SlideShare a Scribd company logo

Dos unit 5

Download as PPTX, PDF
J
JebasheelaSJ

The document discusses computer security, outlining its necessity for protecting sensitive information and defining key goals such as secrecy, privacy, authenticity, and integrity. It categorizes threats into passive and active attacks, detailing methods like browsing, leaking, viruses, and logic bombs. It further covers cryptography, authentication, access control, and essential design principles for creating secure systems.

Education
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
UNIT- 5
Security- introduction • Computer systems store large amount of information, some of which is highly sensitive and valuable to their users. • Users can trust the system and rely on it only if the various resources and information of a computer system are protected against destruction and unauthorized access. • Obviously, the security requirements are different for different computer systems depending on the environment in which they are supposed to operate.
• Some of the common goals of computer security are as follows: 1) Secrecy: Information within the system must be accessible only to authorized users. 2) Privacy: Misuse of information must be prevented. That is, a piece of information given to a user should be used only for the purpose for which it was given. 3)Authenticity: When a user receives some data, the user must be able to verify its authenticity. 4) Integrity: Information within the system must be protected against accidental destruction or intentional corruption by an unauthorized user
Potential attacks to computer system • The first step in the provision of appropriate computer security is to identify the potential threats/attacks to computer systems. • The term intruder or attacker is commonly used to refer to a person or program trying to obtain unauthorized access to data or a resource of a computer system.
• An intruder may be a threat to computer security in many ways that are broadly classified into two categories: 1) Positive attacks 2) Active attacks • A positive attack does not cause any harm to the system being threatened , whereas an active attack does.
Positive attacks • In positive attacks, an intruder somehow tries to steal unauthorized information from the computer system without interfering with the normal functioning of the system. 1) Browsing 2) Leaking 3) Inferencing 4) Masquerading
• Browsing: In this method, intruders attempt to read stored files, message packets passing by on the network, other processes memory, and so on, without modifying any data. • Leaking: In this method, an intruder uses an accomplice who leaks the information to him or her. Prevention of leaking is a difficult problem to solve and requires preventing all types of communication between the accomplice and the intruder.
• Inferencing: In this method, an intruder tries to draw some inference by closely observing and analyzing the system’s data or the activities carried out by the system. In this case, an intruder observes when and where interprocess messages flow in the system, and by analyzing the frequency of message. • Masquerading: In this method, an intruder masquerades as an authorized user or program in order to gain access to uauthorized data or resources.
Active Attacks • Active intruders are more malicious than passive intruders. • Unlike passive attacks, active attacks interfere with the normal functioning of the system and often have damaging effects. • The most common types of damage that active attacks cause are corrupting files, destroying data, imitating hardware errors.
• Some commonly used forms of active attacks are: 1) Viruses 2) Worms 3) Logic Bombs.
• Viruses: A computer viruses is a piece of code attached to a legitimate program that, when executed, infects other programs in the system by replicating and attaching itself to them. • Worms: Worms are program that spread from one computer to another in a network of computers. • Logic Bombs: A logic bomb is a program that lies dormant until some trigger condition causes it to explode.
Cryptography • Cryptography is a means of protecting private information against unauthorized access in those situations where it is difficult to provide physical security. • The basic idea behind this security technique is that if it is not possible to prevent copying of information, it is better to prevent comprehension.
Basic Concepts and Terminologies • Two primitive operations employed by cryptography are encryption and decryption. • Encryption is the process of transforming an intelligible information into an unintelligible form. • Decryption is the process of transforming the information back from ciphertext to plaintext.
• When cryptography is employed for protecting information transmitted through communication channels, plaintext is also called a message. • Encryption is basically a mathematical function having the following form: C=E(P,Ke) Where P is the plaintext to be encrypted, Ke is an encryption key and C is the resulting ciphertext.
Symmetric and Asymmetric • There are two broad classes of cryptosystems, symmetric and asymmetric. • In a Symmetric cryptosystem, either both the encryption key(Ke) and decryption key(kd) are the same or one is easily derivable from the other. • In an asymmetric cryptosystem, on the other hand, the decryption key(kd) is not equal to the encryption key(Ke).
Authentication • Authentication deals with the problem of verifying the identity of a user before permitting access to the requested resource. • That is, an authentication mechanism prohibits the use of the system by unauthorized users by verifying the identity of a user making a request.
• Authentication basically involves identification and verification. • Identification is the process of claiming a certain identity by a user, while verification is the process of verifying the user’s claimed identity. • Thus, the correctness of an authentication process relies heavily on the verification procedure employed.
Types of authentication • The main types of authentication normally needed in a distributed system are as follows: 1) User logins authentication 2) One-way authentication of communicating entities 3) Two-way authentication of communicating entities
Approaches to Authentication • Proof by knowledge: In this approach, authentication involves verifying something that can only be known by an authorized principal. • Proof by possession: In this approach, a user proves his or her identity by producing some item that can only be possessed by an authorized principal. • Proof by property: In this approach, the system is designed to verify the identity of a user by measuring some physical characteristics of the user that are hard to forge.
User Login Authentication • As in centralized systems, a user access to a distributed system by logging in a host in the system. User identity is established at login, at all subsequent user activities are attributed to this identity. 1. Keeping passwords secret 2. Making passwords difficult to guess 3. Limiting damages done by a compromised password 4. Identifying and discourging unauthorized user logins. 5. Single sign-on for using all resources in the system.
Access Control • Once a user or a process has been authenticated, the next step in security is to devise ways to prohibit the user or the process from accessing those resources/information that he or she or it is not authorized to access. • This issue is called authorization and is dealt with by using access control mechanisms. • Access control mechanisms used in distributed systems are basically the same as those used in centralized systems.
• When talking about access control in computer systems, it is customary to use the following terms: 1. Objects 2.Subjects 3. Protection rules
Protection domains • A domain is an abstract definition of a set of access rights. • It is defined as a set of pairs. • Each pair specifies an object and one or more operations that can be performed on the object. • Each one of the allowed operations is called a right.
Design signature • A digital signature is basically a code, or a large number, that is unique for each message and to each message originator. • It is obtained by first processing the message with a hash function to obtain a small digest dependent on each bit of information in the message and then encrypting the digest by using the originator secret key.
• A protocol based on a digital signature for ensuring message integrity works as follows: 1. A sender(A) computes the digest(D) of a message(M). It then encrypts the digest D by using its secret key(Sa) to obtain a cipertext C1=E(D,Sa). A signed message is then created that consists of the senders identifier, the message M in its plaintext form, and the ciphertext C1. 2. On receiving the signed message, the receiver decrypts C1 by using the public key of the sender to recover the digest D.
Design principles • Based on their experience with Multics, Saltzer and Schroeder identified some design principles that can be used as a guide to designing secure systems. 1. Least privilage 2. Fail-safe defaults 3. Open design 4. Built in to the system 5.Check for current authority 6. Easy granting and revocation of access rights 7.Never trust other parties 8. Always ensure freshness of messages

