SlideShare a Scribd company logo

COMPUTER Computer science SECURITY-CHAPTER-ONE.ppt

Download as PPT, PDF
G
gadisaAdamu

The document discusses the goals and mechanisms of information security, emphasizing the importance of confidentiality, integrity, and availability (CIA). It outlines various security attacks and their classifications into passive and active attacks, detailing specific threats and their impacts on information systems. Additionally, it describes security services that enhance data protection, including mechanisms for encryption, authentication, and access control.

Engineering
1 of 48
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
o— Network security CHAPTER ONE
Objective • Define the 3 goals of information security • Identify security attacks • Understand relationship b/n security services and goals • Define security mechanisms to provide security services 2
Introduction • We are living in information age • Information is an asset like other assets. • It need to be secured from attack • Until few decades ago, information collected by organization was stored on physical files and protected physically. • With the advent of computers, storages become electronic in networked and distributed system environment. 3
Cont'd... • The U.S. Government’s National Information Assurance Glossary defines INFOSEC as: “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. ” 4
Cont’d... • An Information System (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, and procedures necessary to use information as a resource in the organization • The computer can be either or both the subject of an attack and/or the object of an attack • When a computer is — the subject of an attack, it is used as an active tool to conduct the attack — the object of an attack, it is the entity being attacked 5
Security Goals Security addresses 3 widely accepted elements or areas of focus/goals (referred to as the “CIA”): • In military hiding sensitive information , in factory hiding some crucial operation, ... all are called confidentiality • Confidentiality is both in stored state and in transit state. 6
Confidentiality • Confidentiality :This term covers two related concepts: — Data confidentiality: Assures that private information/resources(resource and configuration hiding) are not made available or disclosed to unauthorized individuals • In networked environment, it means only sender and receiver should know message contents — Privacy: Assures that individuals control what information may be collected and stored and by whom and to whom that information may be disclosed • Eg physician 7
Integrity • Information need to be changed constantly. - Eg. In bank, when customer deposits or withdraws, the balance has to be changed. • Integrity means that changes need to be done only by authorized entity and through authorized mechanism. • In network communication, integrity means the message need no be altered with out sender’s and receiver’s knowledge 8
Availability • The information created and stored by an organization need to be available for authorized entities. • Information is useless if it is not available . - Eg. If bank customer unable to access their account for transactions. • This goal of security known as Availability 9
Attacks • Security Attack: any action that compromises the security of information owned by an organization. • The 3 goal of security can be threaten by two kinds of security attacks. - Passive attacks: attempts to learn or make use of information from the system but does not affect system resources. - Active attacks: attempts to alter system resources or affect their operation. • Security attacks can also be grouped into 3 based on security goals it targets. 10
Cont’d... | Attacks Active/Passive Threatening Snooping Traffic Analysis Passive Confidentiality Modification Masquerading Replaying Repudiation Active Integrity Denial of Service Active MRk1---- ---i Availability 11
Passive Attacks Snooping refers to unauthorized access to or interception of information on transit. Traffic analysis refers to getting information monitoring online traffic. Example. Sender and receiver email ID. The revealing of the information may harm the sender and receiver of the message. But, the system is not affected. 12
Cont’d... • The goal of the opponent is to obtain information that is being transmitted. • Two types of passive attacks are the release of message contents(or sniffing) and traffic analysis. Release of message contents: A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information; we would like to prevent an opponent from learning the contents. It is also called interception: An attack on confidentiality l J Source Destination Attack 13
Cont'd... • Packet sniffer: a program that records a copy of every packet that flies by including such sensitive information as passwords, trade secrets, private personal messages, etc. • Sniffed packets can then be analyzed offline for sensitive information • Packet sniffer software are freely available and some are commercial; e.g., Wireshark is a (free) packet sniffer • It is usually difficult to detect passive attacks because they do not involve any alteration of the data 14
Cont’d... • Traffic analysis: to determine - The location and - Identity of communicating hosts - Frequency and length of messages being exchanged (even if the message is encrypted). • This information might be useful in guessing the nature of the communication that was taking place 15
