New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Computer Security

by: Libby Kuhlman

Computer Security CSE 543

Libby Kuhlman
Penn State
GPA 3.53


Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Class Notes
25 ?




Popular in Course

Popular in Computer Science and Engineering

This 0 page Class Notes was uploaded by Libby Kuhlman on Sunday November 1, 2015. The Class Notes belongs to CSE 543 at Pennsylvania State University taught by Staff in Fall. Since its upload, it has received 17 views. For similar materials see /class/233115/cse-543-pennsylvania-state-university in Computer Science and Engineering at Pennsylvania State University.

Similar to CSE 543 at Penn State

Popular in Computer Science and Engineering


Reviews for Computer Security


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 11/01/15
CSE 543 Computer Security Lecture 2 Introduction September 7 2006 A historical moment Mary Queen of Scots is being held by Queen Elizabeth 39 and accused of treason All communication with co conspirators encrypted Walsingham needs to prove complicity PENNSTATE PENNSTATE Intuition Cryptography is the art and sometimes science of secret writing Less well know is that it is also used to guarantee other properties eg authenticity of data This is an enormously deep and important field However much of our trust in cryptographic systems is based on faith particularly in efficient secret key algorithms ask Mary Queen of Scots how that worked out This set of lectures will provide the intuition and some specifics of modern cryptography seek others for additional details Menezes et al I J PENN SIAIE Cryptography Cryptography cryptographer Creating ciphers Cryptanalysis cryptanalyst Break ciphers The history of cryptography is an arms race between cryptographers and cryptanalysts CSE543 Computer and Network Security Fall 2006 Professor Jaeger Encryption algorithm PENNSTATE Algorithm used to make content unreadable by all but the intended receivers Eplaintextkey ciphertext Dciphertextkey plaintext Algorithm is public key is private Block vs Stream Ciphers Block input is fixed blocks of same length Stream stream of input PENNSTATE Example Caesar Cipher Substitution cipher Every character is replaced with the character three slots to the right Q What is the key S V Cyptanalyze this cfh orng aq Cryptanalysis of ROTx Ciphers Goal to find plaintext of encoded message Given ciphertext How simply try all possible keys Known as a brute force attack Shared key cryptography PENNSTATE Traditional use of cryptography Symmetric keys where A single key k is used is used for E and D DEpkkp All intended receivers have access to key Note Management of keys determines who has access to encrypted data Eg password encrypted email Also known as symmetric key cryptography PENNSTATE Key size and algorithm strength Key size is an oftcited measure of the strength of an algorithm but is strength strongly correlated or perfectly correlated with key length Say we have two algorithms Aand B with key sizes of 128 and 160 bits the common measure Is A less secure than B What if AB for variable keylength algorithms PENNSTATE Is there an unbreakable cipher As it turns out yes Claude Shannon proved it The onetime pad OTP Assume you have a secret bit string s of length n known onlyto two parties Alice and Bob Alice sends a message m of length of n to bob Alice uses the following encryption function to generate ciphertext c foraI i1 to n Ci m 69 s Eg XOR the data with the secret bit string An adversary Mallory cannot retrieve any part of the data Simple version of the proof of security Assume for simplicity that value of each bit in m is equally likely then you have no information to work with I J PENNSTATE Reading papers o What is the purpose of reading papers 0 How do you read papers PENNSTATE Understanding what you read 0 Things you should be getting out of a paper 0 What is the central idea proposedexplored in the paper 5th These are the best areas to nd 0 Introduction an overview Of the 0 Conclusions contribution 0 How does this work fit into others in the area 0 Related work often a separate section sometimes not every paper should detail the relevant literature Papers that do not do this or do a superficial job are almost sure to be bad ones 0 An informed reader should be able to read the related work and understand the basic approaches in the area and how they differ from the present work I l PENNSTATE Understanding what you read cont What scientific devices are the authors using to communicate their point Methodology this is how they evaluate their solution 0 Theoretical papers typically validate a model using mathematical arguments eg proofs Experimental papers evaluate results based on test apparatus eg measurements data mining synthetic workload simulation trace based simulation Some papers have no evaluation at all but argue the merits of the solution in prose eg paper design papers Understanding what you read cont 0 What do the authors claim 0 Results statement of new scientific discovery 0 Typically some abbreviated form of the results will be present in the abstract introduction andor conclusions 0 Note thatjust because a result was accepted into a conference or journal does necessarily not mean that it is true Always be circumspect 0 What should you remember about this paper 0 Take away what general lesson or fact should you take away from the paper 0 Note that really good papers will have takeaways that are more general than the paper topic I l PENNSTATE Summarize Thompson Article 0 Contribution 