More Related Content

PDF
BAIT1103 Chapter 1
limsh
 
PPTX
Security Mechanisms
priya_trehan
 
PPTX
Data Network Security
Atif Rehmat
 
PDF
Security in computer systems fundamentals
Manesh T
 
PDF
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
PDF
Computer security
Mahesh Singh Madai
 
PPT
Technical seminar on Security
STS
 
PPT
Network Security 1st Lecture
babak danyal
 
BAIT1103 Chapter 1
limsh
 
Security Mechanisms
priya_trehan
 
Data Network Security
Atif Rehmat
 
Security in computer systems fundamentals
Manesh T
 
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Computer security
Mahesh Singh Madai
 
Technical seminar on Security
STS
 
Network Security 1st Lecture
babak danyal
 

What's hot (20)

PPTX
Types of attacks
Vivek Gandhi
 
PPT
Chapter 01
nathanurag
 
PPTX
Security
chian417
 
PPT
Basic security concepts_chapter_1
abdifatah said
 
PPTX
Cryptography and Network security # Lecture 8
Kabul Education University
 
PDF
Network Security & Attacks
Netwax Lab
 
PPTX
Cryptography and authentication
mbadhi
 
PDF
CNS - Chapter1
JeevananthamArumugam
 
PDF
Security Basics
ArchitecTerra Ltd.
 
PDF
Network security chapter 1
osama elfar
 
PDF
Computer Security Lecture 1: Overview
Mohamed Loey
 
PPTX
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
PDF
BAIT1103 Course Overview
limsh
 
PPTX
Ppt.1
veeresh35
 
PPTX
Cryptographic Security
jp tj
 
PPT
Ch05 Network Defenses
Information Technology
 
PPTX
Network security
quest university nawabshah
 
PPTX
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
PPTX
Introduction of network security
sneha padhiar
 
PDF
Network Security Lecture
Chanankorn Jandaeng
 
Types of attacks
Vivek Gandhi
 
Chapter 01
nathanurag
 
Security
chian417
 
Basic security concepts_chapter_1
abdifatah said
 
Cryptography and Network security # Lecture 8
Kabul Education University
 
Network Security & Attacks
Netwax Lab
 
Cryptography and authentication
mbadhi
 
CNS - Chapter1
JeevananthamArumugam
 
Security Basics
ArchitecTerra Ltd.
 
