Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SECURITY:
ESSENTIALS
Daniel
Medina
medina@nyu.edu
ADMINISTRATION
NEWS
Mexican
ATM
Skimmers
Economy
of
so<ware
vulnerabili/es
New
TLS
weaknesses
RECAP
CRYPTOGRAPHY
SUBSTITUTION
A
SECRET
MESSAGE
X
PBZOBQ
JBPPXDB
Whats
the
key?
TRANSPOSITION
ASEC
RETM
ESSA
GEXX
A
SECRET
MESSAGE
RGAE
RESS
TXES
MXCA
Whats
the
key?
A
R
E
G
S
E
S
E
E
T
S
X
C
M
A
X
R
G
A
E
R
E
S
S
T
X
E
S
M
X
C
A
RGAE
RESS
TXES
MXCA
TRANSPOSITION
&
SUBSTITUTION
DES
F has subs, trans, xor
Certified for govt use:
NIST FIPS PUB 46
Tampering:
S-Boxes
Key length (64/56 bits)
DES
Whats
the
key?
(64-bits
=>
56-bits
+
8
parity
bits)
Problems?
AES:
S$ck
Figure
Guide
DIFFIE HELLMAN KX
Key
exchange
Solve
the
key-sharing
problem
Crypto
Characters:
Alice
&
Bob
Eve
(passive
adversary)
Mallory
(ac/ve
adversary)
I
like
the
cookie-dough
version
of
this
RSA
RSA
Asymmetric System
Public Key
Private Key
A hard problem:
factoring large #s
HASH FUNCTIONS
HASH FUNCTIONS
HYBRIDS
SSL
/
TLS
Confidentiality
Integrity
Authenticity
Data in transit
security on the Internet
Increasingly attacked
SSL
/
TLS
Lots
of
background
readings
on
the
challenges
Heartbleed,
comic
(SSL/TLS
vulnerability)
AAacks
on
SSL
(iSec
Partners)
SSL
Observatory
(EFF)
The
most
dangerous
code
in
the
world
SSL
Labs
/
Stricter
Security
Requirements
Preparingfor
CA
Compromise
(NIST)
Convergence
(Moxie
Marlinspike)
TOOLS