Cheating

1
Cheating Issues in Security and Privacy
A conceptual overview of the course.
2
What is cryptography?

• A way to keep people honest
• (and avoid the bad guys)
• Example Fair exchange for Internet transactions

3
What is cryptography?
2. A way to keep things secret Examples
data, geographic location, purchase patterns,
memberships, http//citeseer.ist.psu.edu/reiter99a
nonymous.html
4
What is cryptography?

• 3. A way to prove you know something
• Example Ali Babas cave

5
Cryptography is based on
1. Adversarial thinking
and if she does that, then I will
we always want to be one step ahead
6
Cryptography is based on
2. The (assumed) existence of one-way functions
COLOR THIS!
Example three-colorability is NP-complete (is
in NP, and has P-time transformation to every
language in NP)
7
Cryptography is based on
This is a valid 3-coloration
8
Cryptography is based on
Note easy to generate instances (but hard to
solve a problem instance)
9
Levels of abstraction
Protocols Implementation Practical issues
10
Levels of abstractionProtocol layer
Reality Bad people abuse society
Target People are good
A protocol defines the interaction between
entities to get the desired properties.
11
Levels of abstractionImplementation layer
Reality Windows, viruses, cookies, etc.
Target Your computer works like you want it to
A good implementation (of a protocol) avoids
unwanted side-effects.
12
Levels of abstractionpractical issues
Reality It broadcasts its identity and
location all the time
Target Your phone comes alive for each phone
call
Even if the protocol and the implementation are
good is this a good feature?
13
Settings and applications
Society provides services for honest citizens
but wants to avoid abuse by criminals Example
bank robbery, http//www.informatics.indiana.edu/m
arkus/papers/privacy_chapter.doc
14
Settings and applications
People pool resources to achieve some goal (see
SETI_at_home)
We want to avoid vandalism Avoid false
positives duplicate search Avoid false
negatives insert fake aliens (We want protocol
robustness)
15
Settings and applications
A company provides a service for a fee
and wants to avoid piracy / sharing
16
Settings and applications
People use a device or service in a way they
like but want to avoid being abused.
Example 1 phones and telemarketing Example 2
Bluetooth www.cs.ut.ee/helger/crypto/link/practic
e/bluetooth.php Example 3 location privacy
Example 4 voting and vote buying Example 5
money and extortion
17
What do we want to protect?
Secret information Usage patterns Access to
data Resources and infrastructure
18
How can we be attacked?

• By honest-looking users turned evil
• By an outside enemy
• By an inside enemy
• By human enemies (e.g., accidential DoS)
• By hardware (e.g., location tracking)
• By software (e.g., viruses, buggy software,
  agents)

(Perhaps we should instead ask how we can not be
attacked.)
19
How can we defend ourselves?

• Understand the attacker goals, motivation and
  resources
• Understand the value of what we protect
• Understand what features given building blocks
  offer
• (dont use encryption for everything!)
• Understand what protocols do and dont do
• Understand what people will put up with
• Understand what the limitations are (cost,
  hardware, etc.)

20
This course is about

• How to formulate the problem
• determine what the threat is
• know what tools there are
• what type of attacks there are
• and to think critically

21
We will
but will not

• cover a lot of ground
• consider big picture
• try to learn the intuition

• always go into detail
• be mathematically precise

You have to

• read a lot
• be critical
• find mistakes