Computer Security Lecture 1

1
Computer Security Lecture 1

• Phillip G. Bradford
• Computer Science
• University of Alabama

2
Lecture Outline

• Syllabus
• Learning
• Grading
• Your Expectations
• My Expectations
• Material High Level Overview
• Motivation
• Many types of Computer Security
• Cryptography and Computer Security

3
Lecture Objectives

• Reach an Understanding of Expectations for this
  course
• See many facets of Computer Security
• Motivating Example Graphical Passwords
• How-to
• Analysis

4
One of My Personal Goals

• To Get Undergraduates Involved in Research
• How?
• Use this class as a base

5
Earning Graduate Credit

• Graduate credit requires
• Extra questions on the Exams
• Clearly marked
• A class project
• Five to Ten pages, topics assigned by the
  instructor

6
Credits

• 1 B. Schneier Applied Cryptography 2nd
  Edition, Prentice Hall, 1996.
• Web Paper, Sobrado and Birget http//rutgersschol
  ar.rutgers.edu/volume04/sobrbirg/sobrbirg.htm

7
Brief Motivation

• Industry
• Computer Systems are Mission Critical
• Internet adds a giant external threats
• Data may be accessible to the world
• Procedures/Process may be monitored
• Government
• Protection Hostile Governments/Terrorists
• Cracking Hostile Governments/Terrorists
• Protecting Economic Interests

8
New Paradigms

• Distributed Data and Computing
• Key Computing Paradigm
• Raises Computer Security Issues
• Ease-of-use vs. Security trade off
• New Business Models Digital Products
• DVDs, Music CDs
• Pay-per-view, wireless transactions
• Software leasing and ASPs
• Automated Authentication and Verification

9
Foundations

• Basic Desired Functionality
• Confidentiality
• Integrity
• Authentication
• Non-repudiation

10
Starting at the Beginning

• Computer Passwords
• What makes a good password?
• For whom?
• Easy to recall for the human
• Relationship chasing
• Easy to guess for the attacker
• Dictionary Attacks
• Many responses
• Check your own users!
• Timeouts

11
Graphical PasswordsSee link Sobrado and Birget

• Classical Passwords are Alpha-numeric
• Often with strong relationship to the user
• Easy to define search space
• Enlist another human association power
• Graphical visual cognition!
• Consider human face recognition
• Much security is based on face recognition

12
Graphical Passwords

• Human ability to recognize faces is
  extraordinary!
• Use human ability to recognize faces
• Not the computers inabilities!
• How can we create a password scheme
• That builds on Human Face recognition?
• See citations in Sobrado and Birget for history
  and background

13
Start with a Famous Urn
14
Define Sequence of ClicksIn Specific Places
4
1
3
2
15
Pros and Cons

• The bad news
• Shoulder Surfing
• Even worse than for typed passwords
• The good news
• Quick and Easy for humans to process
• To Help correct for Shoulder Surfing
• Sobrado and Birget suggest
• Challenge-Response Authentication

16
Challenge-Response Authentication

• Alice proves to Bob that she knows their common
  secret
• Without letting an observer know the secret!
• This allows us to foil shoulder surfers
• It also happens to have both
• Important applications, and
• Deep theoretical foundations

17
Random Scatter-Grams
18
HomeworkAnalysis How good is this?

• Secret Man-Made Things
• Must select inside the convex-hull of these
  objects
• Repeat Randomly placed Objects
• How many passwords given k man-made icons?
• How does this compare to length k alpha-numeric
  password?