1.8 KiB
1.8 KiB
Lecture 1 (12:00) - Data Communication Security
Normal Communication
Alice => Message => Bob
- We assume:
- A dedicated transmission system
- Good will, Co-operation, Competence among participants These are not valid assumptions.
Security
- Human problem caused by deliberate exploitation of weakness in the transmission system.
- Bad passwords, spoofing / phishing, config errors
- Bad procedures, backdoors, overcomplexity
- Can solve some problems, manage some, and detect some, but cannot fix everything.
- Security threats are generic to all forms of communication, not specifically computers or digital devices. Understanding them is vital to understanding IT.
Password Security
- Password file must always be assumed to be readable
- Contains encrypted passwords.
- "Dictionary Attacks"
- Pre-encode a dictionary of words (and combination of words). Then simply look up any encoded passwords.
- "Cracker" Programs / "Brute force attacks"
Encryption
- Scramble the message in some way so that it is only meaningful to Alice and Bob.
- Alice takes message and applies some algorithm to each of the letters to generate an encrypted message.
- Bob applies the reverse algorithm to regenerate the original message
- The aim is that Eve cant do one (or both) of these things
- If she cant decrypt, she cant eavesdrop
- If she cant encrypt, she cant masquerade.
- The more keys, the longer it takes to break
Caesar-shift
- Each letter is replaced by another letter, k positions later in the alphabet
- If k=3:
- A becomes D
- B becomes E
- C becomes F
- …
- "ATTACK AT TEN" becomes
- DWWDFN DW WHQ
- plaintext - ATTACK AT TEN
- ciphertext - DWWDFN DW WHQ
- Encryption method - Substitution
- Encryption Key - 3
- Decryption Key - 3
- Problem is how to share the key