Security framework
- 1. Security Framework Paras Maharjan Acme Engineering College B.E. Computer Security Framework 1
- 2. Definition • Series of documented process. • Used to define policies and procedures. • For implementation and management information security. • Basically blueprints. • For building information security program. • To manage risks and vulnerabilities. Security Framework 2
- 3. Computer Virus • A program or piece of code. • Loaded into computer • Without your knowledge • Runs against your wishes. • Erases files, slow down PC’s, Format HDD and crash your system. Security Framework 3
- 4. Types of Virus • Boot Viruses • Polymorphic Viruses • Macro Viruses • Worms • Trojans • Spywares Security Framework 4
- 5. Types of Virus • Boot Viruses: • Copies virus code in boot sector of disk • This ensures that it is always executed and loaded in the memory when system starts. • Polymorphic Viruses: • Infects the system and change its signature before infecting the next system. • Macro Viruses: • A macro having the virus code is executed • Infects the files on the system. Security Framework 5
- 6. Types of Virus • Worms: • Programs that replicate and spread to other system. • Reside in system memory and affects e-mail system. • Trojans: • Program file that claims to do something but does something that is not required. • Allows hackers to gain unauthorized access to your system. Security Framework 6
- 7. Types of Virus • Spywares: • Stores personal information and surfing details. • Send them to its website without informing users. • Automatically installed as a free download while installing an application. • Symptoms of Spyware: • Unwanted ads pop-ups when not connected to the web. • Web browsers settings are changed automatically. • Unable to remove unwanted toolbar from browser. Security Framework 7
- 8. How it Spreads? • Major source is unsecure internet. • Attaching themselves to other computer program files. • When sharing a file or drives containing virus. Security Framework 8
- 9. Virus Protection • Using Antiviruses. • Avoiding spam mails. • Avoid opening email attachment files from unknown senders. • Try to avoid downloading and installing cracked software from web. • Using only registered copies of software on the system. Security Framework 9
- 10. Encryption & Decryption • Encryption: • Process of converting Plaintext(readable data) into a form which hides its content, called Cypher-text. • Decryption: • Reverse process of encryption. • With cypher-text converted back into corresponding plaintext. Security Framework 10
- 11. Encryption & Decryption Security Framework 11
- 12. Cryptography • Science of using mathematics to encrypt and decrypt data. • Enables you to store sensitive information. • Transmit it across insecure network so that it can’t be read by anyone except intended recipient. Security Framework 12
- 13. Secret Key Cryptography • Also called private-key or symmetric encryption. • Involves using the same key for encryption and decryption. • Encryption involves applying an algorithm to the data to be encrypted using the private key to make them unintelligible. Security Framework 13
- 14. Secret Key Cryptography • Disadvantages: • Based on the exchange of a secret (Keys). • More damaged if compromised. • Can decrypt everything encrypted with that key. Security Framework 14
- 15. Data Encryption Standard (DES) • Symmetric algorithm. • Works using same key to encrypt and decrypt message. • Both sender and receiver must know and use the same private key. • Is a block cipher, meaning a cryptographic key and algorithm are applied to a block of data simultaneously rather than one bit at a time. • Groups plaintext into 64 bit blocks. Security Framework 15
- 16. Public Key Encryption • Also known as Asymmetric-key encryption. • Uses two different keys at once. • A combination of a private key and a public key. • Private Key: • Known only to your computer • Public Key: • Given by your computer to any computer that wants to communicate securely. Security Framework 16
- 17. Public Key Encryption Security Framework 17
- 18. Security Framework 18 Fig: Process Involved in Public Key Encryption.
- 19. Rivest-Shamir-Adleman (RSA) • Asymmetric algorithm. • Use two different but mathematically linked keys- public and private. • Public key- shared with everyone, whereas private key must be kept secret. • In RSA cryptography, both the public and private keys can encrypt a message. • Opposite key from the one used to encrypt a message is used to decrypt it. Security Framework 19
- 20. Authorization & Authentication • Authentication: • Process of verifying the identity of a user by obtaining some sort of credentials and using credentials to verify that user’s identity. • If credentials are valid, authorization process starts. • Authorization: • Process of allowing an authenticated users to access the resources by checking whether the user has access rights to the system. • Helps you to control access rights by granting or denying permissions to authenticated users. Security Framework 20
- 21. Firewall • Is a hardware/software designed to permit or deny network transmission. • Based upon set of rules. • Frequently used to protect networks from unauthorized access. Security Framework 21
- 22. Digital Signature Security Framework 22 • Type of electronic signature that encrypts documents with digital codes that are particularly difficult to duplicate. • Mathematical scheme for demonstrating the authenticity of digital message or document • Takes the concept of traditional paper-based signing and turns it into an electronic “Fingerprint”. • This fingerprint or coded message is unique to both the document and the signer and binds them together.
- 24. Attributes of digital signature Security Framework 24 • Authentication: • Means act of proving who you say you are. • Means that you know who created and sent the message. • Digital signature is used to authenticate the source of message. • Integrity • Ensures that when a message is sent over a n/w, the data that arrives is the same as the data that was sent. • Is the assurance that the information is trustworthy and accurate. • Non-repudiation: • Important criteria of digital signature. • Ensures the authentication of message, so the sender can’t repudiate it later. • At the same time it also ensures the identity of the receiver, so the receiver can’t repudiate it later.
- 25. Paper signature V/s Digital signature Security Framework 25 Parameter Paper Electronic Authenticity May be forget Cannot be copied Integrity Signature independent of document Signature depends on the contents of the document Non-repudiation • Handwriting expert needed • Error prone • Any computer user • Error free
- 26. How it works? • Message is hashed using algorithms. • Hash provides integrity. • Hash of message is encrypted with sender’s private key. • Encrypted hash can only be decrypted with senders public key. • Providing authentication and non-repudiation. Security Framework 26
- 28. Why Digital Signature? https://www.youtube.com/watch?v=VIcBpRp iBoc Security Framework 28
- 29. References • http://searchsecurity.techtarget.com/definition/RSA • http://science.opposingviews.com/advantages- disadvantages-symmetric-key-encryption-2609.html • http://computer.howstuffworks.com/encryption3.htm • http://searchsecurity.techtarget.com/definition/private- key • http://ccm.net/contents/130-private-key-or-secret-key- cryptography • http://net-informations.com/faq/asp/authentication.htm • https://www.youtube.com/watch?v=VIcBpRpiBoc Security Framework 29