2. Agenda
What’s information safe.
Major problems and solutions.
Why must care.
Security ...
Q&A
Hoang V.Nguyen 5/1/2010 2
3. What’s information safe
In some cases, some properties of information
must be protected
Our tasks
?What properties
?How to protect
Hoang V.Nguyen 5/1/2010 3
4. Major problems and solutions
Confidentiality
• E: PxK C
such that: if y=E(k,x) then: H(y)≥H(x) and maximize H(k)
• D: CxK P
Integrity
• You cannot protect
• But you can detect
Trust
• Make a belief to Alice and Bob
Others ….
• ….
Hoang V.Nguyen 5/1/2010 4
5. Major problems and solutions
R
R C4
Confidentiality
• E: PxK C DES S Elliptic Curve
such that: if y=E(k,x) then: H(y)≥H(x) and maximize H(k)
blowfish IDEA A
• D: CxK P
Integrity CMAC
• You cannot protect Skien hash Family
• But you can detect
HMAC
Digital signature
Trust
• Make a belief to Alice and Bob
Certificate Authority
Others ….
• ….
Hoang V.Nguyen 5/1/2010 5
6. Why must care?
User
Developer Project manager
Our jobs?
Designer
Tester
Make security
Consultant
Coder
Solution Consultant Maintainer
Business analyst
Hoang V.Nguyen 5/1/2010 6
7. Security….
What
• Theory
• Solution/pattern
• Design
• System
How
• Understand
• Try to attack, and discover vulnerability
• Fix
Hoang V.Nguyen 5/1/2010 7
8. Security….
Michael Howard & others Andy Oram & John Viega Michael Howard & others
The Security Development Lifecycle by Michael Howard & Steve Lipner 2006
Hoang V.Nguyen 5/1/2010 8