0 Related work 0 Methodology 0 Results 0 Take away PENNSTATE ASampIe Summary r75 Contribution Ken Thompson shows how hard it is to trust the security of software in this paper He describes an approach whereby he can embed a Trojan horse in a compiler that can insert malicious code on a trigger eg recognizing a ogin program Related Work This approach is an example of a Trojan horse program ATrojan horse is a program that serves a legitimate purpose on the surface but includes malicious code that will be executed with it Examples include the SonyBMG rootkit the program provided music legitimately but also installed spyware Methodology The approach works by generating a malicious binary that is used to compile compilers Since the compiler code looks OK and the malice is in the binary compiler compiler it is difficult to detect Results The resulting system identifies construction of ogin programs and miscompiles the command to accept a particular password known to the attacker Take Away Thompson states the obvious moral that you cannot trust code that you did not totally create yourselfquot We all depend on code but constructing a basis for trusting it is very hard even today a PENNsFIT L Everyone has a different way of reading a paper 0 Here are some guidelines I use 0 Always have a copy to markup Your margin notes will serve as invaluable signposts when you come back to the paper eg here is the experimental setup or main result described here After reading write a summary ofthe paper containing answers to the questions in the preceding slides If you can t answer at least at a high level these questions without referring to the paper it may be worth scanning again 0 Overthe semester try different strategies for reading papers eg Honeyman approach and see which one is the most effective for you PENNSTATE Reading a systems security paper 0 What is the security model n Who are the participants and adversaries n What are the assumptions of trust trust model n What are the relevant risksthreats o What are the constraints a What are the practical limitations of the environment a To what degree are the participants available 0 What is the solution a How are the threats reasonably addressed a How do they evaluate the solution 0 Take away key idea that drives the design eg generalization not solely engineering 0 Hint I will ask these questions when evaluating course project I l Presenting a Paper 0 Similar to Summary 0 Same basic areas as a summary 0 Different Than a Summary f 0 Engage the audience 0 Identify an insight 0 Argue a point 0 Make an extension o Relate to Security Concepts 0 What Strikes You 0 Passion is good PENNSTATE Armando Fox s Presentation Hints as 0 Know Thy Jargon 0 Keep the Big Picture in Mind YmShmwm m 0 Tell a Story 0 Pace Yourself 0 Tell em What You Told em 0 Be Ready for Questions Piling Thmnte ll 0 Do you trust this program 0 What is the trust model of a typical program o How does the Thompson compiler impact the trust model 0 What are the threats 0 Shows that we cannot assume trust blindly PENNSTATE Methodology 0 Define Trojan horse 0 Program that performs or looks legitimate 0 But it also contains a malicious function 0 Capture secrets impact integrity cause DOS 0 Trojan horse in a compiler 0 Compilers convert one language to another 0 How do we know that it works correctly 0 Check the code of the compiler 0 Put the Trojan horse in the compiler compiler binary 0 No source code gives it away 0 Supposedly worked for a while I l Establishing Trust o How do we establish trust in a program 0 Code binary andor source 0 Source Eg authenticode signed Jarfiles 0 Behavior Track how it runs 0 Community Ask someone else if it s OK 0 Inputs What about what we put in it o What are the risks of these approaches 0 How does it accumulate 0 Even if we get a valid program 0 May be modified viruses and reconfigured I l PENNSTATE Course Project 0 The course project requires the student execute some limited research in security Demonstrate applied knowledge Don t try to learn some new non security field Be realistic about what can be accomplished in a single semester However the work should reflect real thought and effort 0 The grade will be based on the following factors novelty depth correctness clarity of presentation and effort I l Devlierables PE 0 The chief product ofthe project will be a conference style paper There will be several milestones 0 Project Choice 91406 0 Background and Related work 101006 0 Experiment Proposal 102406 0 Project Status Slides 111406 0 Final Project Writeup 122106 Everyone will present to 12406 describing the project progress expected results and related work This is the most important factor in your grade 35 so you bettertake it seriously 0 Eg an exceptionally good project may help your grade I l PENNSTATE Project Choice 0 Due on Sept 14 500pm 0 Order list of projects 0 Choose three projects in order of interest 0 Choose two collaborators 0 Optional 0 Get a sense of groupings o lwill choose your project and group 0 Hopefully I can resolve the constraints implied 0 One group per project 0 Afunctional group 0 Project choices see course calendar


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

Allison Fischer University of Alabama

"I signed up to be an Elite Notetaker with 2 of my sorority sisters this semester. We just posted our notes weekly and were each making over $600 per month. I LOVE StudySoup!"

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Parker Thompson 500 Startups

"It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.