SlideShare a Scribd company logo

ch_01 Introduction.ppt ( information cyber security)

Download as PPT, PDF
K
khatuajitendra2003

Information cyber security

Engineering
1 of 55
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Cryptography (INFORMATION SECURITY)  Dr. MANOJ R. MISHRA 1.1
1.2  Book:  Cryptography and Network Security: By Forouzan B. McGraw-Hill
1.3 3 Continued..  References:  Cryptography: Theory and Practice by Douglas R. Stinson CRC press  Cryptography and Network Security: Principles and Practice; By William Stallings Prentice Hall  Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, CRC Press
The Art of War 1.4
1.5
1.6
1.7
1.8 The art of war teaches us not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. --The art of War, Sun Tzu
1.9 Information Security  Information is an asset  Physical file vs. E-file  From whom it is to be hidden ?  Who can change ?  Who can access ?  Authorised vs. Unauthorised access
1.10 Cryptography:  from Greek  kryptós, "hidden",  and gráphein, "to write"  traditionally, the study of means of converting information from its normal, comprehensible form into an incomprehensible format. rendering it unreadable without secret knowledge.  Past: Cryptography helped ensure secrecy in important communications, such as those of spies, military, war, and diplomats.
1.11 In recent decades, cryptography has expanded in two ways: mechanisms for more than just keeping secrets: schemes like digital signatures and digital cash, for example. in widespread use by many civilians, and users are not aware about it.
1.12 Network Security Model Trusted Third Party principal principal Security transformation Security transformation attacker
1.13 On submitting their assignments online, 4 learners have received their mark sheets and the discussion is as follows: Learner A: Oh! my optional subject is SC but I scored 60 in MSS which I have not opted for. Learner B: I have answered only two questions yet I secured 80 marks in ICS! Learner C: I was absent for the ICS exam but to my utter surprise I found 90 marks in it! Learner D: I had done very well in BDA but I have scored 0 in BDA ! Scenario-1
1.14 Information Transferring A B
1.15 Define: SECURITY ATTACK: Any action that disturbs normal flow of information being sent between sender and receiver is termed as a security attack. So Information Security is about how to prevent attacks, to detect attacks, on information-based systems.
1.16 Kinds of Attack: Interruption A B Cut wire lines, Jam wireless signals, Drop packets
1.17 Attack: Interception A B Wiring, eavesdrop
1.18 Attack: Modification A B intercept Replaced info C
1.19 Attack: Fabrication C B Also called impersonation
1.20 Father: Good morning my boy. After a long Vacation it is time to join the first day of your college and I have credited Rs 20,000 online in your bank account for your monthly expenditure. Son: Thank you father, I shall check my account once I reach my hostel. Scenario-2
1.21 The series of activities that take place are as follows: • Next day son finds that the amount has not been credited - this depicts attack on availability. • Son e-mails his father and confirms and also requests him to send an additional amount Rs 10,000. •This information is observed by an intruder and captures the data from a remote location - this depicts attack on confidentiality. Scenario-2 (Contd…)
1.22 • Next day the father receives sons e-mail and finds that son is requesting him to send Rs 1,00000 more which made him surprised. - this depicts modification of message • Father confirms once more whether it is the e-mail sent by his son by reconfirming his email ID. But no doubt the senders address was confirmed and he could find that it has come from his son. - this depicts fabrication of data. Scenario-2 (Contd…)
1.23 Puzzle: 1)As SERUTAERC is to creatures so is ENOHPELET is to _________? Ans: Telephone
1.24 1.24 Puzzle: 2)If word PEREGRINATION stands for 1232435678596, put down the code for the following words: a) Ration b) Grip Ans: 378596 4351
1.25 1.25 Puzzle: 3)As BAD is to 428, GOOD is to --------? Ans 1430308
1.26 4)As meet is to PHHW, party is to _________? Ans: SDUWB Puzzle: Guess Who ? Julius Caesar was a renowned general, politician and scholar in ancient Rome
