PART II

Chapter 8 Security

Objectives

To show the need for security policies and mechanisms, particularly in networked systems.
To explain private and public key cryptography.
To explain how cryptography can be used for secure communication, authentication and signatures (non-repudiation).

Points to emphasise

Private and public key approaches are complementary, not competing technologies.
The difficulty of forseeing how attacks might be made in advance.
The integration of encryption with other aspects of system design such as authorisation (access control).

Possible difficulties

Integrating authentication with authorisation etc. How does any interaction start securely?
Understanding the different styles of attack and what they can achieve.

Teaching hints

The algorithms/protocols are quite complex. It is worth paying attention to presentation. Dynamic build-up of slides and use of colour, to highlight senders, receivers, third parties etc. may be useful.

Put up e.g. Needham-Schroeder or Kerberos 1 and ask for possible attacks to discuss later.

Emphasise the increasing use of SSL for web-based applications and ssh for connection to inside firewalls.