philsec.pdf

CITA-250: Information Security

American University in Bosnia and Herzegovina Spring 2009

Agenda

 Course Introduction  Syllabus

 http://sites.google.com/a/aubih.edu.ba/cita-250/syllabus

 Philosophy, Language, and Computer Security  Introduction to Computer Security

 Break

Course Introduction

 Walk through the Syllabus

 If we do this properly, this will be the most fun

class you have in college!

 If we do this improperly, I will be fired or

imprisoned and you will be expelled!

 We get to break things!

 Repeat: we get to break things!

 Caveat: we must be exceedingly careful

Philosophy and Computer Security

 Many of the topics we will discuss in this class

have analogues in:

 History

 Linguistics

 Philosophy

 Computer and information security raises

fundamental questions regarding language.

 Specifically: is the purpose of language to

What am I really trying to say?

 Fact 1: I love my Mother

 Fact 2: My Mother is not a very good cook  Fact 3: My Mother likes to cook for me

 Question: My Mother asks me if I like dinner.  Response: This is wonderful! Thank you.

 Fact 4: I spend several days in the hospital after

dinner at my Mother's house.

 Analysis: When I exclaimed “This is wonderful!”,

Shibboleth

Book of Judges. The full account is in Chapter 12, verses 1-15.

“Then said they unto him, Say now Shibboleth: and he said Sibboleth: for he could not frame to pronounce it right. Then they took him, and slew him at the passages of Jordan: and there fell at that time of the Ephraimites forty and two

thousand.”

See Professor Kemmer's Website for full background

Shibboleth as Linguistic Password

 Linguistic password that serves to

 Include speakers of a certain dialect

 Exclude speakers of other dialects

 Sienese Shibboleth

 This is an example of language serving as a security

mechanism

 Sadly this technique has been used frequently

throughout history to hurt people who were different

 Note: the meaning of the word did not matter in this

Language and Compression

 Most languages use compression to convey

more meaning in less time

 Contractions: do not becomes don't

 Acronyms: NIMBY

 Poetry is a highly compressed form of language

 Haiku: only 17 syllables

Language and Compression

 Haiku Computer Error Messages  http://www.infiltec.com/j-chaiku.htm

Seeing my great fault

Through darkening blue windows I begin again

- Peter Rothman

 Best essay ever about technology and its

influence on the English language is:

 George Orwell, Politics and the English

Language

Language and Encryption

 Caesar Cipher  Example:

Language and Encryption

 Online substitution ciphers

 http://www.simonsingh.net/The_Black_Chamber/caesar.html

 In addition to simple encryption techniques, the

ancients also used steganography to hide messages

 Examples from Herodotus

 Covering wooden panels with wax

 Tattoo message on scalp (hair covers it)

Riddles and Security

 Riddle of the Sphinx

 What walks on four legs in the morning, two

legs at noon, and three legs in the evening?

 Humans

 Sphinx protects Thebes

 If traveller answers incorrectly, sphinx kills her

 If traveller answers correctly, sphinx kills

herself

Language and Security

 Encrypted names

provide security when criticizing authorities

 666 stands for

Roman Emperor Nero

 Author of Revelations

could not openly attack an Emperor

 He encodes the name

Paradox, Ambiguity, Euphemism

 Liar's Paradox: I am lying.

 If true, you cannot believe the statement...

 If false, you cannot believe the statement...

 Gödel's proof adapted the Liar's paradox to

numbers

 Ambiguity: when words have more than one

meaning...

Language, Technology, and Security

 Humans developed technology for a variety of

reasons

 Perhaps the most pressing reason is security  Our language and history demonstrate that we

use security mechanisms frequently:

 Passwords

 Compression

 Encryption

Language, Technology, and Security

 Computer Security and Information Security

simply expand on these concepts

 We will explore how these concepts were

applied to the new technologies of our day

 As we explore the details of this subject, please

attempt to connect these details to the big picture

 What is the purpose of technology?

References

 http://www.ruf.rice.edu/~kemmer/Words/shibboleth.html

 http://www.infiltec.com/j-chaiku.htm

 http://en.wikipedia.org/wiki/Caesar_cipher

 http://en.wikipedia.org/wiki/The_Number_of_the_Beast

 http://mathworld.wolfram.com/LiarsParadox.html