in applied crypto
• Katz & Lindell: Intro to modern crypto
• David Kahn: The Codebreakers
• Simon Singh: The Code Book
• „Applied Cryptography“ (MOV, Schneier)
• Schäfer, Roßberg: Netzsicherheit
15.10.2015
Folie Nr. 14
Organizational matters
Courses
• Thu 9:20 – 10:50
• E023
Exercises
• Thu 11:10 – 12:40
• E023
• Both theory and practical tasks
Communication
• There‘s a mailing list, please register here:
https://mailman.zih.tu-dresden.de/groups/listinfo/dud-sac
• Establish a healthy culture of common discussions
• Talk to us.
Exams
• Oral exams, make appointments
All necessary information on the Web site
15.10.2015
Folie Nr. 15
Trends around you: large to small
Challenges:
• Pervasive computing
• Identification of individuals
Tracing
• Integrity of information
15.10.2015
Folie Nr. 16
Trends around you: static to mobile
Challenges:
• Disclosure of information
• Unreliable devices
• Unreliable connections
• Deception (IMSI catcher)
• Increased attack surface
15.10.2015
Folie Nr. 17
Trends around you: tangible to virtual
Challenges:
• Integrity of information
• Authenticating counterpart
• Observability of acts
• Mass data collection
15.10.2015
Folie Nr. 18
Trends around you: offline goes online
Challenges:
• Increased attack surface
• Loss of PII
• Profiling
• Observation
15.10.2015
Folie Nr. 19
Trends around you: occasional to pervasive
Challenges:
• „Always on“
• Proximity and coverage
• Dragnet surveillance
15.10.2015
Folie Nr. 20
Introducing some Actors of the Play
For clarity it‘s good to have some model…
Mallory
: message
Alice
Bob
Eve
15.10.2015
Folie Nr. 21
Variations of the Play
Craig
File
Alice
HDD
Trudy
Bob
„Terrorist“
Carol
Alice
„Honest
but curious“
Dan
15.10.2015
Folie Nr. 22
A little terminology: What is a Threat?
Abstract Definition:
 A threat is any possible event or sequence of actions that might
lead to a violation of one or more security goals
 The actual realization of a threat is called an attack
Examples:






A hacker breaking into a corporate computer
Disclosure of emails in transit
Someone changing financial accounting data
A hacker temporarily shutting down a website
Someone using services or ordering goods in the name of others
...
But what are security goals?
 Security goals can be defined:
 depending on the application environment, or
 in a more general, technical way
Folie Nr. 23
Security Goals in Application Environments
Public Telecommunication Providers:
 Protect subscribers’ privacy
 Restrict access to administrative functions to authorized
personnel
 Protect against service interruptions
Corporate / Private Networks:
 Protect corporate confidentiality / individual privacy
 Ensure message authenticity
 Protect against service interruptions
All Networks:
 Prevent outside penetrations (who wants hackers?)
Security goals are also called security objectives
Folie Nr. 24
Security Goals Technically Defined (CIA)
Confidentiality:
 Data transmitted or stored should only be revealed to the intended
audience
 Confidentiality of identity is also referred to as anonymity
(Data) Integrity:
 It should be possible to detect any modification of data
 This requires to be able to identify the creator of some data
Availability:
 Services should be available and function correctly
Accountability:
 It should be possible to identify the entity responsible for any
communication event
Controlled Access:
 Only authorized entities should be able to access certain
services or information
Several other models have been proposed, anything beyond CIA is
constantly subject to arguments and discussions…
Folie Nr. 25
Threats Technically Defined
Masquerade:
 An entity claims to be another entity
Disclosure of confidential information (eavesdropping):
 An entity reads information it is not intended to read
Authorization violation:
 An entity uses a service or resources it is not intended to use
Loss or Modification of (transmitted) information:
 Data is being altered or destroyed
Denial of Communication Acts (Repudiation):
 An entity falsely denies its participation in a communication act
Forgery of information:
 An entity creates new information in the name of another entity
Blackout (Denial of Service, Sabotage):
 Any action that aims to reduce the availability and / or correct functioning of services
or systems
Folie Nr. 26
Threats Technically Defined
Masquerade:
 An entity claims to be another entity
Disclosure of confidential information (eavesdropping):
 An entity reads information it is not intended to read
Authorization violation:
 An entity uses a service or resources it is not intended to use
Loss or Modification of (transmitted) information:
 Data is being altered or destroyed
Denial of Communication Acts (Repudiation):
 An entity falsely denies its participation in a communication act
Forgery of information:
 An entity creates new information in the name of another entity
Blackout (Denial of Service, Sabotage):
 Any action that aims to reduce the availability and / or correct functioning of services
or systems
Folie Nr. 27
A little more Terminology
Security Service:
 An abstract “service” seeking to ensure a specific security
property
 Can be realised with the help of cryptographic algorithms
and protocols or with conventional means:
 Keep electronic document on a floppy disk confidential by storing
it on the disk in an encrypted format or locking away the disk in a
safe
 Usually a combination of cryptographic and other means is most
effective
Folie Nr. 28
Security Services – Overview
Authentication
 Ensure that an entity has in fact the identity it claims to have
Integrity
 Ensure that data created by specific entity is not modified
without detection
Confidentiality
 Ensure the secrecy of protected data
Access Control
 Ensure that each entity accesses only services and information it
is entitled to
Non Repudiation
 Prevent entities participating in a communication exchange from
later falsely denying that the exchange occurred
Folie Nr. 29
Crypto and Auxilliary Mechanisms
Cryptographic Algorithms
•
Ciphers


