Hello and welcome to our security lecture. I'm Charles Severance and I encourage you to grab the power points and remix them and use them in your own courses. Use the videos, use everything in your own courses. you don't have to teach this whole course it's quite a bit. So so let's start out by meeting some nice people. These people are Alice and Bob and they simply want to communicate some information you know, left to their own devices. And they don't want the rest of the world to know about what they're communicating and so they want to encrypt it in some way. Now, in the cryptograph, cryptography world, they all I'll call these two people the good people Alice and Bob. And they simply are A and B, kind of, very computerask variable names, A and B, Alice and Bob. And then there are some bad guys. Right, there's the bad guys and, and often they are called C, like, Carol or Carlos or Charlie, or, or something like that. And they're even Chuck. Even Chuck is a bad guy. Or they are Eve, Eve for the eavesdropper. And the idea is somewhere in the middle here. Somewhere in the middle, you have some person with bad intent. Here we have Trinity from The Matrix, and she looks as, she looks as bad as you can look. Right? so Alice and Bob seem to be real happy people. They're just trying to get you know, get things done and send some information without being bothered. And then, and then Trinity's there eavesdropping. And, but there's other things. You can eavesdrop, you can sort of redirect the message and change it. There's all kinds of things that the bad guy in the middle is going to do. And so Alice and Bob are far away from each other and they have to communicate securely. And they, it's a, it's a, it's literal gantlet of problems that they have to face. And various people with bad intent, with bad purposes, sometimes just wanting to see what's going on versus wanting to change what's going on. Versus completely redirect communication. So Alice, Bob and then a whole series of bad guys with various bad guys and girls with various evil intent. So it's always fun to talk about security because the question is, you, and what does security mean to you and what does it mean to me. And whenever you're thinking about security, you gotta figure out sort of, who is out to get you and why are they out to get you. And for us average people, we are so boring that literally pretty much the only thing the world wants from us. Is they want to steal our, you know, they want to steal our credit card numbers. And and then buy stuff with them for just a couple of days before the credit card company shuts them down. Now, if you're running for public office there's a whole bunch of your opponents that are going to want to break into your email. And and, and that happens right. Those kinds of shenanigans happen. So, if you're interesting, or influential, or running for public office, you have a different problem than if you're just kind of a mere civilian like us. And so, at the end of the day, you can worry about security, and you can kind of wear tinfoil clothing or something. But at the end of the day, you and I are so boring that nobody really cares. But it's good to assume that they're out to get you, right. That, that, you try to be as secure as you can, and be aware of your environment and be as secure as you possibly can with your information. And, with your communications. So who is out to get us? Well, the government. So now we're going to actually turn the tables, right? In the very first lecture, we were the good guys. The good guys were the ones that were trying to break the cryptography. And the bad guys were the ones that were trying to hide their, their, their bad messages. And the government were the good guy. And Bletchley Park. And they, they broke the codes, and they, they saved Western civilization. Yay, good guys! Well, now, we're the Germans. We're the Japanese. We're tryin' to communicate. People're watchin'. And guess what? It's the same people. The government, the government's most likely interested in what you're doing. again most of us are so boring the government really doesn't care at all. But the government probably has the best security breaking equipment on the planet right now, better than the criminals. And so, it's, it's just an interesting flip of the model, right? Where now, we are trying to communicate, and the government with all of their bombas and little rotating devices. Sitting in some warehouse somewhere that we don't know is taking our private communications and they're trying to break them. And we're in a war trying to make our communications more and more secure while the government says woah, we have to invent, like, electronic computers. Because we have to have bigger computers, because the people at, us good guys who are doing the encrypting. We're trying to come up with more and more clever ways to encrypt, and the government has to keep coming up with ways to decrypt. And you could cast this as criminals versus good folks. You could cast it as governments versus governments. At the end of the day, it's an arms race, and it's, it's rather symmetric as to which side you're on, right? I mean, we started out with the people trying to hide the information were the bad guys, and now we're the good guys. Why are we the good guys? because it's us. As soon as we decide it's