Lecture 16 Outline

Reading: text, §11, 12, 13
Due: Homework 4, on May 23

  1. Greetings and felicitations!
    1. Discussion question
  2. Cryptographic Key Infrastructure
    1. Certificates (X.509, PGP)
    2. Certificate, key revocation
  3. Networks and ciphers
    1. Where to put the encryption
    2. Link vs. end-to-end
  4. PEM, PGP
    1. Goals: confidentiality, authentication, integrity, non-repudiation (maybe)
    2. Design goals: drop in (not change), works with any RFC 821-conformant MTA and any UA, and exchange messages without prior interaction
    3. Use of Data Exchange Key, Interchange Key
    4. Review of how to do confidentiality, authentication, integrity with public key IKs
  5. Authentication
    1. Validating client (user) identity
    2. Validating server (system) identity
    3. Validating both (mutual authentication)
    4. Basis: what you know/have/are, where you are
  6. Passwords
    1. Problem: common passwords
    2. May be pass phrases: goal is to make search space as large as possible, distribution as uniform as possible
    3. Other ways to force good password selection: random, pronounceable, computer-aided selection

Discussion question. How does weapon development, as described in the following paragraph, compare to developing computer security mechanisms?

Weapons developers, when given a choice, always go for the complex, elaborate solution at the expense of the simple one. Complexity leads to higher costs: purchase costs, operations costs, and maintenance costs. Higher costs result in fewer weapons, which, in turn, lead to contrived tests and analyses to prove that the relatively few complex systems can overcome the larger numbers of the simpler, less expensive weapons of the enemy. The fewer the weapons, the tighter is the control of these precious assets by a centralized command structure. The elaborate paraphernalia that comes with the centralized command structure only adds to the complexity of the overall system.
From J. Burton, The Pentagon Wars, Naval Institute Press, Annapolis, MD (1993), p. 41.
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of May 19, 2016 at 7:10AM

You can also obtain a PDF version of this.