•
Symmetric (Stream / Block)
Asymmetric
Cryptographic Signatures
Key Management
•
Generation, storage, access, and exchange of keys
Random number generation
•
Generation of cryptographically secure random numbers
Intrusion Detection
•
15.10.2015
Analyse activity records to detect succesful intrusions or
attacks
Folie Nr. 30
Crypto?
Cryptographic Algorithm:
 A mathematical transformation of input data (e.g. data, key)
to output data
 Cryptographic algorithms are used in cryptographic protocols
Cryptographic Protocol:
 A series of steps and message exchanges between multiple
entities in order to achieve a specific security objective
15.10.2015
Folie Nr. 31
Potential Attackers and an Adversary Model
A word on assumptions.
Assume an omnipotent adversary. She could:
• access all information of interest
• modify data unnoticed
• physically destroy the system (or parts thereof)
Could we deal with this?
Unfortunately, no:
Nothing can protect from an omnipotent adversary.
More realistic (specific!) model of adversaries needed.
15.10.2015
Folie Nr. 32
On Eve, Mallory, Craig, and Trudy…
An adversary model needs to define
• The intention of the adversary
• Break and/or access <something>
• The behavior
• Passive or active?
• The capabilities of an attacker
• Computational capacity
• Resources (time and money)
• The area of control
• Insider or outsider?
• Local, regional, or global?
15.10.2015
Folie Nr. 33
Eve and Mallory…
Some common assumptions…
Area of attack
Trusted domain
Trusted domain
IT system
Generally:
• Adversary limited:
• Limited access
• Attack has to be „efficient“
Trusted domain
15.10.2015
Man in the middle
Trusted domain
Folie Nr. 34
Summary
You know who we are
You know what to expect from the lecture
You have seen some trends that are happening
You have been introduced to Alice, Bob, Eve, and Mallory
You understand what threats are … and what this means
You can tell security goals (CIA!) from security services
You know adversary models and which aspects they define
15.10.2015
Folie Nr. 35

Security and Cryptography 1 Stefan Köpsell, Thorsten

Transcription

Similar documents

Newsletter 7 1984 - Tools and Trades History Society

Form 990 for GLADWYNE MONTESSORI SCHOOL (23

fsource.org

FOIPPA Toolkit

Restraining Order Against Sam Lufti

A warm welcome to Erlacher Höhe!

PIPEDA 101 PowerPoint (Done by Communications)