Secure communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
Internet Design Decisions and Securit Origin as a small and cooperative network ( largely trusted infrastructure) Global Addressing ( every sociopath is your next-door neighbor) Connection-less datagram service ( cant verify source, hard to protect bandwidth) Dan geer
Internet Design Decisions and Security ◼ Origin as a small and cooperative network (=> largely trusted infrastructure) ◼ Global Addressing (=> every sociopath is your next-door neighbor*) ◼ Connection-less datagram service (=> can’t verify source, hard to protect bandwidth) * Dan Geer
Internet Design Decisions and Securit anyone can connect (> ANYONE can connect) Millions of hosts run nearly identical software ( single exploit can create epidemic Most internet users know about as much as Senator Stevens aka the tubes guy (> God help us all.)
Internet Design Decisions and Security ◼ Anyone can connect (=> ANYONE can connect) ◼ Millions of hosts run nearly identical software (=> single exploit can create epidemic) ◼ Most Internet users know about as much as Senator Stevens aka “the tubes guy” (=> God help us all…)
Our Narrow focus YO es a Protecting network resources and limiting connectivity(Last time) a Creating a secure channel for communication (today) a Preventing software vulnerabilities& malware,or soclal engineering
Our “Narrow” Focus ◼ Yes: ❑ Protecting network resources and limiting connectivity (Last time) ❑ Creating a “secure channel” for communication (today) ◼ No: ❑ Preventing software vulnerabilities & malware, or “social engineering
Secure communication with an Untrusted Infrastructure Bob ISP D ISP B ISP C ISP A Alice
Secure Communication with an Untrusted Infrastructure ISP A ISP D ISP C ISP B Alice Bob
Secure communication with an Untrusted Infrastructure Mallory Bob ISP B ISP C ISP A Alice
Secure Communication with an Untrusted Infrastructure ISP A ISP D ISP C ISP B Alice Bob Mallory
Secure communication with an Untrusted Infrastructure ISP D ISP B ISP C ISP A Alice Hello. 'm “Bob
Secure Communication with an Untrusted Infrastructure ISP A ISP D ISP C ISP B Alice Hello, I’m “Bob
What do we need for a secure communication channel? Authentication(Who am I talking to? Confidentiality(Is my data hidden?) Integrity(Has my data been modified? Availability(Can I reach the destination?
What do we need for a secure communication channel? ◼ Authentication (Who am I talking to?) ◼ Confidentiality (Is my data hidden?) ◼ Integrity (Has my data been modified?) ◼ Availability (Can I reach the destination?)
What is cryptography? cryptography is about communication in the presence of adversaries Ron rivest tricks to approximate mag/c"other crazy cryptography is using math and Unknown 441 TA
What is cryptography? "cryptography is about communication in the presence of adversaries." - Ron Rivest “cryptography is using math and other crazy tricks to approximate magic” - Unknown 441 TA
What is cryptography? Tools to help us build secure communication channels that provide 1) Authentication 2) Integrity 3)Confidentiality
What is cryptography? Tools to help us build secure communication channels that provide: 1) Authentication 2) Integrity 3) Confidentiality
