Академический Документы
Профессиональный Документы
Культура Документы
Slide 1
CSC 4602453
Kriptografi dan Keamanan Informasi
Kuliah 1
Pengajar
Slide 2
: L. Yohanes Stefanus
email: yohanes@cs.ui.ac.id
kantor: Fasilkom Gedung A Ruang 1200
Tujuan
Slides/info
: http://scele.cs.ui.ac.id/course/view.php?id=2070
Lihat dokumen rencana pengajaran di SCeLE.
Kuliah 1
References
Andreas M. Antonopoulos.
Mastering Bitcoin: Unlocking Digital Cryptocurrencies.
O'Reilly Media, 2014.
William Stallings.
Cryptography and Network Security: Principles and
Practice. 6th Edition. Prentice Hall, 2013.
Jeffrey Hoffstein, Jill Pipher, J.H. Silverman.
An Introduction to Mathematical Cryptography. Springer, 2010.
Ross J. Anderson.
Security Engineering: A Guide to Building Dependable
Slide 3
Kuliah 1
Slide 4
1
Introduction to Computer Security
Kuliah 1
Slide 5
Kuliah 1
Slide 6
Kuliah 1
Slide 7
computer security
Penggunaan yang luas dari computer networks dan
distributed computing systems, memerlukan:
network/internet security
Kuliah 1
Slide 8
Computer Security
the protection afforded to an automated information
system in order to attain the applicable objectives of
preserving the integrity, availability and confidentiality
of information system resources (includes hardware,
software, firmware, information/data, and
telecommunications).
This definition introduces 3 key objectives of
computer security: confidentiality, integrity, and
availability.
Kuliah 1
Slide 9
Confidentiality
Data confidentiality:
Assures that private or confidential info is not
disclosed to unauthorized individuals.
Privacy:
Assures that individuals control what info related to
them may be collected and stored and by whom and
to whom that info may be disclosed.
Kuliah 1
Slide 10
Integrity
Data Integrity:
Assures that info and programs are changed only in a
specified and authorized manner.
System Integrity:
Assures that a system performs its intended function
in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.
Kuliah 1
Slide 11
Availability
Assures that systems work promptly and service is
not denied to authorized users.
Kuliah 1
Slide 12
Kuliah 1
Slide 13
not simple
must consider potential attacks
procedures used counter-intuitive
involve algorithms and secret info
must decide where to deploy mechanisms
battle of wits between attacker / admin
not perceived on benefit until fails
requires regular monitoring
too often an after-thought
regarded as impediment to using system
Kuliah 1
Slide 14
Kuliah 1
Slide 15
security mechanisms
security attacks
Kuliah 1
Slide 16
Security Services
X.800: a security service is
a service provided by a protocol layer of communicating open
systems, which ensures adequate security of the systems or of
data transfers
Kuliah 1
Slide 17
Security Services
enhance security of data processing systems and
information transfers of an organization
Kuliah 1
Slide 18
Category 1: Authentication
=> The assurance that the communicating entity is
the one that it claims to be.
Specific services:
Peer Entity authentication
In a logical connection, to provide confidence in the identity
of the entities connected.
Data origin authentication
In a connectionless transfer, to provide assurance that the
source of received data is as claimed.
Kuliah 1
Slide 19
Kuliah 1
Slide 20
Specific services:
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Kuliah 1
Slide 21
Kuliah 1
Slide 22
Category 5: Nonrepudiation
=> Protection against denial by one of the entities
involved in a communication of having participated in
all or part of the communication.
Specific services:
Origin Nonrepudiation
Proof that the message was sent by the specified party.
Destination Nonrepudiation
Proof that the message was received by the specified party.
Kuliah 1
Slide 23
Protocol
A protocol is an algorithm (a series of steps), involving
two or more parties, designed to accomplish a task.
Kuliah 1
Slide 24
Security Mechanisms
Security mechanism: a feature designed to detect,
prevent, or recover from a security attack.
Specific Security Mechanisms (specific to the
appropriate protocal layer):
Encipherment, Digital Signature,
Access Control, Data Integrity,
Authentication exchange,
Traffic padding, Routing control,
Notarization
Kuliah 1
Slide 25
Security Mechanisms
Pervasive Security Mechanisms (not specific to any
particular OSI security service or protocol layer):
Trusted functionality,
Security label,
Event detection,
Security audit trail,
Security recovery
Kuliah 1
Slide 26
Relationship between
Security Services and Mechanisms
Kuliah 1
Slide 27
Security Attack
Security attack: any action that compromises the
security of information owned by an organization.
Kuliah 1
Slide 28
Security Attacks
1. Passive attacks:
are in the nature of eavesdropping on, or monitoring
of, transmissions.
The goal of the opponent is to obtain information
that is being transmitted.
Two types of passive attacks:
release of message contents
traffic analysis
Passive attacks are very difficult to detect because
they do not involve any alteration of the data. The
emphasis in dealing with passive attacks is on
prevention rather than detection.
Kuliah 1
Slide 29
Kuliah 1
Slide 30
Kuliah 1
Slide 31
Security Attacks
2. Active attacks:
Active attacks involve some modification of the data
stream or the creation of a false stream.
Active attacks can be divided into four categories:
masquerade
replay
modification of messages
denial of service
Kuliah 1
Slide 32
Kuliah 1
Slide 33
Kuliah 1
Slide 34
Kuliah 1
Slide 35
Kuliah 1
Slide 36
Kuliah 1
Slide 37
Kuliah 1
Slide 38
Kuliah 1
Slide 39
Security Threats
Threats can come from a range of sources. Results
from various surveys:
55% human error
10% disgruntled employees
10% dishonest employees
10% outsider access
also have "acts of nature" (fire, flood etc)
Note that in the end, it always comes back to
PEOPLE. Technology can only assist so much, always
need to be concerned about the role of people in the
threat equation - who and why.
Kuliah 1
Slide 40
Kuliah 1
Slide 41
Response to Threats
identify key assets
evaluate threat posed to assets
Kuliah 1
Slide 42
Cryptography
Cryptography is the study of secret (crypto-) writing
(-graphy).
Kuliah 1
Slide 43
Cryptography
concerned with developing algorithms which may be
used to:
conceal a message from all except the sender and recipient
(privacy or secrecy), and/or
verify the correctness of a message to the recipient
(authentication or integrity)
Kuliah 1
Slide 44
Cryptanalysis (codebreaking)
the study of principles and methods of transforming
an unintelligible message back into an intelligible
message without knowledge of the key.
Cryptology
the field encompassing both cryptography
and cryptanalysis