Professional Documents
Culture Documents
CH 01
CH 01
CH 01
in
Cryptography and
in
Network Security
e.
ub
Chapter 1
t
se
.c
w
w
w
www.csetube.in
www.csetube.in
Background
in
Information Security requirements have changed in recent
e.
times
ub
traditionally provided by physical and administrative
mechanisms
computer use requires automated tools to protect files and
t
se
other stored information
use of networks and communications links requires
.c
measures to protect data during transmission
w
w
w
www.csetube.in
www.csetube.in
Definitions
in
Computer Security - generic name for the
e.
collection of tools designed to protect data and
ub
to thwart hackers
Network Security - measures to protect data
t
during their transmission
se
Internet Security - measures to protect data
.c
during their transmission over a collection of
interconnected networks
w
w
w
www.csetube.in
www.csetube.in
Security Trends
in
e.
t ub
se
.c
w
w
w
www.csetube.in
www.csetube.in
in
ITU-T X.800 “Security Architecture for OSI”
e.
defines a systematic way of defining and
ub
providing security requirements
t
se
for us it provides a useful, if abstract,
overview of concepts we will study
.c
w
w
w
www.csetube.in
www.csetube.in
Aspects of Security
in
consider 3 aspects of information security:
e.
security attack
ub
security mechanism
t
se
security service
.c
w
w
w
www.csetube.in
www.csetube.in
Security Attack
in
any action that compromises the security of
e.
information owned by an organization
ub
information security is about how to prevent
attacks, or failing that, to detect attacks on
t
se
information-based systems
often threat & attack used to mean same thing
.c
have a wide range of attacks
w
passive
w
active
www.csetube.in
www.csetube.in
Passive Attacks
in
e.
t ub
se
.c
w
w
w
www.csetube.in
www.csetube.in
Active Attacks
in
e.
t ub
se
.c
w
w
w
www.csetube.in
www.csetube.in
Security Service
in
enhance security of data processing systems
e.
and information transfers of an organization
ub
intended to counter security attacks
t
using one or more security mechanisms
se
often replicates functions normally associated
.c
with physical documents
w
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or
w
recorded or licensed
www.csetube.in
www.csetube.in
Security Services
in
X.800:
e.
“a service provided by a protocol layer of
ub
communicating open systems, which
ensures adequate security of the
t
se
systems or of data transfers”
.c
w
RFC 2828:
w
in
Authentication - assurance that the communicating entity is the
e.
one claimed
Access Control - prevention of the unauthorized use of a resource
ub
Data Confidentiality –protection of data from unauthorized
disclosure
t
Data Integrity - assurance that data received is as sent by an
se
authorized entity
Non-Repudiation - protection against denial by one of the parties
.c
in a communication
w
w
w
www.csetube.in
www.csetube.in
Security Mechanism
in
feature designed to detect, prevent, or
e.
recover from a security attack
ub
no single mechanism that will support all
services required
t
se
however one particular element underlies
.c
many of the security mechanisms in use:
w
cryptographic techniques
w
www.csetube.in
www.csetube.in
in
specific security mechanisms:
e.
encipherment, digital signatures, access
ub
controls, data integrity, authentication
exchange, traffic padding, routing control,
t
se
notarization
pervasive security mechanisms:
.c
trusted functionality, security labels, event
w
recovery
w
www.csetube.in
www.csetube.in
in
e.
t ub
se
.c
w
w
w
www.csetube.in
www.csetube.in
in
using this model requires us to:
e.
design a suitable algorithm for the security
ub
1.
transformation
generate the secret information (keys) used
t
2.
se
by the algorithm
develop methods to distribute and share the
3.
.c
secret information
w
4. specify a protocol enabling the principals to
w
www.csetube.in
www.csetube.in
in
e.
t ub
se
.c
w
w
w
www.csetube.in
www.csetube.in
in
using this model requires us to:
e.
select appropriate gatekeeper functions to
ub
1.
identify users
implement security controls to ensure only
t
2.
se
authorised users access designated
information or resources
.c
trusted computer systems may be useful
w
to help implement this model
w
w
www.csetube.in
www.csetube.in
Summary
in
have considered:
e.
definitions for:
ub
t
X.800 standard
se
security attacks, services, mechanisms
.c
models for network (access) security
w
w
w
www.csetube.in