Threats and Solutions of Information Security - Confidentiality, Integrity and Availability Hyunsung Kim

Cyber Security Kyungil University Index  Why Information Security  Threats of Information Security  Solutions of Information Security  Example of Internet Banking  Conclusion 2 Hacking Information Security

Cyber Security Kyungil University Why Information Security 3  Stand-alone -> Secure enough

Cyber Security Kyungil University Why Information Security  To improve usage 4 => Multi-user case  To improve connectivity => Networked-computer case Hacking Information Security

Cyber Security Kyungil University Threats of Information Security  Definition from Wikipedia A possible danger that might exploit a vulnerability to breach security and thus cause possible harm   Threats 5 eavesdropping traffic analysis modification masquerading replaying repudiation denial of service

Cyber Security Kyungil University Threats to Integrity Threats of Information Security 6 eavesdropping traffic analysis modification masquerading replaying repudiation denial of service Threats to Confidentiality Threat to Availability   Classification of Threats

Cyber Security Kyungil University Solutions of Information Security  Confidentiality 7  Integrity  Availability

Cyber Security Kyungil University Solutions of Information Security  Confidentiality  Attacks Eavesdropping and traffic analysis Eavesdropping and traffic analysis  Definition A set of rules or a promise that limits access or places restrictions on certain types of information  Solution Encryption, traffic padding 8 Function()

Cyber Security Kyungil University Solutions of Information Security  Integrity  Attacks Modification, masquerading, replaying Modification, masquerading, replaying and repudiation and repudiation  Definition Internal consistency or state of being uncorrupted in electronic data  Solution Encryption, digital signature, authentication 9 Function()

Cyber Security Kyungil University Solutions of Information Security  Availability  Attacks Denial of service Denial of service  Definition The degree to which a system is in a specified operable and committable state at the start of a mission  Solution Packet filtering, complex schemes 10 Function() Threshold

Cyber Security Kyungil University Example - Internet Banking  Authentication 11 Internet

Cyber Security Kyungil University Example - Internet Banking  Authentication  Threat scenario 1 -> authentication with {ID, PW} 12 { ID, PW } eavesdropping masquerading

Cyber Security Kyungil University Example - Internet Banking  Authentication  Threat scenario 2 -> authentication with E k (ID, PW) 13 E k (ID, PW) eavesdropping E (ID, PW) k k k replaying modification

Cyber Security Kyungil University Example - Internet Banking  Authentication  Threat scenario 3 -> authentication with E k (ID, PW, Time) 14 k k replaying Time sync other threats verifier with MAC k (E k (ID, PW, Time)) k E k (ID, PW, Time) Function() MAC k (E k (ID, PW, Time)) modification E k (ID, PW, Time), MAC k (E k (ID, PW, Time))

Cyber Security Kyungil University Example - Internet Banking  Authentication  Current usage scenario -> authentication with Certificate 15 Certificate user Certificate server Secret card Device auth.

Cyber Security Kyungil University Modification Integrity Masquerading Replaying Repudiation Eavesdropping Confidentiality Traffic analysis Conclusion ThreatsServices 16 Denial of service Availability Encryption, traffic padding Encryption, digital signature, authentication

Cyber Security Kyungil University 17