Cont’d... • Snooping (eavesdropping) is a passive attack; • It is unauthorized interception of information, — e.g., passive wiretapping (not necessarily physical wiring) • It is a form of disclosure • Prevent the success of these attacks? By means of encryption. • Thus , the emphasis in dealing with passive attacks is on prevention rather than detection. 16
Active Attacks • Involve some modification of the data stream or the creation of a false stream - Transit data is fully controlled by the intruder — The attacker can modify, extend, delete or play any data 17
Cont’d... • It can be subdivided into four categories: - Masquerade: also called fabrication: An attack on authenticity - Replay: An attack on Integrity - Delay: An attack on Availability - Modification/Alteration of messages: An attack on Integrity - Denial of service (also known as degrading of service or Interruption): An attack on availability - Repudiation: An attack on Integrity 18
■ ■ ■ Masquerade/spoofing Takes place when one entity pretend to be the other It is also called impersonation. Example. The attacker might steal visa card and PIN of a bank customer and pretend the he/she is that customer Can be prevented by passing process of authentication giving few access to authorized entity to impersonate Masquerade 19
Cont’d... ■ It is a form of both deception and usurpation(taking position or power illegally) ■ Note : delegation is a form of masquerading occurs when one entity authorizes a 2nd entity to perform functions on his behalf , not violation of security. ■ Common types of spoofing are: ■ IP spoofing : the attacker injects packet with false source address to the internet. ■ DNS spoofing: changing the DNS information to let it to direct to the wrong machine. ■ url spoofing/webpage phishing: legitimate web pages such as bank’s site can be reproduced in look and feel on another server controlled by attacker 20
Delay • A temporary inhibition/suspension of a service • Is a form of usurpation • Happens when attacker force the delivery take more time trough manipulation of system, network component or server component. 21
Replaying  Involves passive capture of data unit and its subsequent retransmission using path- 1,2 and 3.  The attacker obtain copy of message sent by the user and tries to replay it.  Example: if a person sent request to his bank to ask for payment to the attacker, who has done a job for him. The attacker intercepts the message and send it again to get another payment from the bank. Internet or other communications facility, Darth i Bob 22
Modification /Alteration • An unauthorized change of information • It includes 3 classes of threat: Deception : happens when receiver relies on the modified information and takes some action on it. Disruption or usurpation: if the modified data controls the operation of the system. Active wiretapping: altering transit data across a network • Example man-in-the-middle attack in which intruder reads the message from sender and sends modified version to the recipient. 23
Repudiation • Unlike the other type of attack, this attack can be performed either by one of the two parties (the sender or the receiver of the message) • The sender/ receiver of the message might later deny that he/she has sent/received the message. ■ Eg. A customer may request his bank to pay some money to some 3rd party but later denying that he/she has made the request. ■ On the receiver side, when a person buys a product from manufacturer and pays it electronically, but the manufacturer later denies having received the payment and asks to be paid again 24
Denial of Service  DOS or degradation of service is very common attack  Any device has operational limit(workload)  Workload for a device may be defined as number of simultaneous users, size of file, the speed of data transmission and storage capacity.  If you exceed any of these limits, the excess load stops the system from responding.  The attacker make resources(servers and bandwidth) unavailable for legitimate traffic by overwhelming with bogus/fake traffic. 25
Cont’d... • The server crashes because of the heavy load. • Some times the attacker intercept and deletes a server’s response to a client, making the client to believe that the server is not responding • Distributed DOS: attacking a victim by many computers called Zombies(slaves which are member of botnets infected with malicious software and controlled as a group without the owners' knowledge, e.g. to send spam.)) simultaneously with large number of packets. 26
Cont’d... E-mail bombing: flooding someone’s mail store — Smurf spoo fed attack: IP of sendin g a victim. a "ping" multicast The recipient will or broadcast respond with with a a "pon g- to erth e - service CNN vict ^ been attacks and eBay reports against of incidences of major sites such distribute d as Amazon, denial of Yahoo , 27
Cont’d... ■ The attacker may also intercept requests from client, causing them to send requests too many times and overload the system ■ It is blocking access of legitimate users to a system/service ■ DOS may occur on the source(preventing the server from obtaining resources for its normal operation and hindering not to respond and give service) at the destination 28
Cont’d... ■ It slow down or totally interrupt the service ■ This attack may have a specific target S An entity may suppress all messages directed to a particular destination (e.g., The security audit service). S Disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance 29