1.27 The Reserve Bank of India (RBI RBI) has mandated that from 1st Aug 2009 all online credit card transactions require an extra level of verification. Your credit card issuing banks are therefore, implementing a "Verified by VISA Verified by VISA" or "MasterCard MasterCard SecureCode SecureCode" password. Apart from the three digit CVV, You will need this password to continue transacting online from 1st Aug 2009. How it works?
1.28 • By National Payments Corporation of India (NPCI) • All merchant discount rate (MDR) charges were eliminated • Unified Payments Interface (UPI) developed by NPCI • RuPay debit cards are widely accepted within India, Visa debit cards have a higher level of acceptance and can be used at almost all merchants, including international ones.
1.29 Q: What is the "Verified by VISA"/"MasterCard SecureCode" password? A: This is the password that your credit card issuing Bank provides. For example - ICICI Bank, HDFC Bank, Citibank, HSBC Bank, Axis Bank, SBI etc. This password is the additional layer of security for all your online transactions. Benefits Benefits of "Verified by VISA"/"MasterCard SecureCode" password: Even if you lose / misplace your credit card it cannot be misused online as the password is not present on the card Remember: Keep your password safe. Do not share your cvv/password/OTP with anyone.
1.30 SECURITY GOALS (CIA) SECURITY GOALS (CIA) This section defines three security goals. This section defines three security goals. 1.1.1 Confidentiality 1.1.2 Integrity 1.1.3 Availability Figure 1.1 Taxonomy of security goals
1.31 1.1.1 Confidentiality Confidentiality is probably the most common aspect of information security. We need to protect our confidential information. An organization needs to guard against those malicious actions that endanger the confidentiality of its information. B’cos ‘INFORMATION IS POWER’ i.e. hide information from unauthorized access
1.32 1.1.2 Integrity •Information needs to be changed constantly. •Integrity means that changes need to be done only by authorized entities and through authorized mechanisms. i.e. Protect from unauthorized change Ex:BANK- Deposit, Withdraws
1.33 1.1.3 Availability •The information created and stored by an organization needs to be available to authorized entities, when it is needed . •Also Information needs to be constantly changed i.e. At the same time it must be accessible to authorized entities.
1.34 Attacks Vs. Threates Threat: refers to a potential for violation of security. i.e. a potential danger. Attack: an assault on system security. i.e. an attempt.
1.35 1-2 ATTACKS 1-2 ATTACKS The three goals of security - confidentiality, integrity, The three goals of security - confidentiality, integrity, and availability(CIA) and availability(CIA) can be threatened by security can be threatened by security attacks. attacks. 1.2.1 Attacks Threatening Confidentiality 1.2.2 Attacks Threatening Integrity 1.2.3 Attacks Threatening Availability 1.2.4 Passive versus Active Attacks Topics discussed in this Topics discussed in this section: section:
1.36 Figure 1.2 Taxonomy of attacks with relation to security goals Continued…
1.37 1.2.1 Attacks Threatening Confidentiality Snooping refers to unauthorized access to or interception of data. Ex: listen to and use it later Sol: encrypt data Traffic analysis refers to obtaining some other type of information by monitoring online traffic. Such as- e-mail id, location/address of sender or receiver, etc.
1.38 1.2.2 Attacks Threatening Integrity Modification means that the attacker intercepts the message and changes it. Masquerading or spoofing happens when the attacker impersonates somebody else. Replaying means the attacker obtains a copy of a message sent by a user and later tries to replay it. Repudiation means that sender of the message might later deny that she has sent the message; the receiver of the message might later deny that he has received the message.
1.39 1.2.3 Attacks Threatening Availability Denial of service (DoS) is a very common attack. It may slow down or totally interrupt the service of a system.
1.40 Vulnerabilities (a weakness or lacuna)  Human vulnerabilities  human behavior or action.  Ex: Clicking on a link in an email msg. from a questionable source.  Protocol vulnerabilities(TCP,IP,ARP,DNS…)  The design of security protocols may lead to replay or man-in-the-middle attack.  Sniffing passwords from a LAN  Software vulnerabilities  SQL injection, cross-site scripting …  Configuration vulnerabilities
