Information Security

By: Muhammad Hanif

Cryptography and
Network Security
Chapter 1
Fifth Edition
by William Stallings
Quote of the day
➢ O Lord, increase my knowledge.
➢ O my Lord, Open for me my chest, and Ease my task for me, and Loosen the knot
from my tongue, that they Understand my speech.
Ameen suma ameen.
Roadmap
➢ Standards Organizations
➢ Introduction to Security
➢ Information Security
➢ OSI Security Architecture
➢ Security Attack
➢ Security Services
➢ Security Mechanism
Security Services
Security Service: (Authentication)
➢ Authentication: Assurance that the communicating entity is the one claimed
➢ Peer Entity Authentication: established at the time of connection or a the time of
data transfer (thus associated with a logical connection). It provides confidence
that
– Entity is not performing a masquerade or
– Entity is not performing unauthorized replay of a previous connection
➢ Data Origin Authentication (in a connectionless transfer)
– provides confirmation about the source of the data
– Does not provide protection against duplication or modification of data units

➢ Example (Fig)
The attacker pose User A and sends a funds transfer request to bank (from A to attacker’s
account). The bank will do happily as (as by no means it think) Users A has requested to do so
Security Service: (Access Control)
➢ Access Control : Determines who should be able to access
what
▪ e.g. User A can view the records in database but cannot update
▪ Role Based: which user can do what (User Side)
▪ Rule based: which resource is accessible and under what circumstances
(Resource Side)
▪ Access Control List (ACL) specifies and controls who can access what
Security Service: (Data Confidentiality)
➢ Data Confidentiality: Protection of data from unauthorized
disclosure
➢ Message sent by User A is only exposed to its intended
recipient ‘User B’

➢ Example (Fig)
➢ User A sends an extension plan of his future products to User B – highly
confidential
➢ The attacker gets access to data files while transmission without the permission or
knowledge of A&B
Security Service: (Data Integrity)
➢ Data Integrity: Assurance that data received are exactly as is
sent by an authorized entity
➢ Contain no modification, insertion, deletion, or replay
➢ Can be applied to stream of messages, a single message or
selected fields within a message
Security Service: (Non-Repudiation)
➢ Non-repudiation: Protection against denial by one of the
parties in a communication
➢ Sender cannot deny that he has not sent the message
➢ Receiver cannot deny that he has not received the message
Security Service: (Availability)
➢ Availability: Ensures that a service or information is available
to an (authorized) user upon demand and without delay.
➢ Denial of Service (DoS) attacks seek to interrupt a service or
make some information unavailable to legitimate users

➢ Example (Fig)
Due to the intentional action of attacker, Users A is not able to access
User B
Security Attack v/s Security Service