Security service ■ A service that enhances the security of data processing systems and information transfers. ■ A security service makes use of one or more security mechanisms. ■ ITU-T(x.800X)International Telecommunication Union Telecommunication Standard defined 5 services related to the security goal and attacks. 30
Services 31
Cont’d... • Data confidentiality: The protection of data from unauthorized disclosure. — It is protection of transmitted data from passive attacks • The broadest level service protects all user data transmitted between two users over a period of time. • The narrower form protect a single message or even specific fields within a message. — Other aspect of confidentiality is the protection of traffic flow from analysis. • It requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility. 32
Cont'd... • Data integrity: it assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). — Integrity can apply to a stream of messages, a single message, or selected fields within a message. — Most useful and straightforward approach is total stream protection • A connection-oriented integrity service deals with a stream of messages, - It assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays. — Connectionless integrity service deals with individual messages without regard to any larger context, generally provides protection against message modification only. 33
Cont’d... • If a violation of integrity is detected, — The service may simply report this violation, and some other portion of software or human intervention is required to recover from the violation. — Alternatively, there are mechanisms available to recover from the loss • Automated recovery mechanisms is, in general, the more attractive alternative. 34
Cont’d... • Authentication: The assurance that the communicating entity is the one that it claims to be. — Peer Entity Authentication: • In connection-oriented communication, it provides authentication of the sender or receiver during connection establishment. - Data-Origin Authentication • In a connectionless communication, it authenticate the source of the data 35
Cont’d... • Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. • Proof of Origin - Proof that the message was sent by the specified party. • Proof of Delivery - Proof that the message was received by the specified party. 36
Cont'd... • Access control: The prevention of unauthorized use of a resource. • This service controls - Who can have access to a resource, - Under what conditions access can occur, and - What those accessing the resource are allowed to do. 37
Security Mechanism • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. ■ Security services and mechanisms are closely related. b/c a mechanism or a set of mechanism is used to provide a service ■ A wide variety of security schemes can be invented to counter malicious attacks. ■ The mechanisms are divided into ■ Those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol, and ■ Those that are not specific to any particular protocol layer or security service. 38
Encipherment • It is hiding or covering data to provide confidentiality • Today 2 techniques are used for enciphering - Cryptography • One can tell that a message has been encrypted, but he cannot decode the message without knowing the proper key. - Steganography • To hide the message a word or line can be shifted; whitespaces can be used, even the number and position of the vowels are utilized to conceal the secret message. 39
Data integrity • This mechanism appends a short check value that has been created from the data itself by specific process to the data. - The receiver receives the data and check value; - Creates new check value from the data; - Compares the new check value with the received one. • If the two check values are the same, the integrity of the data has been preserved 40
Digital signature • It is a means by which the sender can electronically sign the data and receiver can electronically verify the signature. • The sender with private key which is related to the public key he/she has announced publicly sends the data. • The receiver uses the sender’s public key to prove that the message is indeed signed by the sender who claim to have sent the message. 41
Authentication Exchange • In authentication exchange, two entities some message to prove their identity each other. - Eg. One entity can prove that he/she knows a secret that only he/she supposed to know 42
Traffic padding • It means inserting some bogus data into the data traffic to thwart the adversary's attempt to use the traffic analysis. 43
Routing control • It means selecting and continually changing different available route between sender and receiver to prevent the opponent from eavesdropping on a particular route. 44
Notarization • It is selecting 3rd trusted party between the two parties to control the communication. • This can be done to prevent from repudiation. - To prevent the sender from denying after sending request and - To prevent the receiver from denying after receiving the data. 45
Access control • It is method used to prove that a user has access right to data or resources owned by a system. • This can be proofed by using password and PIN 46
Relationship between services and mechanisms Security Services Security Mechanisms Data confidentiality Encipherment and Routing control Data Integrity Encipherment , Digital Signature and Data integrity Authentication Encipherment , Digital Signature and Authentication Exchange Nonrepudiation Digital Signature, Data integrity and Notarization Access Control Access control mechanism 47
The end 48

