Академический Документы
Профессиональный Документы
Культура Документы
The name cryptography comes from the Greek words 'kryptos' which means hidden and 'graphia' which means writing. Cryptography is the art of creating and using cryptosystems. Or simply put, it is the art of secret writing."
3/1/2013 Introduction 2
Defination
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources. (includes hardware, software, firmware, information /data, and telecomm.)
3/1/2013
Introduction
Course Overview
Course Objectives: 1. Understand the importance of security and privacy of information 2. Understand the importance of protecting the privacy and confidentiality of Data.
Introduction
Course Overview
Text Books: Network Security Essentials Application and Standards by William Stallings, Pearson Education Publications, 4th Edition (2012) References: Network Security Essentials (Applications and Standards) by william stallings, Pearson Education, 1st Edition
3/1/2013 Introduction 5
Course Overview
In this age of universal electronic connectivity, of viruses and hackers, electronic fraud there is indeed no time at which security does not matter.
3/1/2013
Introduction
CAP361
Course Overview
Two trends have come together to make the course : 1. The explosive growth in computer systems and their interconnections via networks has increased the dependence of both organizations and individual on the information stored and communicated using there systems. This in turn has led to a heightened awareness of the need to protect data and resources from disclosure.
3/1/2013 Introduction CAP361 7
Course Overview
2. The disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security.
3/1/2013
Introduction
CAP361
Career Overview
If you have a good cryptography knowledge associated with Information security concepts and implementation, You will get a good job within one month. and it is sure. There are a lots of software companies in bangalore, looking for good crypto professional.
3/1/2013
Introduction
CAP361
Career Overview
Cryptologists before the 80s were primarily depicted as spy agents involved in deciphering and configuring coded messages to gain momentum against enemy activities. However, with the upsurge of information technology and the increasing dependence on electronic data processing, the range of activities a cryptologist is involved in has expanded.
3/1/2013
Introduction
CAP361 10
Career Overview
The vast digital data that is stored and processed in large computer bases and transmitted through complex communication networks is susceptible to unauthorized interception and interpretation and hence, needs to be protected through encrypted remote access or passwords.
3/1/2013
Introduction
CAP361 11
Career Overview
Cryptologists are in demand in the military forces, government agencies, technology companies, banking and financial organizations, law enforcement agencies, universities and research institutes.
3/1/2013
Introduction
CAP361 12
3/1/2013 Introduction 13
The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. The Art of War, Sun Tzu
3/1/2013 Introduction 14
The combination of space, time, and strength that must be considered as the basic elements of this theory of defense makes this a fairly complicated matter. Consequently, it is not easy to find a fixed point of departure.. On War, Carl Von Clausewitz
3/1/2013 Introduction 15
Computer Security
NIST : National Institute of Standards and Technology. ISOC : Internet society ITU-T : The international telecommunication Union. ISO : International organization for standardization.
3/1/2013 Introduction 16
Computer Security
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes H/W , S/W, firmware, information / data, and telecommunications)
3/1/2013 Introduction 17
CIA triod
3/1/2013 Introduction 18
Computer Security
3/1/2013
Computer Security
3/1/2013
Computer Security
Availability means ensuring timely and reliable access to and use of information. Assures that systems work promptly and service in not denied to authorized users
3/1/2013 Introduction 21
Computer Security
Authenticity means the property of being genuine and being able to be verified and t rusted; confidence in validity of a transmission, message message originator
3/1/2013 Introduction 22
Computer Security
Accountability means the security goal that generates the requirement for actions of an entity to be traced uniquely to that entity
3/1/2013 Introduction 23
Levels of Impact
can define 3 levels of impact from a security breach
Low Moderate High
3/1/2013 Introduction 24
Aspects of Security
3/1/2013 Introduction 25
3/1/2013
Aspects of Security Security attack: Any action that compromises the security of information owned by an organization. Security mechanism : A mechanism that is designed to detect, prevent or recover from a security attack. Security Service is a service that enhances the security of the data processing systems and the information transfer of an organization.
