Professional Documents
Culture Documents
Course Outline: - Computer Security
Course Outline: - Computer Security
• Computer Security
– Module 1: Cryptography
• Security Goals, Attacks, Meachaisms
• Cryptography Schemes,
– Traditional symmetric key
» Ciphers, substitution, transposition, stream and block,
– Modern symmetric key-modern
» Block ciphers, DES and AES, MD5
– Asymmetric key cryptography
» RSA, Elgamel, Rabin,
• Digital Signature
• Key Management and Distribution
– Module 2: will be introduced ……
The used source : Cryptography and Network Security by Behrouz A. Forouzan, Int. Ed. 2008
1
Lecture 1
2
What is computer security?
3
Security Goals
• The security goals are the goals we want to be met even when
an adversary is trying to violate them. Security goals are
highly application-dependent.
• After we have a set of security goals, the next step is to
perform a threat assessment, which asks several questions.
• What kind of threats might we face?
• What kind of capabilities might we expect adversaries to
have?
• The result is a threat model: a characterization of the threats
the system must deal with.
4
Evaluating the Security
5
Terminologies
• An attack is an attempt to breach system security. Not all
attacks are successful.
• A threat is a scenario with the potential to cause harm to a
system. An attack usually refers to a specific stratagem,
whereas threat refers to a broader class of ways that things
could go wrong.
• Vulnerability (hole) is an aspect of the system that permits
someone to mount a successful attack.
• A security goal is a goal that is supposed to be achieved by
the system; if it fails, the system will be considered
insecure.
• A threat assessment is an attempt to assess the set of all
possible threats.
• A threat model is a characterization of the possible
threats, usually produced during a threat assessment.
6
Security Threats
7
What are we afraid of?
• Losing the ability to use the system.
• Losing important data or files
• Losing face/reputation
• Losing money
• Spreading private information about people.
8
Information Security Methodology
9
Information Security Methodology
10
Risk analysis and dependency
• We need to:
– Identify what we are trying to protect.
– Evaluate the main sources of risk and where trust is
placed.
– Work out possible counter-measures to attacks.
11
Computer Security
• Asset
o Hardware
o Software
o Information
• Goal
o Privacy (Confidentiality)
o Integrity (Accuracy)
o Availability
12
Security Requirements
13
Security Services
14
Security Attacks
15
Security Attacks
16
Security Attacks
17
Security Attacks
18
Types of Threats