computer and communications security comp4631
play

Computer and Communications Security COMP4631 Cunsheng Ding - PowerPoint PPT Presentation

Nov 19, 2023 •561 likes •1.01k views

Computer and Communications Security COMP4631 Cunsheng Ding cding@cs.ust.hk https://home.cse.ust.hk/faculty/cding/hkust_only/ C. Ding - COMP4631 - L01 1 Outline of this Lecture Brief introduction to COMP4631 Physical security: an

  1. Computer and Communications Security COMP4631 Cunsheng Ding cding@cs.ust.hk https://home.cse.ust.hk/faculty/cding/hkust_only/ C. Ding - COMP4631 - L01 1

  2. Outline of this Lecture • Brief introduction to COMP4631 • Physical security: an important step towards understanding computer security C. Ding - COMP4631 - L01 2

  3. Course Introduction C. Ding - COMP4631 - L01 3

  4. Course Structure Practice Core theory Windows NT security encryption Unix security authentication Distributed system security digital signature Network security Web security C. Ding - COMP4631 - L01 4

  5. Course Structure & Grading Lecture Tutorial x Grading: 3 assignments, 1 exam C. Ding - COMP4631 - L01 5

  6. Main Topics • Computer security: an introduction • Conventional cryptosystems • Public-key cryptosystems • Key management • Hash functions, authentication • Digital signature, identification • Access control • Unix security • Windows NT security • Distributed system security • Network security C. Ding - COMP4631 - L01 6

  7. Main Topics ctd. • IP security • Email security • WWW security • Firewalls • Virtual private networks C. Ding - COMP4631 - L01 7

  8. Reference Books • Behrouz A. Forouz, Cryptography and Network Security, McGraw Hill, 2008. • D. Gollmann, Computer Security, John Wiley & Sons, 1999. • W. Stallings and L. Brown, Computer Security: Principles and Practice, Pearson Education, 2008. C. Ding - COMP4631 - L01 8

  9. Learning Outcomes On completion of this course you will be able to: 1. evaluate potential vulnerabilities and attacks on computer and communication systems; 2. learn the basic security tools; 3. select and apply basic tools to build security systems; and 4. get familiar with real-world security systems. C. Ding - COMP4631 - L01 9

  10. Warning ! Prerequisites: Operating systems, Computer communication networks, Discrete mathematics C. Ding - COMP4631 - L01 10

  11. Important Information Take this course only if you have time to visit lectures, to work out assignments independently, and most importantly to have good math capability and a background in operating systems and computer networks. C. Ding - COMP4631 - L01 11

  12. Questions? C. Ding - COMP4631 - L01 12

  13. Physical Security: The first step towards understanding computer security C. Ding - COMP4631 - L01 13

  14. Definition of Physical Security • Physical security refers to the protection of building sites and equipment (and all information and software contained therein) from theft, vandalism, natural disaster, manmade catastrophes, and accidental damage (e.g., from electrical surges, extreme temperatures, and spilled coffee). C. Ding - COMP4631 - L01 14

  15. Definition in Wikipedia • Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. • It can be as simple as a locked door or as elaborate as multiple layers of “armed guardposts”. C. Ding - COMP4631 - L01 15

  16. Armed Guard Post Armed Guardpost Security System • Security model – No wood, no walls, only three guards. – Can be placed anywhere • Security policies – The duties of each guard – Centralized or decentralized – How often should they move? • How to implement the policies? C. Ding - COMP4631 - L01 16

  17. Physical Security: Example • Your house • A cash room in a bank C. Ding - COMP4631 - L01 17

  18. Elements of Physical Security The field of security engineering has identified three elements to physical security: • Obstacles, to frustrate trivial attackers and delay serious ones. (Prevention) • Alarms, security lighting, security guard patrols or closed-circuit television cameras, to make it likely that attacks will be noticed. (Detection) • Security response, to repel, catch or frustrate attackers when an attack is detected. (Response) In a well designed system, these features must complement each other. C. Ding - COMP4631 - L01 18

