Академический Документы
Профессиональный Документы
Культура Документы
It may also involve reducing the adverse impacts of incidents. Information may take
any form, e.g. electronic or physical, tangible (e.g. paperwork) or intangible (e.g.
knowledge).” - http://en.wikipedia.org/wiki/Information_security
CIA triad
The concept of integrity requires the detection and elimination of any data that
suffered an unauthorized modification.
The information also needs to be made available at all times, since limited access
to data may have a similar impact to the loss of integrity.
More: http://www.forcepoint.com/cyber-edu/cia-triad
CIA triad
Resilience covers the interactions to maintain the protection of assets in the event
of corruption and failure
Subjugation assures that all interactions with the assets follow a defined
process; this covers the liability of loss from the interacting party and limits their
choice of interactions
Non-repudiation prevents all parties from denying their roles in any interactions
Privacy assumes that the means to access the assets are known only by the
authorized parties and cannot be shared outside their circle
Integrity assures that the interacting parties can detect any changes to the
assets
Cryptographic systems
Symmetric-key cryptosystem
– same key is used for encryption
and decryption
– system with 1000 users requires
499,500 keys
– each pair of users requires a
different key
Public-key cryptosystem
– separate keys for encryption and
decryption
– system with 1000 users requires
2000 keys
– each individual user has exactly
two keys
Signed challenge
– Alice sends random number (a challenge) to Bob
– Bob replies with challenge encrypted with signature
A third party trusted by all users that creates, distributes, revokes, & manages
certificates
Terminology