Security

Grant Hutchins

CS Discussion Group

Tuesday, October 22, 2002

Overview

EncryptionViruses / Worms / Other Bad Stuff

Encryption – History

Caesar CipherEnigmaRSAQuantum CryptographyWEP

Caesar Cipher

SimpleQuickEasy to BreakA becomes B, B becomes C, C becomes

D, etc.

GRANT HUTCHINS - HSBOUIVUDIJOT

OLIN - PMJO

Enigma

Nazi Germany – World War IIMechanicalRequires complex machineBroken by British scientists

RSA

1977Ron Rivest, Adi Shamir, Leonard AdlemanRequires large calculationsSimple algorithm dealing with large primesAllows for public- and private-key

cryptographyBreakable with incredibly large amounts of

computations

RSA – How it’s used

Alice tells Bob her public keyBob uses this public key to encrypt a

messageAlice receives this message across an

insecure channelOnly Alice can decode it, using her private

key (which she has password-protected on her computer)

Quantum Cryptography

1960 – Stephen Wiesner’s “quantum money”

Uses single-photon pulses down a fiber-optic line

Expensive to set up, requires direct fiber-optic connection

Impossible to break (unless you disobey the laws of Quantum Physics)

Quantum Cryptography – How it worksAlice sends Bob a photon polarized in

some direction (vertical, horizontal, slash, or backslash)

Bob measures these with either a horizontal-vertical filter or a slash-backslash filter

H-V filter gives ambiguous results on slash or backslash, and vice versa

Quantum Encryption – How it works

Bob tells Alice in which order he used which filters, and Alice tells him which of his filters were correct.

Alice and Bob throw away the ambiguous results and compare a small portion of what’s left to see if it matches

Everything else is their key

Quantum Encryption – How it works

Eve breaks in! She intercepts the photons and measures them herself.

Whenever she uses the wrong filter, she changes the polarization of the photon.

Alice and Bob don’t get the same results and know they’re being spied on

Eve goes away and cries

WEP

Wired Equivalent PrivacyUsed for 802.11b wireless LANs (like

Olin’s)Relatively weak

Viruses / Worms / Other Bad Stuff

Virus vs. Worm vs. Other Bad StuffThe Great Internet WormEmail WormsAdware and Spyware

Virus vs. Worm vs. Other Bad Stuff

Virus – Code tacked onto the end of some executable that copies itself to other executables

Worm – Similar to virus, but actively sends itself to other computers

Malware – (includes adware and spyware) Programs installed unbeknownst to users

Trojan Horses – Programs that do more than what they tell you

Social Engineering – Someone who sounds important asks you for urgent information

The Great Internet Worm

Robert T. Morris – 1988Wrote experimental self-replicating

programSpread to around 6,000 major Unix

machines (significant percentage of Internet at the time)

Morris claimed it was an innocent experiment that got out of hand

The Great Internet Worm

Cost to repair: $10m - $100m Morris was convicted under the Fraud and

Abuse Act (Title 18)Sentence: 3 years probation, 400 hours

community service, and $10,050 fine

Email Worms

Often exploit Outlook and Outlook ExpressTrick users into believing they are

legitimate emails

Example Worm (from yesterday)

From: Wilma Hardenburgh [pen@compuserve.com]Sent: Monday, October 21, 2002 5:52 PMTo: undisclosed-recipients:Subject: Fw: [cyberscribes] Request for Alphabet SentencesSally -I thought you might like to save this list of alphabet sentences to a disk.There are at least 50-70 of them on this list. Some of them a "little

racy!"(see her list below.)

Just thought you might be able to refer to it if you should need some new

ones for your classes. They were sent to me by a Cyberscr

Let’s View the Source!!!

<HTML><HEAD></HEAD><BODY><iframe src=cid:zYkp6zI51zy2q height=0 width=0></iframe><FONT></FONT>Sally -<br>I thought you might like to save this list of alphabet sentences to a

disk.<br>There are at least 50-70 of them on this list. Some of them a "little

racy!"<br>(see her list below.)<br><br>Just thought you might be able to refer to it if you should need some

new<br>ones for your classes. They were sent to me by a Cyberscr</BODY></HTML>

cid:zYkp6zI51zy2q ???

Could be just about anything, unfortunately.

Thanks Microsoft!

http://282578851835148/

Spyware and Adware

Installed usually without userknowledge

Spyware watches what you do and where you go online and reports it to someone

Adware causes ads to pop up on your screen

Lavasoft Ad-Aware can get rid of most malware! http://www.lavasoftusa.com

Other stuff worth mentioning

Steganography – Disguising a message in something else such as an image

PGP – “Pretty Good Privacy” – the first publicly available implementation of public- and private-key cryptography (“Cryptography for the masses”)