  19. Design of Physical Security There are three layers of physical security: • Environmental design • Mechanical and electronic access control • Intrusion detection C. Ding - COMP4631 - L01 19

  20. Environmental Design • The initial layer of security for a campus, building, office, or physical space. • It is used to deter threats. • Examples: warning, fences, metal barriers, vehicle height-restrictors, site lighting. C. Ding - COMP4631 - L01 20

  21. Mechanical & Electronic Access Control • The second layer of physical security • Examples: – Doors with locks – Doors with security guards • Access control policy is implemented. Only authorized people are allowed. C. Ding - COMP4631 - L01 21

  22. Intrusion Detection • The third layer is intrusion detection systems or alarms. • Intrusion detection monitors for attacks. • It is less a preventative measure and more of a response measure. C. Ding - COMP4631 - L01 22

  23. Violating Physical Access Control • Masquerading: A person disguised as an authorized user. This can be done using a forged ID or pretending to be a repair man. • Piggy-backing: A person who enters the security perimeter by following an authorized user. C. Ding - COMP4631 - L01 23

  24. Violating Physical Access Control • Lock-picking: Any lock can be picked. Or better, go through dropped ceilings or removing the hinges from door. • http://www.wikihow.com/Pick-a-Lock- Using-a-Paperclip • The Complete Guide to Lock Picking • https://repo.zenk- security.com/Lockpicking/The%20Complete%20Guide%2 0To%20Lockpicking%20- %20Eddie%20the%20Wire%20-%20Loompanics.pdf C. Ding - COMP4631 - L01 24

  25. Violating Physical Access Control Visual/auditory • access: • Example: Russians spied on Americans by installing a telephone near a code-room. They got the secret key by hearing electric balls on typewriters. C. Ding - COMP4631 - L01 25

  26. A Case Study of Physical Security C. Ding - COMP4631 - L01 26

  27. A Real-World Example • Problem: Suppose you are the President of a country called The New Empire. You have ordered the killing of many innocent people in the world, and have thus many enemies. You would build a house as both your working office and residential place, which provides you as much security as possible. • Given a fixed amount of money for doing this, how would you build a secure house? C. Ding - COMP4631 - L01 27

  28. Some Design Requirements • The house should have at least one entrance door which is controlled by a (physical or electronic) lock or guard. • It should have at least one window for getting sunlight. • It should accommodate you (the President) and your spouse. • It should provide a “certain level” of security. C. Ding - COMP4631 - L01 28

  29. Possible Attacks • Biological attacks from the air (you have to breath). • Missile attacks from the air. • Break-in from the entrance door (there must be at least one door). • Tunnel attacks. • Fire break. • Attacks from your spouse and security guards. • Can you find out all possible attacks? C. Ding - COMP4631 - L01 29

  30. Security Model • Chinese Wall Model (other models too, b e.g. the guard post model) a • Human-machine d approach (security guards + locks) c • Security policy: access control C. Ding - COMP4631 - L01 30

  31. The First Design Decision: what is the focus of security controls? • Access control on the doors, assuming b that – all the walls are tall a enough; – all the walls are d very strong; c – all doors are very strong. C. Ding - COMP4631 - L01 31

  32. The Second Design Decision: where to place security controls? • The doors: – The man approach: b guards only – The machine a approach: locks only – man-machine d approach: a c combination • Which approach is better? C. Ding - COMP4631 - L01 32

  33. The Second Design Decision: where to place security controls? • The man approach – It is possible for one b single person to use her/his beauty or detrimental gas to settle all the guards. a d – If one lock, this may not be possible. c – Possible to bribe all. C. Ding - COMP4631 - L01 33

  34. The Second Design Decision: where to place security controls? • The machine approach b – What happens if you have a heart a attack? – In case of fire and d you cannot find the c key to door D, what will happen? C. Ding - COMP4631 - L01 34

  35. The Second Design Decision: where to place security controls? • Conclusion: – Man-machine b approach is better! a • Questions: – How many locks and d how many guards? – Which doors are c controlled by locks and guards? – Male or female? C. Ding - COMP4631 - L01 35