More Related Content

PPTX
CNS Module 1 in cryptography and network security
bodamaddy
 
PPTX
Information system security Unit 1.pptx
Dr. Pallawi Bulakh
 
PPTX
Network security
Attaullah Khan
 
PDF
Cryptography Network Security Introduction
Alwyn Rajiv
 
PPTX
INS_CH-1INS_CH-1INS_CH-1INS_CH-1INS_CH-1.pptx
rukminipamul123
 
PDF
Data information and security unit 1.pdf
deepakbharathi16
 
PPTX
CS PPT CHP 1 PART 1-Types of attacks and basics of computer security.pptx
ShreyaChavan28
 
PPTX
Data Network Security
Atif Rehmat
 
CNS Module 1 in cryptography and network security
bodamaddy
 
Information system security Unit 1.pptx
Dr. Pallawi Bulakh
 
Network security
Attaullah Khan
 
Cryptography Network Security Introduction
Alwyn Rajiv
 
INS_CH-1INS_CH-1INS_CH-1INS_CH-1INS_CH-1.pptx
rukminipamul123
 
Data information and security unit 1.pdf
deepakbharathi16
 
CS PPT CHP 1 PART 1-Types of attacks and basics of computer security.pptx
ShreyaChavan28
 
Data Network Security
Atif Rehmat
 

Similar to COMPUTER Computer science SECURITY-CHAPTER-ONE.ppt (20)

PPTX
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
sangeeta borde
 
PPTX
BCA-601N_final_1-1.pptx uuggjjgghjjhhjjj
survhiagrawal
 
PPTX
BCA-601N_final_1-1Finalsem6metworks.pptx
PareshLimbad1
 
PPTX
Unit 1-NETWORK Security.pptx............
r47381047
 
PPTX
KCS074_CGNS_L1_PPT1.pptx
john942994
 
PPTX
Introduction of network security
sneha padhiar
 
PPT
cryptographic security
Priyamvada Singh
 
PDF
wireless networking chapter three WAN.pdf
amarehope21
 
PPTX
week#03 Lecture #02.pptx, computer scien
graphicsra41
 
PPTX
cryptography introduction.pptx
BisharSuleiman
 
PPTX
Network Security
moviebro1
 
PPTX
CNS Unit-1.pptx
bhaskar810658
 
PPTX
Chapter- I introduction
Dr.Florence Dayana
 
PDF
Chapter-I introduction
Dr.Florence Dayana
 
PPT
Lecture 01- What is Information Security.ppt
shahadd2021
 
PPTX
Network security and cyber law (1).pptx
arpanjakhmola007
 
PPTX
Introduction to Cryptography
UmangThakkar26
 
PPTX
IT.pptx
RaaviKapoor
 
PPSX
Communication Networ ks Lecture 20.ppsx
lakshman110405
 
PPTX
typesofattacks-180418113629 255536155.pptx
abduganiyevbekzod011
 
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
sangeeta borde
 
BCA-601N_final_1-1.pptx uuggjjgghjjhhjjj
survhiagrawal
 
BCA-601N_final_1-1Finalsem6metworks.pptx
PareshLimbad1
 
Unit 1-NETWORK Security.pptx............
r47381047
 
KCS074_CGNS_L1_PPT1.pptx
john942994
 
Introduction of network security
sneha padhiar
 
cryptographic security
Priyamvada Singh
 
wireless networking chapter three WAN.pdf
amarehope21
 
week#03 Lecture #02.pptx, computer scien
graphicsra41
 
cryptography introduction.pptx
BisharSuleiman
 
Network Security
moviebro1
 
CNS Unit-1.pptx
bhaskar810658
 
Chapter- I introduction
Dr.Florence Dayana
 
Chapter-I introduction
Dr.Florence Dayana
 
Lecture 01- What is Information Security.ppt
shahadd2021
 
Network security and cyber law (1).pptx
arpanjakhmola007
 
Introduction to Cryptography
UmangThakkar26
 
IT.pptx
RaaviKapoor
 
Communication Networ ks Lecture 20.ppsx
lakshman110405
 
typesofattacks-180418113629 255536155.pptx
abduganiyevbekzod011
 
Ad

More from gadisaAdamu (20)

