Outline for January 7, 1999

  1. Greetings and Felicitations
    1. Review general information
  2. Quote of the Day
  3. Basic components
    1. Confidentiality
    2. Integrity
    3. Availability
  4. Threats
    1. snooping
    2. modification
    3. masquerading; contrast with delegation
    4. repudiation of origin
    5. denial of receipt
    6. delay
    7. denial of service
  5. Role of policy
    1. example of student copying files from another
    2. emphasize: policy defines security
    3. distinguish between policy and mechanism
  6. Goals of security
    1. prevention
    2. detection
    3. recovery
  7. Trust
    1. hammer this home: all security rests on trust
    2. first problem: security mechanisms correctly implement security policy; walk through example of a program that logs you in; point out what is trusted
    3. second problem: policy does what you want; define secure, precise
  8. Operational issues; change over time
    1. cost-benefit analysis
    2. risk analysis (comes into play in cost-benefit too)
    3. laws and customs
  9. Human Factors
    1. organizational problems
    2. people problems (include social engineering)
  10. What is cryptography?
    1. cipher vs. code
    2. plaintext (cleartext) M, ciphertext C, key k
    3. encryption Ek, decryption Dk
  11. Requirements for a cryptosystem
    1. enciphering, deciphering is efficient for all keys
    2. easy to use
    3. strength is depends on secrecy of keys only, not on secrecy of E or D
  12. What it can do: Secrecy
    1. computationally infeasible to determine Dk from C even if corresponding M known
    2. computationally infeasible to determine M from C if k unknown
  13. What it can do: Data Authenticity (Integrity)
    1. computationally infeasible to determine Ek from C even if corresponding M known
    2. computationally infeasible to find a C' such that Dk(C') is valid plaintext
  14. Attacks
    1. ciphertext only
    2. known plaintext
    3. chosen plaintext
    4. chosen ciphertext

Quote

"All warfare is based on deception. Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near. Hold out baits to entice the enemy. Feign disorder, and crush him. If he is secure at all points, be prepared for him. If he is in superior strength, evade him. If your opponent is of choleric temper, seek to irritate him. Pretend to be weak, that he may grow arrogant. If he is taking his ease, give him no rest. If his forces are united, separate them. Attack him where he is unprepared, appear where you are not expected."

-- Sun Tzu, The Art of War, (Translated by James Clavell), Dell Publishing, New York, NY 10036 (1983).


You can get this document in ASCII text, Framemaker+SGML version 5.5, PDF (for Acrobat 3.0 or later), or Postscript.
Send email to cs253@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562



Page last modified on 1/15/99