1.41 1.2.4 Passive vs. Active Attacks Table 1.1 Categorization of passive and active attacks Passive Attacks: just to obtain information without affecting the system resoures. Active Attacks: modify the data stream that affects the resources and their operation.
1.42 Crypto-graphy, -analysis, - logy  The study of how to circumvent the use of cryptography is called cryptanalysis, or codebreaking.  Cryptography and cryptanalysis are sometimes grouped together under the umbrella term cryptology, encompassing the entire subject.  In practice, "cryptography" is also often used to refer to the field as a whole.  Cryptography is an interdisciplinary subject,  linguistics  Mathematics: number theory, information theory, computational complexity, statistics and combinatorics  engineering
1.43 1-3 SERVICES AND MECHANISMS 1-3 SERVICES AND MECHANISMS ITU-T* provides some security services and some ITU-T* provides some security services and some mechanisms to implement those services. Security mechanisms to implement those services. Security services and mechanisms are closely related . services and mechanisms are closely related . because because a mechanism or combination of mechanisms are used to provide a service. . 1.3.1 Security Services 1.3.2 Security Mechanism 1.3.3 Relation between Services and Mechanisms Topics discussed in this section: Topics discussed in this section: *ITU-T: INTERNATIONAL TELECOMMUNICATION UNION –TELECOM. STANDARDIZATION SECTOR
1.44 1.3.1 Security Services Figure 1.3 Security services
1.45 1.3.2 Security Mechanism Figure 1.4 Security mechanisms
1.46 1.3.2 Security Mechanisms Enciphrement: hiding hiding or covering data. or covering data. Data integrity: Sender appends a checkvalue checkvalue, receiver verifies it. Digital Signature: Sender can electronically electronically sign sign, Receiver verifies verifies it. Authentication Exchange: exchange of msg. to prove their identity. Traffic padding: insertion of false data, that may prevent traffic analysis Routing control: changing different available roots, to avoid eavesdropping. Notarization: A trusted third-party controls the communication, to assure nonrepudiation. Access control: access rights to users. Ex: R/W, password, PINs.
1.47 1.3.3 Relation between Services and Mechanisms Table 1.2 Relation between security services and mechanisms
1.48 1-4 TECHNIQUES 1-4 TECHNIQUES •The actual implementation of security goals needs The actual implementation of security goals needs some techniques. some techniques. •Two techniques are prevalent today: Two techniques are prevalent today: •cryptography and steganography. cryptography and steganography. 1.4.1 Cryptography 1.4.2 Steganography Topics discussed in this section: Topics discussed in this section:
1.49 1.4.1 Cryptography Cryptography, a word with Greek origins, means “secret writing.” However, the term is used to refer to the science and art of transforming messages to make them secure and immune to attacks. •Encryption-Decryption Encryption-Decryption •Symmetric-Key Encipherment (secret key) Symmetric-Key Encipherment (secret key) •Asymmetric-Key Encipherment Asymmetric-Key Encipherment (public key-private (public key-private key) key)
1.50 1.4.2 Steganography The word steganography, with origin in Greek, means “covered writing,” in contrast with cryptography, which means “secret writing.” Example: covering data with text A in ASCII - 01000001 Between two words a single space - 0 and a double space - 1
1.51 Image Steganography R + G + B 8 + 8 + 8=24 bits
1.52 1.4.2 LSB Steganography Example: covering data under color image
1.53 Green: -Find The Difference?
1.54 Tools for Stenography  http://www.jjtc.com/Steganography/ toolmatrix.htm
1.55 1-5 THE REST OF THE BOOK 1-5 THE REST OF THE BOOK The rest of this book is divided into four parts. The rest of this book is divided into four parts. Part One: Symmetric-Key Enciphermen Part One: Symmetric-Key Enciphermen Part Two: Asymmetric-Key Encipherment Part Two: Asymmetric-Key Encipherment Part Three: Integrity, Authentication, and Key Management Part Three: Integrity, Authentication, and Key Management Part Four: Network Security Part Four: Network Security

