Computer Security:

Principles and Practice

Practice #1
What is Security?

2
3
4
5
6
 Administration

Tutor: Elior Ariel (eliorar@post.bgu.ac.il)

Office Hours : Monday 13:00-14:00 (Building 90, lab 10)
Tutor: Alexander Shknevsky (sheknabs@post.bgu.ac.il)
Office Hours : Wednesday 10:00-11:00 (Building 90, lab 10)
Requirements:
Home works (35%):
2 theoretical work, 2/3 programming
Final exam (65%)
Course site: Moodle

7
Key Security Concepts

8
 Confidentiality

Preserving authorization restrictions on information

access and disclosure, including means for protecting
personal privacy and proprietary information.

Loss of confidentiality is the unauthorized disclosure of

information.

9
Confidentiality - examples

10
 Integrity

Guarding against improper information modification or

destruction
Ensuring information non-repudiation
Authenticity
Information destruction
Loss of integrity is the unauthorized modification or
destruction of information.
11
Integrity - examples

12
 Availability

Ensuring timely and reliable access and use of

information.
Loss of availability is the disruption of access to or use of
information or an information system.

13
Availability - examples

14
 Is that all?

Some people in the security field feel that additional

concepts are needed to present a complete picture:
Authenticity: The property of being genuine and being
able to be verified and trusted; confidence in the validity
of a transmission, a message, or message originator.
Accountability: The actions of an entity can be traced
uniquely to that entity.

15
Scope of computer security

16
Security Taxonomy

17
18
 Network Security Attacks

Classify as passive or active

Eavesdropping (passive attacks)
Release of message contents
Traffic analysis. E.g., WIFI without encryption
They are hard to detect so aim to prevent

19
 Network Security Attacks cont.

Modify or fake data (active attacks)

Masquerade (fake ID)
Replay
Modification
Denial of service
This kind of attacks are hard to prevent so aim to detect

20
 Cryptographic Tools

Cryptographic algorithms are an important element in

security services.
Symmetric encryption
Public-key (asymmetric) encryption
And more

21
 Why to Encrypt?

Only the authorized parties will understand the message.

Unauthorized parties wont be able to understand the
protected information.

22
Symmetric Encryption

23
Public Key Authentication

24
 Indications

P,M,X - The plain text

C - The cipher text
K - The encryption and decryption key
E - The encryption function C=Ek(M)
D - The decryption function M=Dk(C)
For each K, M : M=Dk(Ek(M))
25
 One Time Pad (OTP) - History

Was invented in 1917 by Gilbert Vernam

Claude Shannon The father of information theory
proved that OTP is unbreakable in 1948
The World War II voice scrambler SIGSALY was also a
form of one-time system
The hotline between Moscow and Washington D.C.,
established in 1963
26
 One Time Pad (OTP)
C= M xor K A B M= C xor K
Encryption C Decryption

Unbreakable algorithm because:

The key is as long as the plaintext
The key is truly random (HOW?)
(not generated from computer random function)

There should be only two copies of the key:

One for the sender and one for the receiver (HOW?)
The keys are used only once
27