Network security chapter 1
osama elfar
 
Computer Security Lecture 1: Overview
Mohamed Loey
 
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
BAIT1103 Course Overview
limsh
 
Ppt.1
veeresh35
 
Cryptographic Security
jp tj
 
Ch05 Network Defenses
Information Technology
 
Network security
quest university nawabshah
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Introduction of network security
sneha padhiar
 
Network Security Lecture
Chanankorn Jandaeng
 
Ad

Similar to Dos unit 5 (20)

PPT
Lect13 security
Umang Gupta
 
PPTX
System Security
Reddhi Basu
 
PDF
ch15.pdf
Sami Mughal
 
PPTX
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
Nune SrinivasRao
 
PDF
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
PPTX
cryptography introduction.pptx
BisharSuleiman
 
PPTX
Chapter 1 information assurance and security
garedew32
 
PDF
Cryptography-PART-1.pdf,taught in nitw 2025
kc22csb0a13
 
PPTX
Communication security
Sotheavy Nhoung
 
PPTX
operating system ppt tegeng2.pptxguktgjh
tegenefikadu91
 
PPTX
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
PDF
Information Security basic introduction by professor
adityakatare35
 
PDF
Network security & cryptography full notes
gangadhar9989166446
 
PDF
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
PDF
chapter 1-4.pdf
zerihunnana
 
PPTX
FCT UNIT 5 Foundation of computing technologies.pptx
nandinikhalane
 
PDF
OPERATING SYSTEM SECURITY
RohitK71
 
PPT
Computer Securityyyyyyyy - Chapter 1.ppt
SolomonSB
 
PPT
Infomation System Security
Kiran Munir
 
PDF
Information Security Imp +Past Paper.pdf
ag3777499
 
Lect13 security
Umang Gupta
 
System Security
Reddhi Basu
 
ch15.pdf
Sami Mughal
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
Nune SrinivasRao
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
cryptography introduction.pptx
BisharSuleiman
 
Chapter 1 information assurance and security
garedew32
 
Cryptography-PART-1.pdf,taught in nitw 2025
kc22csb0a13
 
Communication security
Sotheavy Nhoung
 
operating system ppt tegeng2.pptxguktgjh
tegenefikadu91
 
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
Information Security basic introduction by professor
adityakatare35
 
Network security & cryptography full notes
gangadhar9989166446
 
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
chapter 1-4.pdf
zerihunnana
 
FCT UNIT 5 Foundation of computing technologies.pptx
nandinikhalane
 
OPERATING SYSTEM SECURITY
RohitK71
 
Computer Securityyyyyyyy - Chapter 1.ppt
SolomonSB
 
Infomation System Security
Kiran Munir
 
Information Security Imp +Past Paper.pdf
ag3777499
 
Ad

Recently uploaded (20)

PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
master seminar digital applications in india
ananyaray35
 