PDF
Addis ababa of education plan.docxJOSY 10 C.pdf
gadisaAdamu
 
PDF
Addis ababa college of education plan.docxjosy 10 A.pdf
gadisaAdamu
 
PPT
Lecture -3 Classification(Decision Tree).ppt
gadisaAdamu
 
PPT
Lecture -2 Classification (Machine Learning Basic and kNN).ppt
gadisaAdamu
 
PPT
Lecture -8 Classification(AdaBoost) .ppt
gadisaAdamu
 
PPT
Lecture -10 AI Reinforcement Learning.ppt
gadisaAdamu
 
PPTX
Updated Lensa Research Proposal (1).pptx
gadisaAdamu
 
PPTX
Lensa research presentation Powepoint.pptx
gadisaAdamu
 
PPTX
Lensa Habtamu Updated one Powerpoint.pptx
gadisaAdamu
 
PPTX
Updated Lensa Research Proposal (1).pptx
gadisaAdamu
 
PPTX
Lensa Updated research presentation Powerpoint.pptx
gadisaAdamu
 
PPTX
AI Chapter Two.pArtificial Intelligence Chapter One.pptxptx
gadisaAdamu
 
PPTX
Artificial Intelligence Chapter One.pptx
gadisaAdamu
 
PPTX
Introduction to Embeded System chapter 1 and 2.pptx
gadisaAdamu
 
PPT
Chapter Five Synchonization distributed Sytem.ppt
gadisaAdamu
 
PPTX
Introduction to Embeded System chapter one and 2.pptx
gadisaAdamu
 
PPT
chapter distributed System chapter 3 3.ppt
gadisaAdamu
 
PPTX
Chapter 2- distributed system Communication.pptx
gadisaAdamu
 
PPTX
Chapter 1-Introduction to distributed system.pptx
gadisaAdamu
 
PPTX
chapter AI 4 Kowledge Based Agent.pptx
gadisaAdamu
 
Addis ababa of education plan.docxJOSY 10 C.pdf
gadisaAdamu
 
Addis ababa college of education plan.docxjosy 10 A.pdf
gadisaAdamu
 
Lecture -3 Classification(Decision Tree).ppt
gadisaAdamu
 
Lecture -2 Classification (Machine Learning Basic and kNN).ppt
gadisaAdamu
 
Lecture -8 Classification(AdaBoost) .ppt
gadisaAdamu
 
Lecture -10 AI Reinforcement Learning.ppt
gadisaAdamu
 
Updated Lensa Research Proposal (1).pptx
gadisaAdamu
 
Lensa research presentation Powepoint.pptx
gadisaAdamu
 
Lensa Habtamu Updated one Powerpoint.pptx
gadisaAdamu
 
Updated Lensa Research Proposal (1).pptx
gadisaAdamu
 
Lensa Updated research presentation Powerpoint.pptx
gadisaAdamu
 
AI Chapter Two.pArtificial Intelligence Chapter One.pptxptx
gadisaAdamu
 
Artificial Intelligence Chapter One.pptx
gadisaAdamu
 
Introduction to Embeded System chapter 1 and 2.pptx
gadisaAdamu
 
Chapter Five Synchonization distributed Sytem.ppt
gadisaAdamu
 
Introduction to Embeded System chapter one and 2.pptx
gadisaAdamu
 
chapter distributed System chapter 3 3.ppt
gadisaAdamu
 
Chapter 2- distributed system Communication.pptx
gadisaAdamu
 
Chapter 1-Introduction to distributed system.pptx
gadisaAdamu
 
chapter AI 4 Kowledge Based Agent.pptx
gadisaAdamu
 
Ad

Recently uploaded (20)

PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PPTX
web development for engineering and engineering
keshriji700
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PDF
composite construction of structures.pdf
AinieButt1
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Welding lecture in detail for understanding
sahilpoonia10
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
web development for engineering and engineering
keshriji700
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
PPT on Performance Review to get promotions
prashant593122
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
composite construction of structures.pdf
AinieButt1
 
Construction Project Organization Group 2.pptx
vj5agdales
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 

