masterthesis/references/IntroToTrustedComputing_full_10-24-2012/background-intro.tex

\documentclass{beamer}
\usepackage{graphicx}
\usetheme{Madrid}

\title[Crypto Basics]{Introduction to Trusted Computing: \\ Crypto and Security Basics}
\author{Ariel Segall\\ ariels@alum.mit.edu}
\date{Day 1\\ \bigskip Approved for Public Release: 12-2749. \\Distribution unlimited}

\begin{document}

\begin{frame}
es

\maketitle
\end{frame}

\begin{frame}{License}

All materials are licensed under a Creative Commons ``Share Alike'' license.
\begin{itemize}
\item http://creativecommons.org/licenses/by-sa/3.0
\end{itemize}
\includegraphics[width=4in]{creativecommons.png}
\end{frame}

\begin{frame}{The Lightning Review}

Goal: quickly familiarize you with the following concepts, or refresh your memory

\begin{itemize}
\item Core security principles
\item Nonce
\item Cryptographic keys (symmetric and asymmetric)
\item Hashes
\item Common attack terms
\end{itemize}

Confused? Ask questions early and often!

\end{frame}

\begin{frame}{What do we mean by secure?}

Three basic concepts:

\begin{itemize}
\item Confidentiality (Secrecy)
\item Integrity
\item Availability
\end{itemize}

Trusted computing focuses on the first two.

\end{frame}

\begin{frame}{Freshness and Nonces}
\begin{itemize}
\item We often want to be sure that data is \textit{fresh}, or recent.
\begin{itemize}
\item Am I actually talking to you now, or is this a recording?
\end{itemize}
\item Our primary tool: \textit{nonces}
\item Nonce: \textit{freshly generated} random number
\begin{itemize}
\item Must be unpredictable!
\end{itemize}
\item Nonce generator knows any message containing their nonce was created after the nonce
\item Allows locally verifiable confirmation that remote activity current
\begin{itemize}
\item Timestamps aren't verifiable! Too predictable.
\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{Cryptographic Keys}

Two main types:
\begin{itemize}
\item Symmetric keys
\item Asymmetric keys 
\begin{itemize}
\item aka ``public keys'', ``public-private key pairs''
\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{Symmetric Key Cryptography}

\begin{itemize}
\item Same key used for all operations: encryption vs. decryption, signing vs. verifying
\item Usually very fast, good for bulk operations
\item Big disadvantage: key distribution
\item Not a primary topic for today
\end{itemize}

\end{frame}

\begin{frame}{Public Key Cryptographic (Asymmetric)}

\begin{itemize}
\item Keys come in pairs: one public, one private
\begin{itemize}
\item Public key is just that: no security risk from world knowing
\item Private key must be kept secret.
\end{itemize}
\item Private key used for decryption, signing
\item Public key used for encryption, verification
\item Great for proofs of identity
\item Slow to use; not very good for bulk operations
\item RSA: most common public key algorithm in use now
\end{itemize}

\end{frame}

\begin{frame}{Hashes}

\begin{itemize}
\item Cryptographic hash: one-way function from arbitrary data to fixed length
\item Critical hash properties:
\begin{itemize}
\item Easy to calculate
\item Infeasible to reconstruct data from hash
\item Infeasible to find collisions (different data, same  hash)
\item Infeasible to modify data without changing hash
\end{itemize}
\item SHA1: hash algorithm primarily referred to in this class
\begin{itemize}
\item More recent algorithms exist; not widely supported in hardware yet
\end{itemize}
\end{itemize}

\end{frame}

\begin{frame}{Common Attack Terms}

\begin{description}

\item [Denial of Service (DoS)] Attack where adversary causes service
  to be unavailable, temporarily or permanently. DoSes can also happen by accident.
\item [Man in the Middle (MitM)] Attack where adversary fowards messages between parties, potentially modifying them, to deceive one or both parties or to reveal supposedly secret information.

\end{description}

\end{frame}

\begin{frame}{Questions?}

\end{frame}

\end{document}