Lecture 9: Intrusion Prevention Systems, Digital Signatures (Feb 22)

The class started with a presentation on Intrusion Prevention Systems from Justin Bode. Justing began with a funny video that emphasized the need for computer security and privacy in general. The talk started with discussing the need for IPS which flows from the limitations and weaknesses of Anti-viruses, Firewalls and ID systems. Justing then explained how IPS work, covering several methods of intrusion prevention such as heuristic analysis, sandboxing, kernel-based calls interception, etc. Finally, the different types of IPS (network-based, host-based, etc.) were showed and compared according to their strengths and weaknesses.

Dr. Gunes traditionally started the lecture with the review of previous class materials and briefly went through hashing algorithms. Lecture proceeded with the introduction of the topic of Digital Signatures. Digital Signature is an indication of the signer's agreement with contents of an electronic document (similar to signatures on physical documents). The two necessary properties of a digital signature were said to be unforgeability (signer protection) and authenticity (seller protection). Digital signatures are also non-alterable (signed document is non-modifiable without invalidating the signature) and non-reusable (signature is unique to document). An important property of an electronic signature is that it is verifiable by any user.

Some implementation details were given. RSA encryption system was identified to be appropriate to implement a digital signature system. The general mechanism to generate a signature is to pass the message through a redundancy function and encrypt such message with your private key. To verify the signature, one should use your public key to decrypt the message and pass it through a reverse of the redundancy function. Redundancy function must be chosen carefully, as a poor redundancy function can make it easy to forge random signed messages by unauthorized parties.

The method discussed above only provides authenticity, not privacy. To add privacy protection, it is possible to further encrypt the message with a public key of the receiver, so he is the only one who would be able to decrypt it (with his private key).

In conclusion of the lecture, an example of digitally signing a document was given. In the example, message digest was encrypted and send as a key along with the original message. The receiver could verify the authenticity of the signature, but not modify the original message without invalidating the signature.