COMPUTER Computer science SECURITY-CHAPTER-ONE.ppt

  • 2. Objective • Define the 3 goals of information security • Identify security attacks • Understand relationship b/n security services and goals • Define security mechanisms to provide security services 2
  • 3. Introduction • We are living in information age • Information is an asset like other assets. • It need to be secured from attack • Until few decades ago, information collected by organization was stored on physical files and protected physically. • With the advent of computers, storages become electronic in networked and distributed system environment. 3
  • 4. Cont'd... • The U.S. Government’s National Information Assurance Glossary defines INFOSEC as: “Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. ” 4
  • 5. Cont’d... • An Information System (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, and procedures necessary to use information as a resource in the organization • The computer can be either or both the subject of an attack and/or the object of an attack • When a computer is — the subject of an attack, it is used as an active tool to conduct the attack — the object of an attack, it is the entity being attacked 5
  • 6. Security Goals Security addresses 3 widely accepted elements or areas of focus/goals (referred to as the “CIA”): • In military hiding sensitive information , in factory hiding some crucial operation, ... all are called confidentiality • Confidentiality is both in stored state and in transit state. 6
  • 7. Confidentiality • Confidentiality :This term covers two related concepts: — Data confidentiality: Assures that private information/resources(resource and configuration hiding) are not made available or disclosed to unauthorized individuals • In networked environment, it means only sender and receiver should know message contents — Privacy: Assures that individuals control what information may be collected and stored and by whom and to whom that information may be disclosed • Eg physician 7
  • 8. Integrity • Information need to be changed constantly. - Eg. In bank, when customer deposits or withdraws, the balance has to be changed. • Integrity means that changes need to be done only by authorized entity and through authorized mechanism. • In network communication, integrity means the message need no be altered with out sender’s and receiver’s knowledge 8
  • 9. Availability • The information created and stored by an organization need to be available for authorized entities. • Information is useless if it is not available . - Eg. If bank customer unable to access their account for transactions. • This goal of security known as Availability 9
  • 10. Attacks • Security Attack: any action that compromises the security of information owned by an organization. • The 3 goal of security can be threaten by two kinds of security attacks. - Passive attacks: attempts to learn or make use of information from the system but does not affect system resources. - Active attacks: attempts to alter system resources or affect their operation. • Security attacks can also be grouped into 3 based on security goals it targets. 10
  • 11. Cont’d... | Attacks Active/Passive Threatening Snooping Traffic Analysis Passive Confidentiality Modification Masquerading Replaying Repudiation Active Integrity Denial of Service Active MRk1---- ---i Availability 11
  • 12. Passive Attacks Snooping refers to unauthorized access to or interception of information on transit. Traffic analysis refers to getting information monitoring online traffic. Example. Sender and receiver email ID. The revealing of the information may harm the sender and receiver of the message. But, the system is not affected. 12
  • 13. Cont’d... • The goal of the opponent is to obtain information that is being transmitted. • Two types of passive attacks are the release of message contents(or sniffing) and traffic analysis. Release of message contents: A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information; we would like to prevent an opponent from learning the contents. It is also called interception: An attack on confidentiality l J Source Destination Attack 13
  • 14. Cont'd... • Packet sniffer: a program that records a copy of every packet that flies by including such sensitive information as passwords, trade secrets, private personal messages, etc. • Sniffed packets can then be analyzed offline for sensitive information • Packet sniffer software are freely available and some are commercial; e.g., Wireshark is a (free) packet sniffer • It is usually difficult to detect passive attacks because they do not involve any alteration of the data 14
  • 15. Cont’d... • Traffic analysis: to determine - The location and - Identity of communicating hosts - Frequency and length of messages being exchanged (even if the message is encrypted). • This information might be useful in guessing the nature of the communication that was taking place 15
  • 16. Cont’d... • Snooping (eavesdropping) is a passive attack; • It is unauthorized interception of information, — e.g., passive wiretapping (not necessarily physical wiring) • It is a form of disclosure • Prevent the success of these attacks? By means of encryption. • Thus , the emphasis in dealing with passive attacks is on prevention rather than detection. 16
  • 17. Active Attacks • Involve some modification of the data stream or the creation of a false stream - Transit data is fully controlled by the intruder — The attacker can modify, extend, delete or play any data 17