More Related Content

PPTX
Wireless Communication and MobileCo5.pptx
AbdurehmanDawud
 
PPT
lec security
Engr. ZEESHAN QAISER
 
PPT
Aspects of Network Security
SHUBHA CHATURVEDI
 
PPTX
Cybersecurity-Protecting-Our-Digital-World (1).pptx
JitendraGupta187
 
PDF
Cybersecurity-Protecting-Our-Digital-World (1).pdf
JitendraGupta187
 
PDF
Chapter 1 - Introduction.pdf
EthioDotNetDeveloper
 
PPTX
Information security
Rohit Gir
 
PPT
Information security and compliance areas
rahulshah641439
 
Wireless Communication and MobileCo5.pptx
AbdurehmanDawud
 
lec security
Engr. ZEESHAN QAISER
 
Aspects of Network Security
SHUBHA CHATURVEDI
 
Cybersecurity-Protecting-Our-Digital-World (1).pptx
JitendraGupta187
 
Cybersecurity-Protecting-Our-Digital-World (1).pdf
JitendraGupta187
 
Chapter 1 - Introduction.pdf
EthioDotNetDeveloper
 
Information security
Rohit Gir
 
Information security and compliance areas
rahulshah641439
 

Similar to ch_01 Introduction.ppt ( information cyber security) (20)

PPT
Ch01 Introduction to Security
Information Technology
 
PDF
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
PPT
Lecture1 Introduction
rajakhurram
 
DOCX
E sec chaptr-1
123aleena
 
PDF
Insider threat webinar slides no cn
DevOps.com
 
PPTX
INS_CH-1INS_CH-1INS_CH-1INS_CH-1INS_CH-1.pptx
rukminipamul123
 
PPTX
Lecture1-InforSec-Computer and Internet security.pptx
markhorid1
 
PDF
Information systems security_awareness_fy10
Wesen Tegegne
 
PPTX
OSI_Security_Architecture Computer Science.pptx
faizanaseem873
 
PDF
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
PPTX
Information Security : Is it an Art or a Science
Pankaj Rane
 
PPTX
Module1 PP5t3g5g5yg5ygh5tgh5g56gh5g5gT.pptx
ThanushB1
 
PPTX
Unit5-week2_ cryptography attacksss.pptx
ssuserb2b355
 
PPTX
Network Security
Puneet Abichandani
 
PDF
Network security unit 1,2,3
WE-IT TUTORIALS
 
PPTX
02-overview.pptx
EmanAzam
 
PDF
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
CyberPro Magazine
 
PPTX
INTRODUCTION AND ACCESS CONTROL.pptx
DAKSHATAPANCHAL2
 
PPTX
Cyber Crime, Space and Security (2).pptx
Vignan's Foundation for Science, Technology and Research (Deemed to be University)
 
PDF
Cyber Security Services in India - DigitDefence
yams12611
 
Ch01 Introduction to Security
Information Technology
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
Lecture1 Introduction
rajakhurram
 
E sec chaptr-1
123aleena
 
Insider threat webinar slides no cn
DevOps.com
 
INS_CH-1INS_CH-1INS_CH-1INS_CH-1INS_CH-1.pptx
rukminipamul123
 
Lecture1-InforSec-Computer and Internet security.pptx
markhorid1
 
Information systems security_awareness_fy10
Wesen Tegegne
 
OSI_Security_Architecture Computer Science.pptx
faizanaseem873
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
Information Security : Is it an Art or a Science
Pankaj Rane
 
Module1 PP5t3g5g5yg5ygh5tgh5g56gh5g5gT.pptx
ThanushB1
 
Unit5-week2_ cryptography attacksss.pptx
ssuserb2b355
 
Network Security
Puneet Abichandani
 
Network security unit 1,2,3
WE-IT TUTORIALS
 
02-overview.pptx
EmanAzam
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
CyberPro Magazine
 
INTRODUCTION AND ACCESS CONTROL.pptx
DAKSHATAPANCHAL2
 
Cyber Crime, Space and Security (2).pptx
Vignan's Foundation for Science, Technology and Research (Deemed to be University)
 
Cyber Security Services in India - DigitDefence
yams12611
 
Ad

Recently uploaded (20)

PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PPTX
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
Well-logging-methods_new................
ZafriFarid
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PPT on Performance Review to get promotions
prashant593122
 
Project quality management in manufacturing
BarMusaTetik
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Ad

ch_01 Introduction.ppt ( information cyber security)

