Professional Documents
Culture Documents
Digital Signature Algorithm
Digital Signature Algorithm
1
Model of Digital Signature
Encryption of Digital Signature
Design of Hashing Algorithms
Hash Function
• The Main application of hash function is Data
integrity or originality checker
Sketch the Hash function with MAC
Ek (M||H(M))
Sketch the Hash diagram
Ek(M||H(M||S))
At Sender Side
•1. Message digest is generated using a set of Hash functions.
Risks
Phase 2 Protection Strategy
Tech. Vulnerabilities Mitigation Plans
Technological
View
Framework 3: Security Risk Analysis
• A simplified approach, taking into account
your assets exposure to security risks
• Requires:
1. Identifying your assets
2. Assesing risks and their impact, probability and
exposure
3. Formulating plans to reduce overall risk
exposure
Risk Impact Assessment
• For each asset and risk attach a measure of
impact
• Monetary scale if possible (difficult) or relative
numbers with agreed meaning
• E.g.: Trivial (1), Low (2), Medium (3), High (4),
Catastrophic (5)
• Ex:
• Asset: Internal MD mailbox
• Risk: Access to content by press
• Impact: Catastrophic (5)
Risk Probability Assessment
• Now for each entry measure probability the
loss may happen
• Real probabilities (difficult) or a relative scale
(easier) such as: Low (0.3), Medium, (0.6), and
High (0.9)
• Ex:
– Asset: Internal MD mailbox
– Risk: Access to content by press
– Probability: Low (0.3)
Risk Exposure and Risk List
• Multiply probability by impact for each entry
• Exposure = Probability x Impact
• Sort by exposure
• High-exposure risks need very strong security
measures
• Lowest-exposure risks can be covered by default
mechanisms or ignored
• Example:
• Press may access MD mailbox:
Exposure = P(Low=0.3) x I(Catastrophic=5) = 1.5
• By the way, minimum exposure is 0.3 and maximum is
4.5 is our examples
Mitigation and Contingency
• For high-exposure risks plan:
– Mitigation: Reduce its probability or impact (so
exposure)
– Transfer: Make someone else responsible for the
risk
– Avoidance: avoid the risk by not having the asset
– Contingency: what to do if the risk becomes
reality
Framework 4: Threat Modeling
• Structured analysis aimed at:
1. Identify Assets
– Finding infrastructure
2. Create an Architecture Overview vulnerabilities
– Evaluating security threats
3. Decompose the System
– Identify countermeasures
4. Identify the Threats
– Originated from software
5. Document the Threats development security threat
analysis
6. Rate the Threats
STRIDE
A Technique for Threat Identification (Step 4)
Type of Threat Examples