www.csetube.

in

Cryptography and

in
Network Security

e.
ub
Chapter 1

t
se
.c
w
w
w

www.csetube.in
 www.csetube.in

Background

in
 Information Security requirements have changed in recent

e.
times

ub
 traditionally provided by physical and administrative
mechanisms
computer use requires automated tools to protect files and

t


se
other stored information
 use of networks and communications links requires
.c
measures to protect data during transmission
w
w
w

www.csetube.in
 www.csetube.in

Definitions

in
 Computer Security - generic name for the

e.
collection of tools designed to protect data and

ub
to thwart hackers
 Network Security - measures to protect data

t
during their transmission

se
Internet Security - measures to protect data
.c
during their transmission over a collection of
interconnected networks
w
w
w

www.csetube.in
 www.csetube.in

Security Trends

in
e.
t ub
se
.c
w
w
w

www.csetube.in
 www.csetube.in

OSI Security Architecture

in
 ITU-T X.800 “Security Architecture for OSI”

e.
 defines a systematic way of defining and

ub
providing security requirements

t
se
 for us it provides a useful, if abstract,
overview of concepts we will study
.c
w
w
w

www.csetube.in
 www.csetube.in

Aspects of Security

in
 consider 3 aspects of information security:

e.
security attack

ub


 security mechanism

t
se
 security service
.c
w
w
w

www.csetube.in
 www.csetube.in

Security Attack

in
 any action that compromises the security of

e.
information owned by an organization

ub
 information security is about how to prevent
attacks, or failing that, to detect attacks on

t
se
information-based systems
 often threat & attack used to mean same thing
.c
 have a wide range of attacks
w

 can focus of generic types of attacks

w

 passive
w

 active
www.csetube.in
 www.csetube.in

Passive Attacks

in
e.
t ub
se
.c
w
w
w

www.csetube.in
 www.csetube.in

Active Attacks

in
e.
t ub
se
.c
w
w
w

www.csetube.in
 www.csetube.in

Security Service

in
 enhance security of data processing systems

e.
and information transfers of an organization

ub
 intended to counter security attacks

t
 using one or more security mechanisms

se
often replicates functions normally associated
 .c
with physical documents
w
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or
w

destruction; be notarized or witnessed; be

w

recorded or licensed

www.csetube.in
 www.csetube.in

Security Services

in
 X.800:

e.
“a service provided by a protocol layer of

ub
communicating open systems, which
ensures adequate security of the

t
se
systems or of data transfers”
.c
w
 RFC 2828:
w

“a processing or communication service

provided by a system to give a specific
w

kind of protection to system resources”

www.csetube.in
 www.csetube.in

Security Services (X.800)

in
 Authentication - assurance that the communicating entity is the

e.
one claimed
Access Control - prevention of the unauthorized use of a resource

ub

 Data Confidentiality –protection of data from unauthorized
disclosure

t
Data Integrity - assurance that data received is as sent by an

se

authorized entity
 Non-Repudiation - protection against denial by one of the parties
.c
in a communication
w
w
w

www.csetube.in
 www.csetube.in

Security Mechanism

in
 feature designed to detect, prevent, or

e.
recover from a security attack

ub
 no single mechanism that will support all
services required

t
se
 however one particular element underlies
.c
many of the security mechanisms in use:
w
 cryptographic techniques
w

 hence our focus on this topic

w

www.csetube.in
 www.csetube.in

Security Mechanisms (X.800)

in
 specific security mechanisms:

e.
 encipherment, digital signatures, access

ub
controls, data integrity, authentication
exchange, traffic padding, routing control,

t
se
notarization
 pervasive security mechanisms:
.c
trusted functionality, security labels, event
w


detection, security audit trails, security

w

recovery
w

www.csetube.in
 www.csetube.in

Model for Network Security

in
e.
t ub
se
.c
w
w
w

www.csetube.in
 www.csetube.in

Model for Network Security

in
 using this model requires us to:

e.
design a suitable algorithm for the security

ub
1.

transformation
generate the secret information (keys) used

t
2.

se
by the algorithm
develop methods to distribute and share the
3.
.c
secret information
w
4. specify a protocol enabling the principals to
w

use the transformation and secret

w

information for a security service

www.csetube.in
 www.csetube.in

Model for Network Access

Security

in
e.
t ub
se
.c
w
w
w

www.csetube.in
 www.csetube.in

Model for Network Access

Security

in
 using this model requires us to:

e.
select appropriate gatekeeper functions to

ub
1.

identify users
implement security controls to ensure only

t
2.

se
authorised users access designated
information or resources
.c
 trusted computer systems may be useful
w
to help implement this model
w
w

www.csetube.in
 www.csetube.in

Summary

in
 have considered:

e.
definitions for:

ub


• computer, network, internet security

t
 X.800 standard

se
 security attacks, services, mechanisms
.c
 models for network (access) security
w
w
w

www.csetube.in