Cryptography and Network

Security

Concepts of Computer Security

 Cryptography and Network Security

Unit- 01 : Concepts of Computer Security

Computer Security, Key objective of security (CIA Triads)

needs, challenges, OSI Security architecture, Security Services, security
mechanisms, Network Security Model

Learning Objectives

At the end of this topic, you will be able to:

Describe the security services as applied to X.800
Enlist the security mechanisms defined in X.800
Relationship between Services and Mechanism
Model for Network Security
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

•OSI
OSI Security Architectures
Security Architectures

ITU–T(International Telecommunication Union (ITU)

Telecommunication Standardization Sector) recommended X.800
“Security Architecture for OSI”

It defines a systematic way of defining and providing security

requirements
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Aspects of Security Abstraction

• OSI Security Architectures

Security attack:
Any action that compromises the security of information owned by an
organization
Security mechanism:
.
A process (or a device incorporating such a process) that is designed to
detect, prevent, or recover from a security attack.
Security service:
A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization.
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Service Definition

• OSI Security Architectures
ITU-T X.800 defines a security service as a “service that is provided by a
protocol layer of communicating open systems and that ensures adequate
security of the systems or of data transfers”.

“A processing or communication service that is provided by a system to give a

specific kind of protection to system resources; security services implement
security policies and are implemented by security mechanisms”.
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Service Definition

• OSI Security Architectures
ITU-T X.800
“service that is provided by a protocol layer of communicating open systems
and that ensures adequate security of the systems or of data transfers”.

RFC 2828:
“A processing or communication service that is provided by a system to give a
specific kind of protection to system resources; security services implement
security policies and are implemented by security mechanisms”.
Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Types of Security Services

Authentication
Access Control
Data confidentiality
Data integrity
Nonrepudiation
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Services

Authentication
• The authentication service assures that the communication is
authentic.
• Right entities are accessing the system.
• If the message is single, the authentication service ensures the
recipient that the message is from the source that it claims to
be from.
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Services

Types of Authentication
• Peer entity authentication

• Data origin authentication

 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Services

Peer Entity Authentication

• Provides for the corroboration of the identity of a peer entity in an
association.
• Two entities are considered peers if they implement to same protocol
in different systems; for example, two TCP modules (Routers) two
communicating systems.
• Peer entity authentication is provided for use at the establishment of,
or at times during the data transfer phase of, a connection.
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Services

Data origin authentication

In a connectionless
transfer, provides
assurance that the source
of received data is as
claimed
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Services

Access Control
The prevention of unauthorized use of a resource (i.e., this
service controls who can have access to a resource, under
what conditions access can occur, and what those accessing
the resource are allowed to do).
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Services

Data Confidentiality
The protection of data from unauthorized
disclosure.
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Services

Data Integrity
• Integrity can apply to a stream of messages, a single message, or selected
fields within a message.
• A connection-oriented integrity service deals with a stream of messages. It
assures that messages are received as sent with no duplication, insertion,
modification, reordering, or replays. This service also addresses both
message stream modification and denial of service.
• A connectionless integrity service deals with individual messages. It
provides protection only against message modification.
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Services

Nonrepudiation
• Nonrepudiation prevents either the sender or the receiver from
denying a transmitted message.
• when a message is sent, the receiver can prove that the alleged
sender sent the message. Similarly, when a message is received,
the sender can confirm that the alleged receiver received the
message
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Mechanisms

Security mechanisms are the means of providing security services.

The mechanisms are divided into those that are implemented in a specific
protocol layer, such as TCP or an application-layer protocol those that are not
specific to any particular protocol layer or security services (Pervasive Security
Mechanism).
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Security Mechanisms

Types of Security Mechanism

• Specific Security Mechanism
• Pervasive Security Mechanism
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Specific Security Mechanism

Encipherment: The use of mathematical algorithms to transform data into a form that is not
readily intelligible.
Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that
allows a recipient of the data unit to prove the source and integrity of the data unit and protect
against forgery
Access Control: A variety of mechanisms that enforce access rights to resources.
Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of
data units.
Notarization: The use of a trusted third party to assure certain properties of a data exchange.
Authentication Exchange
Traffic Padding
Routing Control
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Pervasive Security Mechanism

• Trusted Functionality: That which is perceived to be correct with respect to some criteria
(e.g., as established by a security policy)
• Security Label: The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
• Event Detection: Detection of security-relevant events.
• Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is
an independent review and examination of system records and activities.
• Security Recovery: Deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Relationship between Security service and Mechanism

 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Model for Network Security

 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Model for Network Security

using this model requires us to:
• design a suitable algorithm for the security transformation
• generate the secret information (keys) used by the algorithm
• develop methods to distribute and share the secret information
• specify a protocol enabling the principals to use the
transformation and secret information for a security service
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Model for Network Security

 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Model for Network Security

 using this model requires us to:
 select appropriate gatekeeper functions to identify users
 implement security controls to ensure only authorised users
access designated information or resources
 note that model does not include:
 monitoring of the system for successful penetration.
 monitoring of authorized users for misuse.
 audit logging for forensic uses, etc.
Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Cryptography
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Cryptography
Cryptography The art or science encompassing the
principles and methods of transforming an intelligible
message into one that is unintelligible, and then
retransforming that message back to its original form
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Cryptography

• Plaintext: The original intelligible message

• Cipher text: The transformed message
• encipher (encrypt):- converting plaintext to
ciphertext
• decipher (decrypt) - recovering ciphertext from
plaintext
• key - info used in cipher known only to
sender/receiver
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Cryptography

The word cryptography comes from the Greek words

kryptos meaning hidden, and graphein, meaning
writing. So, cryptography is the study of hidden writing
or the science of encrypting and decrypting text. A
fundamental rule in cryptography is assuming that the
cryptanalyst knows the methods used for encryption and
decryption.
 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Cryptography
Cryptanalysis: It is a technique used for deciphering a message
without any knowledge of the enciphering details. In other
words, cryptanalysis is a technique used to breach (or break)
cryptographic security systems to obtain access to the contents
of encrypted messages without even knowing the cryptographic
key.

Cryptology: The combination of cryptography and

cryptanalysis is called cryptology.
Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Cryptography
Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Symmetric key Cryptography

 Cryptography and Network Security

Unit – 01: Concepts of Computer Security

Summary
• topic roadmap & standards organizations security
concepts: confidentiality, integrity, availability
• X.800 security architecture
• security attacks, services, mechanisms
• models for network (access) security
Human resources slide 9

Thank You