Professional Documents
Culture Documents
Me NSEC ch1
Me NSEC ch1
Me NSEC ch1
Introduction
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1.1
Chapter 1
Objectives
To define three security goals
To define security attacks that threaten security
goals
To define security services and how they are
related to the three security goals
To define security mechanisms to provide security
services
To introduce two techniques, cryptography and
steganography, to implement security mechanisms.
1.2
1-1 SECURITY GOALS
1.3
1.1 Continued
Figure 1.1 Taxonomy of security goals
1.4
1.1.1 Confidentiality
ﻣﺤﺮﻣﺎﻧﮕﻲ ﻣﻔﻬﻮﻣﻲ اﺳﺖ ﻛﻪ در دﻧﻴﺎي واﻗﻌﻲ ﻣﺮﺗﺒﺎً ﺑﺎ آن ﺳﺮ و ﻛﺎر دارﻳﻢ .ﺑﻪ ﻃﻮر
ﻣﺜﺎل:
ﻣﺎ اﻧﺘﻈﺎر دارﻳﻢ ﻛﻪ ﭘﺰﺷﻚ ﺳﺎﺑﻘﻪي درﻣﺎﻧﻲ ﻣﺎ را ﺑﻪ ﺻﻮرت ﻣﺤﺮﻣﺎﻧﻪ ﻧﮕﻬﺪاري
ﻛﻨﺪ.
دوﺳﺘﺎﻧﻤﺎن رازﻫﺎي ﻣﺎ را ﺑﻪ ﺻﻮرت ﻣﺤﺮﻣﺎﻧﻪ ﻧﮕﻬﺪاري ﻛﻨﻨﺪ.
در دﻧﻴﺎي ﺗﺠﺎرت ،ﻣﺤﺮﻣﺎﻧﮕﻲ را ﺑﻪ ﻋﻨﻮان ﻣﺸﺨﺼﻪاي ﺗﻌﺮﻳﻒ ﻣﻲﻛﻨﻴﻢ ﻛﻪ ﺑﻪ ﻣﺎ
اﻳﻦ اﻃﻤﻴﻨﺎن را ﻣﻲدﻫﺪ ﻛﻪ دﺳﺘﺮﺳﻲ ﺑﻪ ﻳﻚ ﻣﻨﺒﻊ ﻓﻘﻂ ﺑﻪ ﻛﺎرﺑﺮﻫﺎ ،ﻛﺎرﺑﺮدﻫﺎ ﻳﺎ
ﺳﻴﺴﺘﻢﻫﺎي ﻛﺎﻣﭙﻴﻮﺗﺮي ﻣﺠﺎز ﻣﺤﺪود ﻣﻲﺷﻮد.
اﻣﺎ ﺗﻌﺮﻳﻒ ﻣﺤﺮﻣﺎﻧﮕﻲ ﭼﻴﺴﺖ؟
ﺑﻪ ﻃﻮر ﺧﻼﺻﻪ ،ﻣﺤﺮﻣﺎﻧﮕﻲ ﺷﺎﻣﻞ ﻧﮕﻬﺪاري اﻃﻼﻋﺎت ﺷﺒﻜﻪﻫﺎ و ﺳﻴﺴﺘﻢﻫﺎ
ﺑﻪ ﺻﻮرت اﻣﻦ و ﺑﻪ دور از دﺳﺘﺮﺳﻲ ﻏﻴﺮﻣﺠﺎز ﻣﻲﺑﺎﺷﺪ.
1.6
1.1.2 Integrity
1.7
1.1.3 Availability
1.8
Defining Threats and Risk Management
1.9
Understanding Social Engineering
1.9
1-2 ATTACKS
1.13
1.2.1 Attacks Threatening Confidentiality
1.14
1.2.1 Attacks Threatening Confidentiality
1.15
1.2.2 Attacks Threatening Integrity
1.16
1.2.2 Attacks Threatening Integrity
1.17
1.2.2 Attacks Threatening Integrity
1.18
1.2.2 Attacks Threatening Integrity
1.19
1.2.3 Attacks Threatening Availability
1.20
Passive and Active attacks
Passive attack
The attacker's goal is just to obtain information. This means that
the attack does not modify data or harm the system. The system
continues with its normal operation.
The attack may harm the sender or the receiver of the message.
Attacks that threaten confidentiality snooping and traffic analysis
are passive attacks.
It is difficult to detect until the sender or receiver finds out about
the leaking of confidential information.
Prevention:
encipherment of the data
1.21
Passive and Active attacks
1.22
Passive and Active attacks
Active attack
This attack may change the data or harm the system. Attacks that
threaten the integrity and availability are active attacks. Active
attacks are normally easier to detect than to prevent, because an
attacker can launch them in a variety of ways.
