Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Boundary Control Chapter 10. 2 Materi: Boundary controls:  Cryptographic controls  Access controls  Personal identification numbers  Digital signatures.

Published bySolomon Jeffry Cannon Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Boundary Control Chapter 10. 2 Materi: Boundary controls:  Cryptographic controls  Access controls  Personal identification numbers  Digital signatures."— Presentation transcript:

1 1 Boundary Control Chapter 10

2 2 Materi: Boundary controls:  Cryptographic controls  Access controls  Personal identification numbers  Digital signatures  Plastic cards  Audit trail controls  Existence controls

3 3 Introduction The boundary subsystem establishes the interface between the would -be user of a computer system and the computer system itself

4 4 Controls in the boundary subsystem have three purpose: (a)To establish the identity and authenticity of would be users (b) To establish the identity and authenticity of computer system resources that users wish to employ © To restrict the action undertaken by users who obtain computer resources to an authorized set

5 5 Cryptographic controls Cryptographic controls are used extensively throughout the boundary subsystem. Cryptographic controls the privacy of data an d prevent unauthorized modification of data. They achieve this goal by scrambling data so it is not meaningful to anyone who does not have the means to unscramble it

6 6 Cryptographic controls There are three classes of techniques used to transform cleartext data into ciphertext data: (a) transposition ciphers, (b) substitution ciphers, and © product ciphers. Most modern cryptographic systems use a product cipher because it is the most difficult to break (it has the highest work factor) The US National Bureau of Standards’ Data Encryption Standard (DES) uses a product cipher

7 7 Cryptographic controls (Continued) A major disadvantage of conventional parties who wish to exchange information must share a private, secret key. To overcome this disadvantage, public key cryptosystems have been develop. Public key cryptosystems use two different keys to encrypt data and to decrypt data. One key can be made public, and the other key is kept private

8 8 Cryptographic controls (Continued) From an audit perspective, the most important aspect of cryptosystems is often the way in which cryptographic keys are managed. Cryptographic key management must address three functions (a) how key will be generated; (b) how they will be distributed to users, and © how they will be installed in cryptographic facilities

9 9 Access Controls Access controls restrict use of computer system resources to authorized users, limit the actios users can undertake with respect to those resources, and ensure that users obtainonly authentic computer resources. They perform these functions in three steps: (a) they authenticate users who identify themselvess to the system; (b) they authenticate the resources requested by the user; and © they confine users’ action to those that have been authorized

10 10 Access Controls (Continued) Users can provide three classes of authentication information to an access control mechanism: (a) remembered information (e.g. passwords); (b) possessed object (e.g. plastic card); and © personal characteristics (e.g. fingerprints). Remembered information is the most commonly used form of authentication Information. Its major limitation is that it can be forgotten. As a result, users employ strategies to help them remember the compromised (e.g. they write down a password)

11 11 Access Controls (Continued) Users employ four types of resources in a computer system: hardware, software, commodities (e.g. processor time), and data. The most complex actions they take (and the most difficult to control) relate to data resources

12 12 Access Controls An access control mechanism can be used to enforce two types of access control policy. Under a discretionary access control policy, users can specify to the access control mechanism who can access their resources. Under a mandatory access control policy, both users and resources are assigned fixed security attributes. Mandatory access control policies are easier to enforce but they are less flexible

13 13 Access Controls (Continued) Discretionary access control policies can be implemented via a ticket oriented approach or a list oriented. With a ticket oriented approach (or capability approach), the access control mechanism store information about users and the resources they are permitted to access. With a list oriented approach, the access control mechanism store information about each resources and the users who can access each resources.

14 14 Access Controls (Continued) Access control should enforce the principle of least privilege; Users should be assigned only the minimum set of resources and action privileges that they need to accomplish their work

15 15 Personal Identification Numbers (PINs) Personal Identification Numbers (PINs) are a form of remembered information used to authenticate user of electronic funds transfer systems. Controls need to be in place and working to reduce exposures to an acceptable level at several phases in the life cycle of PINs: (a) generation of the PIN; (b) issuance and delivery of the PIN to users; © validation of the PIN upon entry at a terminal device (e.g. an automatic teller machine); (d) tranmission of the PIN across communication lines;

16 16 Personal Identification Numbers Continued (e) processing the PIN; (f) storage of the PIN; (g) change of the PIN; (h) replacement of the PIN; and (I)termination of the PIN

17 17 Digital Signature A digital signature is a string of 0s and 1s used to authenticate a user. It is the equivalent of the analog signature that humans to sign documents. Unlike analog signatures, however, digital signatures should be impossible to forge

18 18 Digital Signature (Continued) The most common way to implement digital signatures is via public key cryptosystems. The sender of a message signs the message with their private key, and receivers of the message verify the signature by decrypting the message ausing the sender’s public key

19 19 Digital Signature (Continued) Sometimes arbitrators must be used with digital signature systems to prevent the sender of a message reneging or disavowing the message. The arbitrator acts as an intermediary between the sender and the receiver. In essence, the arbitrator is a witness to the contract between the sender and the receiver

20 20 Plastic Card Plastic Card are primarily a means of identifying individuals who wish to use a computer system. Control need to be in place and working to reduce exposures to an acceptable level at a number of phases in the life cycle of plastic cards: (a) application by the user for a card; (b) preparation of the card; © issue of the card; (d) return of the card; and (e) destruction of the card

21 21 Audit Trail Control Accounting Audit Trail: 1. Identify of the would be user of the system 2. Authentication information supplied 3. Resources requested 4. Action privileges requested 5. Terminal identifier 6. Start and finish time 7. Number of sign –on attempts

22 22 Audit Trail Control (Continued) 8. Resources provided/denied; and 9. Action privileges allowed/denied OperationAudit Trail

23 23 Existence Control Existence controls in the boundary subsytems are usually straightforward. If the subsystem fails, existence controls usually do not attempt to restore the subsystem to the point of failure. Instead, the user is simply asked to undertake sign on procedure again

24 24 Tugas Mahasiswa Tugas Mahasiswa mengumpulkan hasil diskusi atas kasus yang diberikan dosen.

Download ppt "1 Boundary Control Chapter 10. 2 Materi: Boundary controls:  Cryptographic controls  Access controls  Personal identification numbers  Digital signatures."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Access Control Methodologies

Access Control Methodologies
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.

Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Key Management in Cryptography

Key Management in Cryptography
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google