Introduction 26
Security Services
Information security services are replicating the types of functions normally associated with physical documents. Most of the activities of mankind depends on use of documents. Documents typically have signatures and dates; they may need to be protected from disclosure, tampering, they may be notorized, witnessed , may be recorded or licensed.
3/1/2013 Introduction 27
Security Services
Challenges to electronic documents
1. It is usually possible to discriminate between an original paper document and a xerographic copy. However an electronic document is merely a sequence of bits and bytes. 2. An alternation to a paper document may leave some sort of physical evidence. 3. Any proof process associated with a physical document typically depends upon physical characteristics of the document.
3/1/2013 Introduction 28
Security Services
List of common Information Integrity functions:
1. 2. 3. 4. 5. 6. 7. 8. 9. 3/1/2013 Identification. Authentication License and certificates Signature Witnesses Liablilty Receipts Validation Access 10. Vote 11. Time of occurrence 12. Owner ship 13. Registration 14. Approval 15. privacy
Introduction
29
Security Service
enhance security of data processing systems and information transfers of an organization intended to counter security attacks using one or more security mechanisms often replicates functions normally associated with physical documents
which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
3/1/2013 Introduction 30
Security Services
X.800:
a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers
RFC 2828:
a processing or communication service provided by a system to give a specific kind of protection to system resources
3/1/2013 Introduction 31
Security Mechanism
feature designed to detect, prevent, or recover from a security attack no single mechanism that will support all services required however one particular element underlies many of the security mechanisms in use:
cryptographic techniques
Introduction
33
Security Attacks
Normal Flow Interruption Interception Modification Fabrication
3/1/2013 Introduction 34
Security Attacks
Normal Flow
Source
Destination
3/1/2013 Introduction 35
Security Attacks
Interruption : This is an attack on availability, an asset of the system is destroyed or becomes unavailable.
3/1/2013 Introduction 36
Security Attacks
Interception: This is an attack on confidentiality an unauthorized party gains access to an asset.
3/1/2013 Introduction 37
Security Attacks
Modification : This is an attack on integrity. An unauthorized party not only gain access to but tampers with assests
3/1/2013 Introduction 38
Security Attacks
Fabrication : This is an attack on authenticity. An unauthorized party inserts counterfeit objects into the system.
3/1/2013 Introduction 39
Security Attacks
Classification of Security Attacks: Passive are in the nature of eavesdropping on, monitoring of, transmissions.
Release of Message Traffic analysis
Active
3/1/2013 Masquerade Replay Modification of message contents Denial of service
Introduction 40
3/1/2013 Introduction 41
Traffic analysis
3/1/2013 Introduction 42
Security Attacks
Classification of Security Attacks: Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories
Masquerade Replay Modification of message contents Denial of service
3/1/2013 Introduction 43
Security Attacks
Masquerade takes place when one entity pretends to be a different entity.
3/1/2013 Introduction 44
Masquerade
3/1/2013 Introduction 45
Security Attacks
Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
3/1/2013 Introduction 46
Replay
3/1/2013 Introduction 47
Security Attacks
Modification of message simply means that some portion of a legitimate message is altered, or that messages are delayed or recorded to produce and unauthorized effect.
3/1/2013 Introduction 48
Modification of message
3/1/2013 Introduction 49
Security Attacks
Denial of service prevents or inhibits the normal use or management of communication facilities.
3/1/2013 Introduction 50
Denial of service
3/1/2013 Introduction 51
Introduction
52
Introduction
53
Introduction
55
Introduction
56
Questions
1. Define computer security ----2 marks 2. What are three objectives of computer security? Or what is CIA triad 2marks 3. How are security services classified? 4. Explain the model basic model for network security. 5. What are four basic tasks in designing a particular security service.
Introduction
57
Summary
topic roadmap and standards organizations security concepts:
confidentiality, integrity, availability
X.800 security architecture security attacks, services, mechanisms models for network (access) security
Introduction
58