  • 18. Cont’d... • It can be subdivided into four categories: - Masquerade: also called fabrication: An attack on authenticity - Replay: An attack on Integrity - Delay: An attack on Availability - Modification/Alteration of messages: An attack on Integrity - Denial of service (also known as degrading of service or Interruption): An attack on availability - Repudiation: An attack on Integrity 18
  • 19. ■ ■ ■ Masquerade/spoofing Takes place when one entity pretend to be the other It is also called impersonation. Example. The attacker might steal visa card and PIN of a bank customer and pretend the he/she is that customer Can be prevented by passing process of authentication giving few access to authorized entity to impersonate Masquerade 19
  • 20. Cont’d... ■ It is a form of both deception and usurpation(taking position or power illegally) ■ Note : delegation is a form of masquerading occurs when one entity authorizes a 2nd entity to perform functions on his behalf , not violation of security. ■ Common types of spoofing are: ■ IP spoofing : the attacker injects packet with false source address to the internet. ■ DNS spoofing: changing the DNS information to let it to direct to the wrong machine. ■ url spoofing/webpage phishing: legitimate web pages such as bank’s site can be reproduced in look and feel on another server controlled by attacker 20
  • 21. Delay • A temporary inhibition/suspension of a service • Is a form of usurpation • Happens when attacker force the delivery take more time trough manipulation of system, network component or server component. 21
  • 22. Replaying  Involves passive capture of data unit and its subsequent retransmission using path- 1,2 and 3.  The attacker obtain copy of message sent by the user and tries to replay it.  Example: if a person sent request to his bank to ask for payment to the attacker, who has done a job for him. The attacker intercepts the message and send it again to get another payment from the bank. Internet or other communications facility, Darth i Bob 22
  • 23. Modification /Alteration • An unauthorized change of information • It includes 3 classes of threat: Deception : happens when receiver relies on the modified information and takes some action on it. Disruption or usurpation: if the modified data controls the operation of the system. Active wiretapping: altering transit data across a network • Example man-in-the-middle attack in which intruder reads the message from sender and sends modified version to the recipient. 23
  • 24. Repudiation • Unlike the other type of attack, this attack can be performed either by one of the two parties (the sender or the receiver of the message) • The sender/ receiver of the message might later deny that he/she has sent/received the message. ■ Eg. A customer may request his bank to pay some money to some 3rd party but later denying that he/she has made the request. ■ On the receiver side, when a person buys a product from manufacturer and pays it electronically, but the manufacturer later denies having received the payment and asks to be paid again 24
  • 25. Denial of Service  DOS or degradation of service is very common attack  Any device has operational limit(workload)  Workload for a device may be defined as number of simultaneous users, size of file, the speed of data transmission and storage capacity.  If you exceed any of these limits, the excess load stops the system from responding.  The attacker make resources(servers and bandwidth) unavailable for legitimate traffic by overwhelming with bogus/fake traffic. 25
  • 26. Cont’d... • The server crashes because of the heavy load. • Some times the attacker intercept and deletes a server’s response to a client, making the client to believe that the server is not responding • Distributed DOS: attacking a victim by many computers called Zombies(slaves which are member of botnets infected with malicious software and controlled as a group without the owners' knowledge, e.g. to send spam.)) simultaneously with large number of packets. 26
  • 27. Cont’d... E-mail bombing: flooding someone’s mail store — Smurf spoo fed attack: IP of sendin g a victim. a "ping" multicast The recipient will or broadcast respond with with a a "pon g- to erth e - service CNN vict ^ been attacks and eBay reports against of incidences of major sites such distribute d as Amazon, denial of Yahoo , 27
  • 28. Cont’d... ■ The attacker may also intercept requests from client, causing them to send requests too many times and overload the system ■ It is blocking access of legitimate users to a system/service ■ DOS may occur on the source(preventing the server from obtaining resources for its normal operation and hindering not to respond and give service) at the destination 28
  • 29. Cont’d... ■ It slow down or totally interrupt the service ■ This attack may have a specific target S An entity may suppress all messages directed to a particular destination (e.g., The security audit service). S Disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance 29
  • 30. Security service ■ A service that enhances the security of data processing systems and information transfers. ■ A security service makes use of one or more security mechanisms. ■ ITU-T(x.800X)International Telecommunication Union Telecommunication Standard defined 5 services related to the security goal and attacks. 30
