CPSC 467: Cryptography and Computer Security



Similar documents
CPSC 467b: Cryptography and Computer Security

Information Security Basic Concepts

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Residual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)

Cryptography and Network Security

Content Teaching Academy at James Madison University

Introduction to Computer Security

COSC 472 Network Security

Information Security

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

CSCI 4541/6541: NETWORK SECURITY

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Cryptography and Network Security Chapter 1

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Introduction to Cyber Security / Information Security

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Brainloop Cloud Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

CSC 474 Information Systems Security

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

CSE331: Introduction to Networks and Security. Lecture 1 Fall 2006

CNT4406/5412 Network Security Introduction

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

Institute of Southern Punjab, Multan

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Security and Privacy in Cloud Computing

Hang Seng HSBCnet Security. May 2016

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

CS 464/564 Networked Systems Security SYLLABUS

CS 203 / NetSys 240. Network Security

Information Technology Branch Access Control Technical Standard

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

ISO Controls and Objectives

Third Party Security Requirements Policy

Chapter 6: Fundamental Cloud Security

AUDIT TAX SYSTEMS ADVISORY

Information, Network & Cyber Security

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Healthcare Compliance Solutions

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Notes on Network Security - Introduction

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Security and Privacy Controls for Federal Information Systems and Organizations

Security Goals Services

Understanding and evaluating risk to information assets in your software projects

Ursuline College Accelerated Program URSULINE COLLEGE

Chap. 1: Introduction

Network Security. Network Security Hierarchy. CISCO Security Curriculum

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Cloud security architecture

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

CS5008: Internet Computing

Healthcare Compliance Solutions

IY2760/CS3760: Part 6. IY2760: Part 6

ISO 27002:2013 Version Change Summary

UF IT Risk Assessment Standard

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

Information Security Policy Manual

Weighted Total Mark. Weighted Exam Mark

Network Security. Instructor: Adam Hahn

(Instructor-led; 3 Days)

Information Security Law: Control of Digital Assets.

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

How To Protect Yourself From Cyber Threats

TELE 301 Network Management. Lecture 18: Network Security

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

SECURITY ORGANISATION Security Awareness and the Five Aspects of Security

CSE 5392 Sensor Network Security

Securing Data on Microsoft SQL Server 2012

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Introduction to Security

Information Security and Privacy

ICANWK406A Install, configure and test network security

Security and Privacy: An Introduction to HIPAA

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Network Security and Surveillance

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.

Network Security: Introduction

Certified Secure Computer User

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Transcription:

CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 1 September 2, 2015 CPSC 467, Lecture 1 1/13

Protecting Information Information security Security principles Crypto as a security tool Highlights from Syllabus CPSC 467, Lecture 1 2/13

Protecting Information CPSC 467, Lecture 1 3/13

Information security Information Security Protecting information is a major challenge in the digital world. Massive compromises of confidential data are disclosed almost daily. Identity theft. Industrial espionage. Cyberwarfare. Major web sites taken down by denial-of-service attacks. Massive government surveillance. Massive harvesting of personal data by large internet companies such as Google and Facebook. CPSC 467, Lecture 1 4/13

Information security Threat examples Some risks and possible countermeasures: Eavesdropping on private conversations: encryption. Unauthorized use of a computer: passwords, physical security. Unwanted email: spam filters. Unintentional data corruption: checksums and backups. Denial of service: redundancy, isolation. Breach of contract: nonrepudiable signatures. Malicious data corruption: backups, access controls, cryptographic hash functions. Disclosure of confidential data: access controls, encryption, physical security. CPSC 467, Lecture 1 5/13

Information security How is security achieved in the real world? Prevention: Physical barriers, access controls, encryption, firewalls, human awareness, etc. Detection: Audits, checks and balances. Legal means: Laws, patents, trademarks, copyrights, sanctions against wrongdoers. Concealment: Camouflage, steganography. CPSC 467, Lecture 1 6/13

Information security Banking example Consider an on-line banking web site. What are the interests of the customer? What are the interests of the bank? What are the interests of possible intruders? Can the bank trust the customer? Why or why not? Can the customer trust the bank? Why or why not? CPSC 467, Lecture 1 7/13

Security principles Information security principles The CIA triad (Confidentiality, Integrity, and Availability) captures many of the goals of information security. How well does this capture privacy? secrecy? authenticity? trustworthiness? non-repudiation? accountability? deniability? auditability? authorization? possession? utility? CPSC 467, Lecture 1 8/13

Security principles Principles of risk management No such thing as absolute security. Security goal: optimize tradeoff between cost of security measures and losses from security breaches. Security risks can be lowered by Reducing exposure to attack. Reducing number of vulnerabilities. Reducing value to the attacker of a successful attack. Increasing the cost of a successful attack. Increasing the penalty for a failed attempt. CPSC 467, Lecture 1 9/13

Crypto as a security tool What does this have to do with cryptography? Cryptography is an important tool for achieving information security. Cryptography is to information security as locks are to personal security. Both are clever mechanisms that can be analyzed in isolation. Both can be effective when used in suitable contexts. Both comprise only a small part of the security picture. CPSC 467, Lecture 1 10/13

Crypto as a security tool Some applications of cryptography Secret message transmission over an insecure channel. Remote authentication. Verifying integrity and authenticity of data: digital signatures. Privacy-preserving computation. Contract signing. Protection of data at rest. CPSC 467, Lecture 1 11/13

Highlights from Syllabus CPSC 467, Lecture 1 12/13

Expectations Read the syllabus! Some highlights: Pay attention to policies on plagiarism, submitting your work, and electronics in class. Teaching assistant is Ewa Syta. The midterm and final exam are both scheduled. Keep those dates clear. You will use the Zoo for programming and Classes*v2 for homework submissions. Do problem set 1! Also, class attendance and class participation is required. See me if you have to miss class. CPSC 467, Lecture 1 13/13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information