  • 2. 1.2  Book:  Cryptography and Network Security: By Forouzan B. McGraw-Hill
  • 3. 1.3 3 Continued..  References:  Cryptography: Theory and Practice by Douglas R. Stinson CRC press  Cryptography and Network Security: Principles and Practice; By William Stallings Prentice Hall  Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, CRC Press
  • 4. The Art of War 1.4
  • 5. 1.5
  • 6. 1.6
  • 7. 1.7
  • 8. 1.8 The art of war teaches us not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. --The art of War, Sun Tzu
  • 9. 1.9 Information Security  Information is an asset  Physical file vs. E-file  From whom it is to be hidden ?  Who can change ?  Who can access ?  Authorised vs. Unauthorised access
  • 10. 1.10 Cryptography:  from Greek  kryptós, "hidden",  and gráphein, "to write"  traditionally, the study of means of converting information from its normal, comprehensible form into an incomprehensible format. rendering it unreadable without secret knowledge.  Past: Cryptography helped ensure secrecy in important communications, such as those of spies, military, war, and diplomats.
  • 11. 1.11 In recent decades, cryptography has expanded in two ways: mechanisms for more than just keeping secrets: schemes like digital signatures and digital cash, for example. in widespread use by many civilians, and users are not aware about it.
  • 12. 1.12 Network Security Model Trusted Third Party principal principal Security transformation Security transformation attacker
  • 13. 1.13 On submitting their assignments online, 4 learners have received their mark sheets and the discussion is as follows: Learner A: Oh! my optional subject is SC but I scored 60 in MSS which I have not opted for. Learner B: I have answered only two questions yet I secured 80 marks in ICS! Learner C: I was absent for the ICS exam but to my utter surprise I found 90 marks in it! Learner D: I had done very well in BDA but I have scored 0 in BDA ! Scenario-1
  • 15. 1.15 Define: SECURITY ATTACK: Any action that disturbs normal flow of information being sent between sender and receiver is termed as a security attack. So Information Security is about how to prevent attacks, to detect attacks, on information-based systems.
  • 16. 1.16 Kinds of Attack: Interruption A B Cut wire lines, Jam wireless signals, Drop packets
  • 20. 1.20 Father: Good morning my boy. After a long Vacation it is time to join the first day of your college and I have credited Rs 20,000 online in your bank account for your monthly expenditure. Son: Thank you father, I shall check my account once I reach my hostel. Scenario-2
  • 21. 1.21 The series of activities that take place are as follows: • Next day son finds that the amount has not been credited - this depicts attack on availability. • Son e-mails his father and confirms and also requests him to send an additional amount Rs 10,000. •This information is observed by an intruder and captures the data from a remote location - this depicts attack on confidentiality. Scenario-2 (Contd…)
  • 22. 1.22 • Next day the father receives sons e-mail and finds that son is requesting him to send Rs 1,00000 more which made him surprised. - this depicts modification of message • Father confirms once more whether it is the e-mail sent by his son by reconfirming his email ID. But no doubt the senders address was confirmed and he could find that it has come from his son. - this depicts fabrication of data. Scenario-2 (Contd…)
  • 23. 1.23 Puzzle: 1)As SERUTAERC is to creatures so is ENOHPELET is to _________? Ans: Telephone
  • 24. 1.24 1.24 Puzzle: 2)If word PEREGRINATION stands for 1232435678596, put down the code for the following words: a) Ration b) Grip Ans: 378596 4351
  • 25. 1.25 1.25 Puzzle: 3)As BAD is to 428, GOOD is to --------? Ans 1430308
  • 26. 1.26 4)As meet is to PHHW, party is to _________? Ans: SDUWB Puzzle: Guess Who ? Julius Caesar was a renowned general, politician and scholar in ancient Rome
  • 27. 1.27 The Reserve Bank of India (RBI RBI) has mandated that from 1st Aug 2009 all online credit card transactions require an extra level of verification. Your credit card issuing banks are therefore, implementing a "Verified by VISA Verified by VISA" or "MasterCard MasterCard SecureCode SecureCode" password. Apart from the three digit CVV, You will need this password to continue transacting online from 1st Aug 2009. How it works?