  36. The Third Design Decision: simplicity and assurance (1) • Access control policy: – For each door define b who has access right. – The access control on a door D is crutial (why). - Guard at A is not allowed to access other d doors. Guard at D is not allowed to cross A without c the permission of the President. C. Ding - COMP4631 - L01 36

Recommend

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 11: Public-Key Infrastructure Main Topics of this Lecture 1. Digital

433 views • 25 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 15: Electronic Mail Security Outline of this Lecture 1. Email security

580 views • 31 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 10: The RSA Public-Key Block Cipher Objectives of this Lecture 1. To

390 views • 20 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 7: Introduction to Public-Key Cryptography Objectives of this Lecture 1.

678 views • 21 slides
Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security

Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security

Dr. Cunsheng DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security HKUST, Hong Kong Lecture 12: Key Distribution Protocols Outline of this Lecture 1.

174 views • 15 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 05: Introduction to Cryptography Outline of this Lecture A brief

446 views • 16 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The

377 views • 19 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 07: Several One-Key Block Ciphers Outline of this Lecture One-key

622 views • 24 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 06: One-Key Block Ciphers Outline of this Lecture One-key block ciphers

889 views • 22 slides
Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY

Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY

THERE AND BACK AGAIN BRIAN CHESS SEPTEMBER 2013 Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY 7 THE PROGRAMMER "Programming is hard" Donald Knuth Programmers not historically

350 views • 21 slides
Unix Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L19 1

Unix Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L19 1

Unix Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L19 1 Agenda A short history of Unix Login and user accounts access control Instances of general security principles Audit configuration

641 views • 38 slides
Introduction to Computer Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C.

Introduction to Computer Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C.

Introduction to Computer Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L02 1 Outline of this Lecture A brief introduction to computer security A theoretical framework of computer security

972 views • 47 slides
Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1 Agenda

Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1 Agenda

Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1 Agenda Brief information about Windows NT Security architecture Identification and authentication Access control Administration C. Ding -

1.28k views • 52 slides
Anonymous communications and systems A short introduction George Danezis Computer Security

Anonymous communications and systems A short introduction George Danezis Computer Security

Anonymous communications and systems A short introduction George Danezis Computer Security Group Computer Laboratory 1 Introducing Hiding Two strategies to safeguard assets: protect (guards, walls, safes,

613 views • 25 slides
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 -

WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 -

WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security (TLS)

604 views • 42 slides
User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 30-1 Outline Policy Access Files, devices Processes Electronic communications Computer Security: Art and Science , 2 nd Edition

945 views • 62 slides
Mobile Communications Mobile Communications Confidentiality Security No access to information

Mobile Communications Mobile Communications Confidentiality Security No access to information

Security Requirements Authorization Which objects are accessible by whom? Authentication Reliable identification of users identity . Mobile Communications Mobile Communications Confidentiality Security No access to information for

577 views • 11 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec SSL/TLS EAP

695 views • 48 slides
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec SSL/TLS EAP

899 views • 56 slides
Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security

Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security

Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security Access Control Lists Access Control Lists GSM Security GSM Security WEP Authentication WPA/WPA2 Encryption 802.1X/EAP

536 views • 43 slides
Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security

Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security

Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security Access Control Lists Access Control Lists GSM Security GSM Security WEP Authentication WPA/WPA2 Encryption 802.1X/EAP

409 views • 15 slides
802.11 Security & Pen Testing Fengwei Zhang Constantinos Kolias SUSTech CS 315 Computer

802.11 Security & Pen Testing Fengwei Zhang Constantinos Kolias SUSTech CS 315 Computer

802.11 Security & Pen Testing Fengwei Zhang Constantinos Kolias SUSTech CS 315 Computer Security 1 Wireless Communications: Advantages & Disadvantages Makes communication possible where cables dont reach Convenience

399 views • 17 slides
Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Cryptography Provable Security Encryption Assumptions Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange information securely Que peut nous garantir la cryptographie ? With the all-digital world, security

190 views • 4 slides

More recommend