اﻳﻦ ﻧﻮع ﺣﻤﻠﻪ دادهﻫﺎ را ﺗﻐﻴﻴﺮ داده و ﺑـﻪ ﺳﻴﺴـﺘﻢ آﺳـﻴﺐ ﻣـﻲرﺳـﺎﻧﺪ .اﻳـﻦ ﺣﻤﻠـﻪ
ﺟﺎﻣﻌﻴﺖ و دﺳﺘﺮسﭘﺬﻳﺮي را ﻣﻮرد ﺗﻬﺪﻳﺪ ﻗﺮار ﻣﻲدﻫﺪ.
ﺗﺸﺨﻴﺺ اﻳﻦ ﻧﻮع ﺣﻤﻠﻪ ﺑﺴﻴﺎر آﺳﺎن اﺳﺖ اﻣﺎ ﭘﻴﺶﮔﻴﺮي اﻳﻦ ﺣﻤﻠﻪ ﺑﺴـﻴﺎر ﺳـﺨﺖ
اﺳﺖ .ﺑﻪ اﻳﻦ دﻟﻴﻞ ﭘﻴﺸﮕﻴﺮي اﻳﻦ ﺣﻤﻠﻪ دﺷﻮار اﺳﺖ ﻛﻪ ﺣﻤﻠﻪﻛﻨﻨﺪهﻫﺎ ﻣﻲﺗﻮاﻧﻨـﺪ از
روشﻫﺎي ﻣﺘﻨﻮﻋﻲ ﺑﺮاي ﺣﻤﻠﻪ اﺳﺘﻔﺎده ﻛﻨﻨﺪ.
1.23
1.2.4 Passive Versus Active Attacks
1.24
1-3 SERVICES AND MECHANISMS
1.25
1.3.1 Security Services (ITU X.800)
Figure 1.3 Security services
1.26
1.3.1 Security Services (ITU X.800)
Data Confidentiality
Designed to protect data from disclosure attack that is, it is designed
to prevent snooping and traffic analysis attacks.
Protect whole or part of message.
ﺑـﻪ اﻳـﻦ.اﻳﻦ ﺳﺮوﻳﺲ ﺑﺮاي ﺣﻔﺎﻇﺖ از داده در ﺑﺮاﺑﺮ ﺣﻤﻠﻪ اﻓﺸﺎء اﺳﺘﻔﺎده ﻣـﻲﺷـﻮد
traffic وsnooping ﻣﻌﻨﻲ ﻛﻪ اﻳﻦ ﺳﺮوﻳﺲ ﺑﺮاي ﺣﻔﺎﻇﺖ در ﺑﺮاﺑﺮ ﺣﻤﻠـﻪﻫـﺎي
. ﻃﺮاﺣﻲ ﺷﺪه اﺳﺖanalysis
Data Integrity
Designed to protect data from modification, insertion, deletion, and
replaying by an adversary.
Protect whole or part of message.
ﺣﺬف و ﺗﻜﺮار ﺗﻮﺳﻂ، درج،اﻳﻦ ﺳﺮوﻳﺲ ﺑﺮاي ﺣﻔﺎﻇﺖ از داده در ﺑﺮاﺑﺮ ﺗﻐﻴﻴﺮ
.ﺣﻤﻠﻪﻛﻨﻨﺪه ﻃﺮاﺣﻲ ﺷﺪه اﺳﺖ
1.27
1.3.1 Security Services (ITU X.800)
Authentication ()ﺗﺎﻳﻴﺪ
Provide authentication of the party at the other end of the line.
Connection-oriented Communication
authentication of the sender or receiver during the connection
establishment
Connectionless Communication
authenticates the source of the data
Nonrepudiation
Service protects against repudiation by either the sender or the
receiver of the data.
Nonrepudiation with proof of the origin, the receiver of the data
can later prove the identity of the sender if denied.
Nonrepudiation with proof of delivery, the sender of data can
later prove that data were delivered to the intended recipient.
1.28
1.3.1 Security Services (ITU X.800)
Access Control
Provide protection against unauthorized ( )ﻏﻴﺮﻣﺠﺎزaccess to data.
The term access in this definition is very broad and can involve
reading, writing, modifying, executing programs, and so on.
1.29
1.3.2 Security Mechanism (ITU X.800)
1.30
1.3.2 Security Mechanism (ITU X.800)
Figure 1.4 Security mechanisms
1.31
1.3.2 Security Mechanism
1.32
1.3.2 Security Mechanism
1.34
1.3.3 Relation between Services and Mechanisms
1.35
1-4 TECHNIQUES
1.36
1.4.1 Cryptography
1.37
1.4.2 Steganography
1.39
1-5 THE REST OF THE BOOK
1.40