Download Introduction - Personal Web Pages

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
Document related concepts

Wireless security wikipedia , lookup

Cyberwarfare wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Airport security wikipedia , lookup

Information privacy law wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Security printing wikipedia , lookup

Medical privacy wikipedia , lookup

Information security wikipedia , lookup

Cyberattack wikipedia , lookup

Mobile security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer security wikipedia , lookup

Social engineering (security) wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
ITIS 6200/8200:
Principles of Information Security
and Privacy
Dr. Weichao Wang
Syllabus
• See handout
– Homework will usually has 4-5 questions and due in
one week. It is due at the time that the class begins.
– Late homework
• Within 24 hours: 50% of full score
• After that: 0%
– Project
• For master students
– Conduct some hands-on experiments
– Or choose a security problem and write a survey paper
– A reference question list will be provided
• For PhD students
– Figure out a project that will help your thesis
– Midterm and final exam
– Misc: eating, drinking, and cell phone (text & twitter)
Before class
• An interesting question
– Two companies each has some private data.
They need to jointly calculate some result
without disclosing their information.
• Secure multiparty computation
• Is this solution useful?
– Zero knowledge proof:
• Can I prove to you that I know a secret without
telling you anything? (practically)
– Anonymously publishing data or information
Examples in real life
• Attack on Twitter
– Hack into the victim’s email account
– DDoS to paralyze Twitter, facebook, etc
• Data mining attacks on public database
– In Tenn, a newspaper generates a database
about all residents that have CCW permits.
– In CA, there is a webpage listing all people
that donate to Proposition 8 ballot measure
• Digital cash
Examples in real life
• Will Cloud computing solve every problem
• Worm attack on smart grid
• Use social network to detect disease
breakout
• Code during the war
– Navajo Code in WWII
• RFID:
– Computers have controlled our lives
• Medical, ATM, banking, business
• Air traffic control
Security overview
• Risks
– Why there are risks
• Adversaries
–
–
–
–
Smart and dedicated
Many of them, considering the high employment rate
Hiding in the dark
From fun to profit (worm self-changing  botnet ->
target at specific systems)
Security overview
• Physical security is not enough (can you
be sure that your physical security
methods are sound and enough? Example
in Las Vegas, supply chain attacks, attack
on RSA chip, internal attacks)
• Networked computers can be accessed
remotely
Security overview
• What can go wrong
– Trojan war story (Trojan horse): USB keys
(Digital photo frame and SCADA)
– Corrupted internal worker
– Vulnerabilities of protocols or security
mechanisms (security patch has problems)
– By-passing protection walls
– Backdoors for systems (Linux password)
– Known attacks ignored (push and poll)
Information security
• Encryption
– You can read the information only when you
know the key
• Authentication
– You are who you claim you are
• Authorization
– The role and the right
Information security
• Information integrity
– The data has never be changed or changed in an
inappropriate way
• Non-repudiation
– Cannot deny your words (digital cash example)
• Privacy
– Who should know, how much, how to use the
information
• Your cell phone or medical records
• RFID
• Your smart meter
Security overview
• Defending methods
– Prevention
•
•
•
•
Prevent (password, salt, private salt, searching)
Deter: raising the bar (password guessing, login slow)
Deflect: making other target more attractive
Diversify
– Detection
•
•
•
•
Monitoring (who, what, and how)
Intrusion detection (signature based, anomaly based)
IP telephony track
Authenticity of the evidence (digital media)
Security Overview
• Recovery
– Recover data (check point)
– Identify the damage
– Forensics
– Confinement
• Tolerance
– Maintain a decent service quality
– Automatically degrade video quality while
reserving bandwidth for voice
Related documents
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS)
No Slide Title
No Slide Title
Smart cards
Smart cards
Delivery Partner Guide - Homes and Communities Agency
Delivery Partner Guide - Homes and Communities Agency
Honeynet Project
Honeynet Project
Computer Security - Arizona State University
Computer Security - Arizona State University
CREATIVE PROJECT: STUDENT: DEGREE: COLLEGE:
CREATIVE PROJECT: STUDENT: DEGREE: COLLEGE:
Systems Security
Systems Security
Access Control Policies
Access Control Policies
slides (PowerPoint)
slides (PowerPoint)
APT-Tactics
APT-Tactics
Research Areas - The George Washington University
Research Areas - The George Washington University
Ultimate Hacking: Web Course Description
Ultimate Hacking: Web Course Description
Course name Code/No Units Credit Units Prerequisite Lecture Lab
Course name Code/No Units Credit Units Prerequisite Lecture Lab
How to Hack a Telecommunication Company And Stay Alive
How to Hack a Telecommunication Company And Stay Alive
Risk-Aware Mitigation for MANET Routing Attacks
Risk-Aware Mitigation for MANET Routing Attacks
The Safe-Tcl Security Model
The Safe-Tcl Security Model
Memories: a survey of their secure uses in smart cards
Memories: a survey of their secure uses in smart cards
here - iTrust
here - iTrust
HumanAut (or SecHCI: Secure Human
HumanAut (or SecHCI: Secure Human
Perfect IPv4-IPv6 Defense
Perfect IPv4-IPv6 Defense
The Surging Threat of Telephony Denial of Service Attacks
The Surging Threat of Telephony Denial of Service Attacks