Professional Documents
Culture Documents
Wk1 1 Intro
Wk1 1 Intro
Wk1 1 Intro
Cryptography and
Network Security The art of war teaches us to rely not on the
Overview & Chapter 1 likelihood of the enemy's not coming, but
on our own readiness to receive him; not
on the chance of his not attacking, but
Fifth Edition rather on the fact that we have made our
by William Stallings position unassailable.
Lecture slides by Lawrie Brown —The Art of War, Sun Tzu
(with edits by RHB)
Examples of Security
Computer Security Challenges
Requirements
1. not simple
• confidentiality – student grades, personal 2. must consider potential attacks
information, sensitive information 3. procedures used counter-intuitive
• integrity – patient information, public 4. involve algorithms and secret info
critical information 5. must decide where to deploy mechanisms
• availability – authentication service, online 6. battle of wits between attacker / admin
access (especially in critical situations) 7. requires regular monitoring
8. not perceived of benefit until fails
9. too often an after-thought
10. regarded as impediment to using system
OSI Security Architecture Aspects of Security
• ITU-T X.800 “Security Architecture for OSI” • consider 3 aspects of information security:
• defines a systematic way of defining and – security attack
providing security requirements – security mechanism
– security service
• for us it provides a useful, if abstract,
overview of concepts we will study • note terms
– threat – a potential for violation of security
– attack – an assault on system security, a
deliberate attempt to evade security services
Passive Attacks
Active Attacks
Security Services
• X.800:
“a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers”
• RFC 2828:
“a processing or communication service
provided by a system to give a specific kind of
protection to system resources”
Security Services (X.800) Security Service
• Authentication - assurance that communicating
entity is the one claimed – enhance security of data processing systems
– have both peer-
peer-entity & data origin authentication and information transfers of an organization
• Access Control - prevention of the – intended to counter security attacks
unauthorized use of a resource – use one or more security mechanisms
• Data Confidentiality - protection of data from
– often replicates functions normally associated
unauthorized disclosure
with physical documents
• Data Integrity - assurance that data received is
• which, for example, have signatures, dates; need
as sent by an authorized entity
protection from disclosure, tampering, or
• Non-Repudiation - protection against denial by destruction; are notarized or witnessed; are
one of the parties in a communication recorded or licensed
• Availability - resource accessible/usable
Model for Network Access Security Model for Network Access Security
Using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated
information or resources