  • 28. 1.28 • By National Payments Corporation of India (NPCI) • All merchant discount rate (MDR) charges were eliminated • Unified Payments Interface (UPI) developed by NPCI • RuPay debit cards are widely accepted within India, Visa debit cards have a higher level of acceptance and can be used at almost all merchants, including international ones.
  • 29. 1.29 Q: What is the "Verified by VISA"/"MasterCard SecureCode" password? A: This is the password that your credit card issuing Bank provides. For example - ICICI Bank, HDFC Bank, Citibank, HSBC Bank, Axis Bank, SBI etc. This password is the additional layer of security for all your online transactions. Benefits Benefits of "Verified by VISA"/"MasterCard SecureCode" password: Even if you lose / misplace your credit card it cannot be misused online as the password is not present on the card Remember: Keep your password safe. Do not share your cvv/password/OTP with anyone.
  • 30. 1.30 SECURITY GOALS (CIA) SECURITY GOALS (CIA) This section defines three security goals. This section defines three security goals. 1.1.1 Confidentiality 1.1.2 Integrity 1.1.3 Availability Figure 1.1 Taxonomy of security goals
  • 31. 1.31 1.1.1 Confidentiality Confidentiality is probably the most common aspect of information security. We need to protect our confidential information. An organization needs to guard against those malicious actions that endanger the confidentiality of its information. B’cos ‘INFORMATION IS POWER’ i.e. hide information from unauthorized access
  • 32. 1.32 1.1.2 Integrity •Information needs to be changed constantly. •Integrity means that changes need to be done only by authorized entities and through authorized mechanisms. i.e. Protect from unauthorized change Ex:BANK- Deposit, Withdraws
  • 33. 1.33 1.1.3 Availability •The information created and stored by an organization needs to be available to authorized entities, when it is needed . •Also Information needs to be constantly changed i.e. At the same time it must be accessible to authorized entities.
  • 34. 1.34 Attacks Vs. Threates Threat: refers to a potential for violation of security. i.e. a potential danger. Attack: an assault on system security. i.e. an attempt.
  • 35. 1.35 1-2 ATTACKS 1-2 ATTACKS The three goals of security - confidentiality, integrity, The three goals of security - confidentiality, integrity, and availability(CIA) and availability(CIA) can be threatened by security can be threatened by security attacks. attacks. 1.2.1 Attacks Threatening Confidentiality 1.2.2 Attacks Threatening Integrity 1.2.3 Attacks Threatening Availability 1.2.4 Passive versus Active Attacks Topics discussed in this Topics discussed in this section: section:
  • 36. 1.36 Figure 1.2 Taxonomy of attacks with relation to security goals Continued…
  • 37. 1.37 1.2.1 Attacks Threatening Confidentiality Snooping refers to unauthorized access to or interception of data. Ex: listen to and use it later Sol: encrypt data Traffic analysis refers to obtaining some other type of information by monitoring online traffic. Such as- e-mail id, location/address of sender or receiver, etc.
  • 38. 1.38 1.2.2 Attacks Threatening Integrity Modification means that the attacker intercepts the message and changes it. Masquerading or spoofing happens when the attacker impersonates somebody else. Replaying means the attacker obtains a copy of a message sent by a user and later tries to replay it. Repudiation means that sender of the message might later deny that she has sent the message; the receiver of the message might later deny that he has received the message.
  • 39. 1.39 1.2.3 Attacks Threatening Availability Denial of service (DoS) is a very common attack. It may slow down or totally interrupt the service of a system.
  • 40. 1.40 Vulnerabilities (a weakness or lacuna)  Human vulnerabilities  human behavior or action.  Ex: Clicking on a link in an email msg. from a questionable source.  Protocol vulnerabilities(TCP,IP,ARP,DNS…)  The design of security protocols may lead to replay or man-in-the-middle attack.  Sniffing passwords from a LAN  Software vulnerabilities  SQL injection, cross-site scripting …  Configuration vulnerabilities