Institutional Correction lecture only . . .
limvtheghins
 

Dos unit 5

  • 2. Security- introduction • Computer systems store large amount of information, some of which is highly sensitive and valuable to their users. • Users can trust the system and rely on it only if the various resources and information of a computer system are protected against destruction and unauthorized access. • Obviously, the security requirements are different for different computer systems depending on the environment in which they are supposed to operate.
  • 3. • Some of the common goals of computer security are as follows: 1) Secrecy: Information within the system must be accessible only to authorized users. 2) Privacy: Misuse of information must be prevented. That is, a piece of information given to a user should be used only for the purpose for which it was given. 3)Authenticity: When a user receives some data, the user must be able to verify its authenticity. 4) Integrity: Information within the system must be protected against accidental destruction or intentional corruption by an unauthorized user
  • 4. Potential attacks to computer system • The first step in the provision of appropriate computer security is to identify the potential threats/attacks to computer systems. • The term intruder or attacker is commonly used to refer to a person or program trying to obtain unauthorized access to data or a resource of a computer system.
  • 5. • An intruder may be a threat to computer security in many ways that are broadly classified into two categories: 1) Positive attacks 2) Active attacks • A positive attack does not cause any harm to the system being threatened , whereas an active attack does.
  • 6. Positive attacks • In positive attacks, an intruder somehow tries to steal unauthorized information from the computer system without interfering with the normal functioning of the system. 1) Browsing 2) Leaking 3) Inferencing 4) Masquerading
  • 7. • Browsing: In this method, intruders attempt to read stored files, message packets passing by on the network, other processes memory, and so on, without modifying any data. • Leaking: In this method, an intruder uses an accomplice who leaks the information to him or her. Prevention of leaking is a difficult problem to solve and requires preventing all types of communication between the accomplice and the intruder.
  • 8. • Inferencing: In this method, an intruder tries to draw some inference by closely observing and analyzing the system’s data or the activities carried out by the system. In this case, an intruder observes when and where interprocess messages flow in the system, and by analyzing the frequency of message. • Masquerading: In this method, an intruder masquerades as an authorized user or program in order to gain access to uauthorized data or resources.
  • 9. Active Attacks • Active intruders are more malicious than passive intruders. • Unlike passive attacks, active attacks interfere with the normal functioning of the system and often have damaging effects. • The most common types of damage that active attacks cause are corrupting files, destroying data, imitating hardware errors.
  • 10. • Some commonly used forms of active attacks are: 1) Viruses 2) Worms 3) Logic Bombs.
  • 11. • Viruses: A computer viruses is a piece of code attached to a legitimate program that, when executed, infects other programs in the system by replicating and attaching itself to them. • Worms: Worms are program that spread from one computer to another in a network of computers. • Logic Bombs: A logic bomb is a program that lies dormant until some trigger condition causes it to explode.
  • 12. Cryptography • Cryptography is a means of protecting private information against unauthorized access in those situations where it is difficult to provide physical security. • The basic idea behind this security technique is that if it is not possible to prevent copying of information, it is better to prevent comprehension.
  • 13. Basic Concepts and Terminologies • Two primitive operations employed by cryptography are encryption and decryption. • Encryption is the process of transforming an intelligible information into an unintelligible form. • Decryption is the process of transforming the information back from ciphertext to plaintext.
  • 14. • When cryptography is employed for protecting information transmitted through communication channels, plaintext is also called a message. • Encryption is basically a mathematical function having the following form: C=E(P,Ke) Where P is the plaintext to be encrypted, Ke is an encryption key and C is the resulting ciphertext.
  • 15. Symmetric and Asymmetric • There are two broad classes of cryptosystems, symmetric and asymmetric. • In a Symmetric cryptosystem, either both the encryption key(Ke) and decryption key(kd) are the same or one is easily derivable from the other. • In an asymmetric cryptosystem, on the other hand, the decryption key(kd) is not equal to the encryption key(Ke).
  • 16. Authentication • Authentication deals with the problem of verifying the identity of a user before permitting access to the requested resource. • That is, an authentication mechanism prohibits the use of the system by unauthorized users by verifying the identity of a user making a request.
  • 17. • Authentication basically involves identification and verification. • Identification is the process of claiming a certain identity by a user, while verification is the process of verifying the user’s claimed identity. • Thus, the correctness of an authentication process relies heavily on the verification procedure employed.
  • 18. Types of authentication • The main types of authentication normally needed in a distributed system are as follows: 1) User logins authentication 2) One-way authentication of communicating entities 3) Two-way authentication of communicating entities
  • 19. Approaches to Authentication • Proof by knowledge: In this approach, authentication involves verifying something that can only be known by an authorized principal. • Proof by possession: In this approach, a user proves his or her identity by producing some item that can only be possessed by an authorized principal. • Proof by property: In this approach, the system is designed to verify the identity of a user by measuring some physical characteristics of the user that are hard to forge.
  • 20. User Login Authentication • As in centralized systems, a user access to a distributed system by logging in a host in the system. User identity is established at login, at all subsequent user activities are attributed to this identity. 1. Keeping passwords secret 2. Making passwords difficult to guess 3. Limiting damages done by a compromised password 4. Identifying and discourging unauthorized user logins. 5. Single sign-on for using all resources in the system.
  • 21. Access Control • Once a user or a process has been authenticated, the next step in security is to devise ways to prohibit the user or the process from accessing those resources/information that he or she or it is not authorized to access. • This issue is called authorization and is dealt with by using access control mechanisms. • Access control mechanisms used in distributed systems are basically the same as those used in centralized systems.
  • 22. • When talking about access control in computer systems, it is customary to use the following terms: 1. Objects 2.Subjects 3. Protection rules
  • 23. Protection domains • A domain is an abstract definition of a set of access rights. • It is defined as a set of pairs. • Each pair specifies an object and one or more operations that can be performed on the object. • Each one of the allowed operations is called a right.
  • 24. Design signature • A digital signature is basically a code, or a large number, that is unique for each message and to each message originator. • It is obtained by first processing the message with a hash function to obtain a small digest dependent on each bit of information in the message and then encrypting the digest by using the originator secret key.
  • 25. • A protocol based on a digital signature for ensuring message integrity works as follows: 1. A sender(A) computes the digest(D) of a message(M). It then encrypts the digest D by using its secret key(Sa) to obtain a cipertext C1=E(D,Sa). A signed message is then created that consists of the senders identifier, the message M in its plaintext form, and the ciphertext C1. 2. On receiving the signed message, the receiver decrypts C1 by using the public key of the sender to recover the digest D.
  • 26. Design principles • Based on their experience with Multics, Saltzer and Schroeder identified some design principles that can be used as a guide to designing secure systems. 1. Least privilage 2. Fail-safe defaults 3. Open design 4. Built in to the system 5.Check for current authority 6. Easy granting and revocation of access rights 7.Never trust other parties 8. Always ensure freshness of messages