  • 32. Cont’d... • Data confidentiality: The protection of data from unauthorized disclosure. — It is protection of transmitted data from passive attacks • The broadest level service protects all user data transmitted between two users over a period of time. • The narrower form protect a single message or even specific fields within a message. — Other aspect of confidentiality is the protection of traffic flow from analysis. • It requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility. 32
  • 33. Cont'd... • Data integrity: it assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). — Integrity can apply to a stream of messages, a single message, or selected fields within a message. — Most useful and straightforward approach is total stream protection • A connection-oriented integrity service deals with a stream of messages, - It assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays. — Connectionless integrity service deals with individual messages without regard to any larger context, generally provides protection against message modification only. 33
  • 34. Cont’d... • If a violation of integrity is detected, — The service may simply report this violation, and some other portion of software or human intervention is required to recover from the violation. — Alternatively, there are mechanisms available to recover from the loss • Automated recovery mechanisms is, in general, the more attractive alternative. 34
  • 35. Cont’d... • Authentication: The assurance that the communicating entity is the one that it claims to be. — Peer Entity Authentication: • In connection-oriented communication, it provides authentication of the sender or receiver during connection establishment. - Data-Origin Authentication • In a connectionless communication, it authenticate the source of the data 35
  • 36. Cont’d... • Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. • Proof of Origin - Proof that the message was sent by the specified party. • Proof of Delivery - Proof that the message was received by the specified party. 36
  • 37. Cont'd... • Access control: The prevention of unauthorized use of a resource. • This service controls - Who can have access to a resource, - Under what conditions access can occur, and - What those accessing the resource are allowed to do. 37
  • 38. Security Mechanism • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. ■ Security services and mechanisms are closely related. b/c a mechanism or a set of mechanism is used to provide a service ■ A wide variety of security schemes can be invented to counter malicious attacks. ■ The mechanisms are divided into ■ Those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol, and ■ Those that are not specific to any particular protocol layer or security service. 38
  • 39. Encipherment • It is hiding or covering data to provide confidentiality • Today 2 techniques are used for enciphering - Cryptography • One can tell that a message has been encrypted, but he cannot decode the message without knowing the proper key. - Steganography • To hide the message a word or line can be shifted; whitespaces can be used, even the number and position of the vowels are utilized to conceal the secret message. 39
  • 40. Data integrity • This mechanism appends a short check value that has been created from the data itself by specific process to the data. - The receiver receives the data and check value; - Creates new check value from the data; - Compares the new check value with the received one. • If the two check values are the same, the integrity of the data has been preserved 40
  • 41. Digital signature • It is a means by which the sender can electronically sign the data and receiver can electronically verify the signature. • The sender with private key which is related to the public key he/she has announced publicly sends the data. • The receiver uses the sender’s public key to prove that the message is indeed signed by the sender who claim to have sent the message. 41
  • 42. Authentication Exchange • In authentication exchange, two entities some message to prove their identity each other. - Eg. One entity can prove that he/she knows a secret that only he/she supposed to know 42
  • 43. Traffic padding • It means inserting some bogus data into the data traffic to thwart the adversary's attempt to use the traffic analysis. 43
  • 44. Routing control • It means selecting and continually changing different available route between sender and receiver to prevent the opponent from eavesdropping on a particular route. 44
  • 45. Notarization • It is selecting 3rd trusted party between the two parties to control the communication. • This can be done to prevent from repudiation. - To prevent the sender from denying after sending request and - To prevent the receiver from denying after receiving the data. 45
  • 46. Access control • It is method used to prove that a user has access right to data or resources owned by a system. • This can be proofed by using password and PIN 46
  • 47. Relationship between services and mechanisms Security Services Security Mechanisms Data confidentiality Encipherment and Routing control Data Integrity Encipherment , Digital Signature and Data integrity Authentication Encipherment , Digital Signature and Authentication Exchange Nonrepudiation Digital Signature, Data integrity and Notarization Access Control Access control mechanism 47