  • 41. 1.41 1.2.4 Passive vs. Active Attacks Table 1.1 Categorization of passive and active attacks Passive Attacks: just to obtain information without affecting the system resoures. Active Attacks: modify the data stream that affects the resources and their operation.
  • 42. 1.42 Crypto-graphy, -analysis, - logy  The study of how to circumvent the use of cryptography is called cryptanalysis, or codebreaking.  Cryptography and cryptanalysis are sometimes grouped together under the umbrella term cryptology, encompassing the entire subject.  In practice, "cryptography" is also often used to refer to the field as a whole.  Cryptography is an interdisciplinary subject,  linguistics  Mathematics: number theory, information theory, computational complexity, statistics and combinatorics  engineering
  • 43. 1.43 1-3 SERVICES AND MECHANISMS 1-3 SERVICES AND MECHANISMS ITU-T* provides some security services and some ITU-T* provides some security services and some mechanisms to implement those services. Security mechanisms to implement those services. Security services and mechanisms are closely related . services and mechanisms are closely related . because because a mechanism or combination of mechanisms are used to provide a service. . 1.3.1 Security Services 1.3.2 Security Mechanism 1.3.3 Relation between Services and Mechanisms Topics discussed in this section: Topics discussed in this section: *ITU-T: INTERNATIONAL TELECOMMUNICATION UNION –TELECOM. STANDARDIZATION SECTOR
  • 44. 1.44 1.3.1 Security Services Figure 1.3 Security services
  • 45. 1.45 1.3.2 Security Mechanism Figure 1.4 Security mechanisms
  • 46. 1.46 1.3.2 Security Mechanisms Enciphrement: hiding hiding or covering data. or covering data. Data integrity: Sender appends a checkvalue checkvalue, receiver verifies it. Digital Signature: Sender can electronically electronically sign sign, Receiver verifies verifies it. Authentication Exchange: exchange of msg. to prove their identity. Traffic padding: insertion of false data, that may prevent traffic analysis Routing control: changing different available roots, to avoid eavesdropping. Notarization: A trusted third-party controls the communication, to assure nonrepudiation. Access control: access rights to users. Ex: R/W, password, PINs.
  • 47. 1.47 1.3.3 Relation between Services and Mechanisms Table 1.2 Relation between security services and mechanisms
  • 48. 1.48 1-4 TECHNIQUES 1-4 TECHNIQUES •The actual implementation of security goals needs The actual implementation of security goals needs some techniques. some techniques. •Two techniques are prevalent today: Two techniques are prevalent today: •cryptography and steganography. cryptography and steganography. 1.4.1 Cryptography 1.4.2 Steganography Topics discussed in this section: Topics discussed in this section:
  • 49. 1.49 1.4.1 Cryptography Cryptography, a word with Greek origins, means “secret writing.” However, the term is used to refer to the science and art of transforming messages to make them secure and immune to attacks. •Encryption-Decryption Encryption-Decryption •Symmetric-Key Encipherment (secret key) Symmetric-Key Encipherment (secret key) •Asymmetric-Key Encipherment Asymmetric-Key Encipherment (public key-private (public key-private key) key)
  • 50. 1.50 1.4.2 Steganography The word steganography, with origin in Greek, means “covered writing,” in contrast with cryptography, which means “secret writing.” Example: covering data with text A in ASCII - 01000001 Between two words a single space - 0 and a double space - 1
  • 51. 1.51 Image Steganography R + G + B 8 + 8 + 8=24 bits
  • 52. 1.52 1.4.2 LSB Steganography Example: covering data under color image
  • 53. 1.53 Green: -Find The Difference?
  • 54. 1.54 Tools for Stenography  http://www.jjtc.com/Steganography/ toolmatrix.htm
  • 55. 1.55 1-5 THE REST OF THE BOOK 1-5 THE REST OF THE BOOK The rest of this book is divided into four parts. The rest of this book is divided into four parts. Part One: Symmetric-Key Enciphermen Part One: Symmetric-Key Enciphermen Part Two: Asymmetric-Key Encipherment Part Two: Asymmetric-Key Encipherment Part Three: Integrity, Authentication, and Key Management Part Three: Integrity, Authentication, and Key Management Part Four: Network Security Part Four: Network Security