Chapter 1 – Introduction Part 1 1. Defining Security The security of a system, application, or protocol is always relative to – A set of desired properties.

Slides:



Advertisements
Similar presentations
Network Security Chapter 1 - Introduction.
Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.
1 Security in Wireless Protocols Bluetooth, , ZigBee.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cs490ns-cotter Security Basics Chapter 1 1. cs490ns-cotter Security Goals 2 Integrity Confidentiality Availability C.I.A.
Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Chapter 10: Authentication Guide to Computer Network Security.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Introduction to IS Security 1. Defining Security The security of a system, application, or protocol is always relative to – Identification of vulnerabilities.
Cryptography, Authentication and Digital Signatures
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Privacy Communication Privacy Confidentiality Access Policies Systems Crypto Enforced Computing on Encrypted Data Searching and Reporting Fully Homomorphic.
Network security Network security. Look at the surroundings before you leap.
Information Security By:-H.M.Patel. Information security There are three aspects of information security Security service Security mechanism Security.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Ch 13 Trustworthiness Myungchul Kim
Private key
Jump to first page Internet Security in Perspective Yong Cao December 2000.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Network Security Celia Li Computer Science and Engineering York University.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Network Security Overview
TUTUN JUHANA TELECOMMUNICATION ENGINEERING SCHOOL OF ELECTRICAL ENGINEERING & INFORMATICS INSTITUT TEKNOLOGI BANDUNG ET4085/ET5085 Keamanan Jaringan Telekomunikasi.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Information Security, Theory and Practice.
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
Cryptographic Hash Function
Computer Security Security Concepts September 20, 2018
Introduction 9/20/2018 Defining Security The “security” of a system, application, or protocol is always a relative feature that is defined by A set of.
Chapter 1 - Introduction
Mumtaz Ali Rajput +92 – INFORMATION SECURITY – WEEK 2 Mumtaz Ali Rajput +92 – 301-
Introduction to Cryptography
Information and Network Security
Cryptography and Network Security
Presentation transcript:

Chapter 1 – Introduction Part 1 1

Defining Security The security of a system, application, or protocol is always relative to – A set of desired properties – An adversary with specific capabilities For example, standard file access permissions in Linux and Windows are not effective against an adversary who can boot from a CD 2

Security Goals 3 Integrity Confidentiality Availability C.I.A.

Confidentiality Confidentiality is the avoidance of the unauthorized disclosure of information. – confidentiality involves the protection of data, providing access for those who are allowed to see it while disallowing others from learning anything about its content. 4

Tools for Confidentiality Encryption: the transformation of information using a secret, called an encryption key, so that the transformed information can only be read using another secret, called the decryption key (which may, in some cases, be the same as the encryption key). 5 encrypt decrypt ciphertext plaintext shared secret key s hared s ecret key Communication channel SenderRecipient Attacker (eavesdropping) plaintext

Tools for Confidentiality Access control: rules and policies that limit access to confidential information to those people and/or systems with a need to know. – This need to know may be determined by identity, such as a persons name or a computers serial number, or by a role that a person has, such as being a manager or a computer security specialist. 6

Tools for Confidentiality Authentication: the determination of the identity or role that someone has. This determination can be done in a number of different ways, but it is usually based on a combination of – something the person has (like a smart card or a radio key fob storing secret keys), – something the person knows (like a password), – something the person is (like a human with a fingerprint). 7 Something you are Something you know Something you have radio token with secret keys password=ucIb()w1V mother=Jones pet=Caesar human with fingers and eyes

Tools for Confidentiality Authorization: the determination if a person or system is allowed access to resources, based on an access control policy. – Such authorizations should prevent an attacker from tricking the system into letting him have access to protected resources. Physical security: the establishment of physical barriers to limit access to protected computational resources. – Such barriers include locks on cabinets and doors, the placement of computers in windowless rooms, the use of sound dampening materials, and even the construction of buildings or rooms with walls incorporating copper meshes (called Faraday cages) so that electromagnetic signals cannot enter or exit the enclosure. 8

Integrity Integrity: the property that information has not be altered in an unauthorized way. Tools: – Backups: the periodic archiving of data. – Checksums: the computation of a function that maps the contents of a file to a numerical value. A checksum function depends on the entire contents of a file and is designed in a way that even a small change to the input file (such as flipping a single bit) is highly likely to result in a different output value. – Data correcting codes: methods for storing data in such a way that small changes can be easily detected and automatically corrected. 9

Availability Availability: the property that information is accessible and modifiable in a timely fashion by those authorized to do so. Tools: – Physical protections: infrastructure meant to keep information available even in the event of physical challenges. – Computational redundancies: computers and storage devices that serve as fallbacks in the case of failures. 10

Other Security Concepts A.A.A. 11 Authenticity Anonymity Assurance

Assurance refers to how trust is provided and managed in computer systems. Trust management depends on: – Policies, which specify behavioral expectations that people or systems have for themselves and others. For example, the designers of an online music system may specify policies that describe how users can access and copy songs. – Permissions, which describe the behaviors that are allowed by the agents that interact with a person or system. For instance, an online music store may provide permissions for limited access and copying to people who have purchased certain songs. – Protections, which describe mechanisms put in place to enforce permissions and polices. We could imagine that an online music store would build in protections to prevent people from unauthorized access and copying of its songs. 12

Authenticity Authenticity is the ability to determine that statements, policies, and permissions issued by persons or systems are genuine. Primary tool: – digital signatures. These are cryptographic computations that allow a person or system to commit to the authenticity of their documents in a unique way that achieves nonrepudiation, which is the property that authentic statements issued by some person or system cannot be denied. 13

Anonymity Anonymity: the property that certain records or transactions not to be attributable to any individual. Tools: – Aggregation: the combining of data from many individuals so that disclosed sums or averages cannot be tied to any individual. – Mixing: the intertwining of transactions, information, or communications in a way that cannot be traced to any individual. – Proxies: trusted agents that are willing to engage in actions for an individual in a way that cannot be traced back to that person. – Pseudonyms: fictional identities that can fill in for real identities in communications and transactions, but are otherwise known only to a trusted entity. 14

Threats and Attacks Eavesdropping: the interception of information intended for someone else during its transmission over a communication channel. 15 AliceBob Eve

Threats and Attacks Alteration: unauthorized modification of information. – Example: the man-in-the-middle attack, where a network stream is intercepted, modified, and retransmitted. 16 encrypt decrypt ciphertext C shared secret key plaintext M shared secret key C ommunication channel S ender R ecipient A ttacker (intercepting) ciphertext C

Threats and Attacks Denial-of-service: the interruption or degradation of a data service or information access. – Example: spam, to the degree that it is meant to simply fill up a mail queue and slow down an server. 17 Alice

Threats and Attacks Masquerading: the fabrication of information that is purported to be from someone who is not actually the author. 18 From: Alice (really is from Eve)

Threats and Attacks Repudiation: the denial of a commitment or data receipt. – This involves an attempt to back out of a contract or a protocol that requires the different parties to provide receipts acknowledging that data has been received. 19 Public domain image from

Threats and Attacks Correlation and traceback: the integration of multiple data sources and information flows to determine the source of a particular data stream or piece of information. 20 Bob

Discussion Page 46 #R-1.7 Page 46 #R

Problem Hints 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.