Professional Documents
Culture Documents
Lecture3 Intro Confidentiality
Lecture3 Intro Confidentiality
Security
Lecture-3
Topics Covered…
• Definition of Information Security
• CIA Triad
• Security Terminology
• Security Terminology and Relationship
• Types of Attacks/Attackers
• Countermeasure
• Threat Consequences
Today’s Content…
• Security Policy
• Confidentiality
• Cryptographic Solution
• Symmetric Approach
• Asymmetric Approach
Security Policy
- A Common Language for Computer Security Incidents, John D. Howard, Thomas A. Longstaff, 1998
Computer An attacker uses a tool to exploit a vulnerability to perform an
and action on a target in order to achieve an unauthorized Result
Network
Attacks
- A Common Language for Computer Security Incidents, John D. Howard, Thomas A. Longstaff, 1998
Defense in Depth
• Strategy toward preventing security attacks
-Firewall
-VPN
-Penetration Testing
- Proxy
Defense in Depth
• Strategy toward preventing security attacks
-IDS/IPS
-Penetration Testing
-Logging
-Firewall
-VPN
-Penetration Testing
- Proxy
Defense in Depth
• Strategy toward preventing security attacks
- Antivirus
- IDS/IPS
- Penetration Testing
- Authentication
-IDS/IPS
-Penetration Testing
-Logging
-Firewall
-VPN
-Penetration Testing
- Proxy
Defense in Depth
• Strategy toward preventing security attacks
- Content Filtering
- Penetration Testing
- SSO
- Antivirus
- IDS/IPS
- Penetration Testing
- Authentication
-IDS, IPS
-Penetration Testing
-Logging
-Firewall
-VPN
-Penetration Testing
- Proxy
Defense in Depth
• Strategy toward preventing security attacks
- Access Control
- Encryption
- Backup - Content Filtering
- Penetration Testing
- Antivirus - SSO
- IDS/IPS
- Penetration Testing
- Authentication
-IDS, IPS
-Penetration Testing
-Logging
-Firewall
-VPN
-Penetration Testing
- Proxy
Confidentiality
• Cryptographic Solution
• Symmetric Approach
• Asymmetric Approach
Basic Setup:
• Communication over an insecure channel
• Types of insecure channel
• Internet (unprotected network of computers)
• Wifi (not password protected)
• Air Waves (GSM connection) etc.
Meet Alice and Bob
NOT
ENCRYPTED
Meet Charlie – the eavesdropper
Message
Username: sweetalice
Password: alice123
TRANSFER Rs. 100 TO
ACCOUNT NO. XYZ
ALICE BOB
CHARLIE
Meet Charlie – the eavesdropper
Message
Username: sweetalice
Password: alice123
TRANSFER Rs. 100 TO
ACCOUNT NO. XYZ
Listen
ALICE BOB
CHARLIE
Username, Password sent in clear!!!
Message
Username: sweetalice
Password: alice123
TRANSFER Rs. 100 TO
ACCOUNT NO. XYZ
ALICE BOB
CHARLIE
Username, Password sent in clear!!!
Message
Username: sweetalice
Password: alice123
TRANSFER Rs. 100 TO
ACCOUNT NO. XYZ
ALICE BOB
CHARLIE
Username, Password sent in clear!!!
Modify
Message Message
Username: sweetalice Username: sweetalice
Password: alice123 Password: alice123
TRANSFER Rs. 100 TO TRANSFER Rs. 1000000 TO
ACCOUNT NO. XYZ ACCOUNT NO. 5678
Confidentiality can be achieved using
encryption/decryption
Encryption Decryption
Secure Network
E ^d@#*^
D
&!h^*hi ^d@#*^
&!h^*hi
Message
(I love you) Message
(I love you)
E: Encryption- Charlie cannot see what is being sent over the channel
D: Decryption- Bob can successfully decrypt the message
Basic Definitions:
• Plaintext (P) – The original message
• Ciphertext (C) – The scrambled message
• E() – Encryption Function
• D() – Decryption Function
Basic Definitions:
• Plaintext (P) – The original message
• Ciphertext (C) – The scrambled message
• E() – Encryption Function
• D() – Decryption Function
Enigma Machine
Thought to be secure
Enigma Machine
Enigma Machine
A cryptosystem should be secure even if the attacker knows all the details of
the system, with the exception of the secret key.
Depending upon the key, cryptosystems can be
divided into:
• Symmetric Cryptosystems
• Asymmetric Cryptosystems
Symmetric Encryption
• Both the parties use the same key to encrypt and decrypt
38
Asymmetric Encryption
• Communicating parties use two keys – public key (known to all) and private key
(known only to owner) to encrypt and decrypt
Asymmetric Encryption
• Communicating parties use two keys – public key (known to all) and private key
(known only to owner) to encrypt and decrypt
Plaintext Ciphertext
1. Bob gives Alice his 2. Alice uses the public key of Bob
public key to encrypt her message
Asymmetric Encryption
• Communicating parties use two keys – public key (known to all) and private
key (known only to owner) to encrypt and decrypt
Ciphertext Plaintext
• Can the reverse be used, i.e., private key is used for encryption and
public key is used for decryption ?
• Why or why not ?