Transcript CSCI6268L01

Foundations of Network and
Computer Security
John Black
CSCI 6268/TLEN 5550, Spring 2015
Introduction
• UC Davis
– PhD in 2000
– Cryptography
– Interested in broader security as well
• UNR two years
• CU Boulder 13 years
• My teaching style
This Class
http://www.cs.colorado.edu/~jrblack/class/csci6268/s15/
• Use above for all materials
– Available from my home page
• This is a CAETE course
– Several distance-learning students
– Lectures available on the web
• http://engineeringanywhere.colorado.edu/currentstudents/online-course-access
Logistics
• MWF, ECCS 1B12, 2:30pm – 3:45pm
• Final, Not sure! I’ll figure this out before
May 
• Office Hours
– ECOT 627, M 11-11:50am; W 11:00-11:50am
– [email protected] (better than
dropping by without an appt)
Grading
• See course info sheet
– Grading: 4-5 quizzes (20%), a project (20%),
a midterm (25%) and a final (35%)
• Course Topics
– Why no book?
– Cryptography and Network Security
• Quite a blend of math, hacking, and thinking
Topics
• Policy, Law, History
– A Taste Today
• Cryptography
– Not how to make it, but how to use it
• Hacking
– Buffer overruns, WEP attack, TCP session hijacking,
DDoS, prevention
– Some hands-on using OpenSSL (project)
Miscellany
Class Format: Informal
– Small class
– Ask questions!
• Slides
– Sometimes available in advance
History
• Early days of Cryptography
• Lucifer and DES
• Export restrictions
– 40 bit keys!
• Public Key Cryptography
– MI6 had it first?!
• Differential cryptanalysis
– NSA knew first
Who is the NSA?
• National Security Agency
–
–
–
–
Huge
Fort Meade, MD
More mathematicians than anywhere else
Classified budget
Does the US Spy on its
Citizens?
• Yes.
Recently, This Guy
• Snowden emerged as the most recent
whistleblower in May 2013
Reaction
• UK Defense and US Army facilities block
access to reports on these disclosures
– Remind you of anything?
• Obama says, “Trust us”
– He is a former constitutional and civil rights
attorney
Laws
• DMCA
– Felten RIAA/SDMI case most famous
• 2001 SDMI challenge
– Many believe it’s the right idea, but a bad law
– All reverse-engineering is sketchy
• CALEA (1994)
– Communications Assistance for Law Enforcement Act
– 2004 ruling says VoIP must provide compliance
• Has withstood all court challenges
• Patriot Act
Policy
• Government has attempted to control
encryption before
– Skipjack
– Key Escrow
– Clipper Chip
• Ultimately failed due to massive protest
from “privacy advocates”
– Electronic Frontier Foundation (John Gilmore)
What about Other Snooping?
• Lotss of ways to track you
– Cookies, IP address, Facebook, cameras,
license plates, cell phones, POS data (Target
story), satellites, DNA
How Much Should We Care?
• The younger you are, the less you tend to
care
• Why?
Misc
• Commercial ventures