What have we learnt so far - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

What have we learnt so far

Description:

Security (can an attacker cheat?) Adversarial modeling. Rational attackers (only cheat for a benefit) vs. malicious attackers (ok to ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 14
Provided by: sit9
Category:

less

Transcript and Presenter's Notes

Title: What have we learnt so far


1
What have we learnt so far?
2
Building block One-way functions
  • Examples of one-way functions graphs, hash
    functions, modular exponentiation
  • What to do with them design signature schemes,
    broadcast authentication, design medium-hard
    functions, make commitments, devise pseudo-random
    generators.

3
Building blockModular arithmetic
  • What operations are easy? Which ones are believed
    to be infeasible?
  • What we can use modular arithmetic for
    Diffie-Hellman Key Exchange, El Gamal encryption
    (and there is much more)

4
Building blockSecret sharing
  • How is this done? Give out points on a graph,
    insufficient number does not determine graph.
  • What to use it for? Require a threshold of
    knowledge/consent for an action.

5
Important properties we want
  • Fairness (pay first or get delivery first?)
  • Privacy (do not leak activities and contents to
    eavesdroppers and.)
  • Efficiency (computation, storage, interaction)
  • Security (can an attacker cheat?)

6
Adversarial modeling
  • Rational attackers (only cheat for a benefit) vs.
    malicious attackers (ok to hurt oneself as long
    as others also get hurt)
  • Assumptions on what the attacker knows, can
    guess, who he can corrupt, how many?

7
Important attacksDenial of Service
  • Goal block service by making many many requests
  • How? Send in random information that has to be
    checked. Make others send information or
    requests.
  • Why? Terrorism, hurt competitors, lock enemies
    out from resources.
  • Countermeasures puzzles, CATCHAs

8
Important attacksImpersonation/Man-in-the-middle
  • Why? Obtain access to some resource, eavesdrop on
    conversations, change contents of conversations.
  • How? Claim to be somebody. Insert fake
    transcripts, e.g., during key exchange.
  • How to avoid? Authentication, use shared
    passwords, second communication channel.

9
Important attacksPhishing
  • Gain access to somebodys resources using
    technology and social engineering.
  • Why? Steal money, perform money laundry, obtain
    insider information, hack into a system.
  • How to avoid? Understand vulnerabilities (by
    thinking like the attacker), change protocols to
    give out less information.

10
Important settingsWireless / computationally
limited
  • How is information sent? What information does an
    attacker get?
  • How is information stored and processed? Is it
    efficient enough?
  • How can an attacker drain resources?
  • What can be done? Help from trusted party,
    light-weight cryptography.

11
Important applicationsPayments
  • Unforgeability (you cant mint)
  • Privacy (for the good guys)
  • Traceability (when something goes wrong).
  • Efficiency (computation, storage).

12
Important applicationsLogin
  • Passwords How does login work? How is data
    stored? What if you forget it? What is a
    dictionary attack?
  • Login tokens how do they work? What are
    benefits?
  • Biometric methods (such as voice).

13
Important lessons
  • Know how things can fail. (Impersonation,
    spoofing, denial of service, man-in-the-middle.)
  • Notice when things do fail. (Be suspicious. How
    could you cheat?)
  • Propose things that will not fail. (But how can
    we be sure?)
Write a Comment
User Comments (0)
About PowerShow.com