security grant hutchins cs discussion group tuesday, october 22, 2002
TRANSCRIPT
Security
Grant Hutchins
CS Discussion Group
Tuesday, October 22, 2002
Overview
EncryptionViruses / Worms / Other Bad Stuff
Encryption – History
Caesar CipherEnigmaRSAQuantum CryptographyWEP
Caesar Cipher
SimpleQuickEasy to BreakA becomes B, B becomes C, C becomes
D, etc.
GRANT HUTCHINS - HSBOUIVUDIJOT
OLIN - PMJO
Enigma
Nazi Germany – World War IIMechanicalRequires complex machineBroken by British scientists
RSA
1977Ron Rivest, Adi Shamir, Leonard AdlemanRequires large calculationsSimple algorithm dealing with large primesAllows for public- and private-key
cryptographyBreakable with incredibly large amounts of
computations
RSA – How it’s used
Alice tells Bob her public keyBob uses this public key to encrypt a
messageAlice receives this message across an
insecure channelOnly Alice can decode it, using her private
key (which she has password-protected on her computer)
Quantum Cryptography
1960 – Stephen Wiesner’s “quantum money”
Uses single-photon pulses down a fiber-optic line
Expensive to set up, requires direct fiber-optic connection
Impossible to break (unless you disobey the laws of Quantum Physics)
Quantum Cryptography – How it worksAlice sends Bob a photon polarized in
some direction (vertical, horizontal, slash, or backslash)
Bob measures these with either a horizontal-vertical filter or a slash-backslash filter
H-V filter gives ambiguous results on slash or backslash, and vice versa
Quantum Encryption – How it works
Bob tells Alice in which order he used which filters, and Alice tells him which of his filters were correct.
Alice and Bob throw away the ambiguous results and compare a small portion of what’s left to see if it matches
Everything else is their key
Quantum Encryption – How it works
Eve breaks in! She intercepts the photons and measures them herself.
Whenever she uses the wrong filter, she changes the polarization of the photon.
Alice and Bob don’t get the same results and know they’re being spied on
Eve goes away and cries
WEP
Wired Equivalent PrivacyUsed for 802.11b wireless LANs (like
Olin’s)Relatively weak
Viruses / Worms / Other Bad Stuff
Virus vs. Worm vs. Other Bad StuffThe Great Internet WormEmail WormsAdware and Spyware
Virus vs. Worm vs. Other Bad Stuff
Virus – Code tacked onto the end of some executable that copies itself to other executables
Worm – Similar to virus, but actively sends itself to other computers
Malware – (includes adware and spyware) Programs installed unbeknownst to users
Trojan Horses – Programs that do more than what they tell you
Social Engineering – Someone who sounds important asks you for urgent information
The Great Internet Worm
Robert T. Morris – 1988Wrote experimental self-replicating
programSpread to around 6,000 major Unix
machines (significant percentage of Internet at the time)
Morris claimed it was an innocent experiment that got out of hand
The Great Internet Worm
Cost to repair: $10m - $100m Morris was convicted under the Fraud and
Abuse Act (Title 18)Sentence: 3 years probation, 400 hours
community service, and $10,050 fine
Email Worms
Often exploit Outlook and Outlook ExpressTrick users into believing they are
legitimate emails
Example Worm (from yesterday)
From: Wilma Hardenburgh [[email protected]]Sent: Monday, October 21, 2002 5:52 PMTo: undisclosed-recipients:Subject: Fw: [cyberscribes] Request for Alphabet SentencesSally -I thought you might like to save this list of alphabet sentences to a disk.There are at least 50-70 of them on this list. Some of them a "little
racy!"(see her list below.)
Just thought you might be able to refer to it if you should need some new
ones for your classes. They were sent to me by a Cyberscr
Let’s View the Source!!!
<HTML><HEAD></HEAD><BODY><iframe src=cid:zYkp6zI51zy2q height=0 width=0></iframe><FONT></FONT>Sally -<br>I thought you might like to save this list of alphabet sentences to a
disk.<br>There are at least 50-70 of them on this list. Some of them a "little
racy!"<br>(see her list below.)<br><br>Just thought you might be able to refer to it if you should need some
new<br>ones for your classes. They were sent to me by a Cyberscr</BODY></HTML>
cid:zYkp6zI51zy2q ???
Could be just about anything, unfortunately.
Thanks Microsoft!
http://282578851835148/
Spyware and Adware
Installed usually without userknowledge
Spyware watches what you do and where you go online and reports it to someone
Adware causes ads to pop up on your screen
Lavasoft Ad-Aware can get rid of most malware! http://www.lavasoftusa.com
Other stuff worth mentioning
Steganography – Disguising a message in something else such as an image
PGP – “Pretty Good Privacy” – the first publicly available implementation of public- and private-key cryptography (“Cryptography for the masses”)