us, we're the good guys. Here's a little, here's a little picture I took a couple of years ago when I visited Bletchley park this actually lead to the video a year and a half later. and in this my friend who works at the open university, who also does massively open online courses that's Joel he's now retired. He's the tour guide there and, and a dear and personal friend. And and another of my dear and personal friends whose face you can't see is right here. His name is Chuck. He currently works at Shazam in London. And, and he and I just got away for the weekend and went up to Bletchley Park and took a tour. Now, just, just a little interesting connection: I sort of mentioned in a previous lecture about the Matrix. So you notice that Chuck here is wearing a jacket from the movie Matrix. I mentioned he was the one that wrote the hacking scene with Trinity. So here we all are together. We're at Bletchley Park. Alan Turing had an office in this, this is one of Alan Turing's offices at Bletchley Park. Here's Joel, open, open teaching and learning. Here is Chuck worked on the Matrix. And here's Trinity, right? Except that now Trinity's our enemy instead of our friend, although in the movie, we were rooting for Trinity. But, we're the one's trying to protect what we're doing from the Trinity's of the world. We're the good guys now, and Trinity is the bad girl. Okay she's the bad lady trying to break into our stuff and we're protecting ourselves against Trinity. So tables have completely turned okay. So before we go too far you know you'll run into your organizations with lots of people who are like security experts. And I find security experts generally very annoying. because they, like, think they're smarter than they are. Security experts have this theory that more security is better. And the reality is, is that perfect serv, security is unachievable. If you want perfect security, like, lock yourself in a room and whisper to somebody. Oh wait a sec. And then the guard will come in and hear you, or whatever. There'll be a microphone. So the notion that perfect security and that you, your company can spend more and more and more money of its budget on security. just because the security expert thinks that you should Is really kind of a fallacy. Security is a cost benefit analysis, and so, if you think of credit card companies, you know, what's the security of this number. I won't show you the number. But, what if I lose this number? What's the consequences? I've had many credit cards that got compromised. I don't exactly know how. They've got software inside of the computer companies that captures. Like when all of a sudden I live in Michigan and a bunch of charges at the New Jersey Walmart are showing up and I never got on a plane. I'm amazed at how rare it is that your identity actually gets lost permanently. So I'm really impressed with how the banks are capable. And so they have this number that makes it real convenient for us to buy. We can type it into a web form, we can do all these things, and one in zillion times it gets compromised. And, so, they lose 50 bucks. But billions of dollars of commerce happens. So, there is always a security versus cost. If basically for me to use this credit card, I'd had to have sort of a, a personal guard from the, the company with me all the time. It'd be very expensive for me to buy stuff on Amazon and have it shipped to my house. And so, understand that when you start getting into conversations with security, you, professionals. Sometimes they're the kind that understand that security is naturally imperfect. And everything is a cost benefit analysis, rather than more security is always better. So more is not always better. That's just my little speech about security in case you get stuck in a conversation with some pompous security expert. They're mostly pompous. So database administrators are pompous too. But I hop you're not, not, you're not a database administrator security expert. But um, [COUGH] the best security experts that I've ever met are the ones that understand this. And they can, they can, they can characterize every issue in terms of a cost benefit analysis. And then you'd know, you'd know, you'd know, know that you've one into one that is really smart and bright. So, the terminology that we're going to use for the rest of the segments of this lecture, we're going to be solving two basic problems. One is confidenti, confidentiality. And confidentiality is the, the, the leakage of information. So, if I was to want to send this credit card number to one of you watching right now without the rest of you seeing my credit card number. The, the mere revealing of that information is the problem. So I want to come up with a way to send it to you. So that no one except the one person that I want to see it gets it. That's confidentiality. The other problem is one of integrity. And that is, in a sense, knowing that A, that the information that you got comes from who you thought it came from. And B that it wasn't modified on the way. So there are things like digital signatures that sort of fall into this category and other mechanisms that we'll talk about. So these, these two things of confidentiality and integrity, will run through the rest of the lectures that we have on security. Okay. So, coming up next, we're just, we're going to start diving right in.
