SlideShare a Scribd company logo

engineering cryptography 21ECE73 Module-3 (2).pptx

Download as PPT, PDF
S
shaziasulthana2

engineering cryptography 21ECE73 Module-3 (2).pptx

Engineering
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
NETWORK SECURITY (06EC832) NETWORK SECURITY (06EC832) PART - A PART - A UNIT – 1: (CH1) UNIT – 1: (CH1) Services, mechanisms and attacks, The OSI security architecture, Services, mechanisms and attacks, The OSI security architecture, A model for network security. A model for network security. 3 Hours 3 Hours UNIT – 2: (CH2, CH3, CH5) UNIT – 2: (CH2, CH3, CH5) SYMMETRIC CIPHERS: SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Symmetric Cipher Model, Substitution Techniques, Transposition Techniques, Simplified DES, Data Techniques, Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of DES, Differential and encryption standard (DES), The strength of DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes Linear Cryptanalysis, Block Cipher Design Principles and Modes of Operation, Evaluation Criteria for Advanced Encryption of Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher. Standard, The AES Cipher. 9 Hours 9 Hours
UNIT – 3: (CH9, CH10, CH11) UNIT – 3: (CH9, CH10, CH11) Principles of Public-Key Cryptosystems, The RSA algorithm, Key Principles of Public-Key Cryptosystems, The RSA algorithm, Key Management, Diffie - Hellman Key Exchange, Elliptic Curve Management, Diffie - Hellman Key Exchange, Elliptic Curve Arithmetic, Authentication functions, Hash Functions. Arithmetic, Authentication functions, Hash Functions. 8 Hours 8 Hours UNIT – 4: (CH13) UNIT – 4: (CH13) Digital signatures, Authentication Protocols, Digital Signature Digital signatures, Authentication Protocols, Digital Signature Standard. Standard. 7 Hours 7 Hours PART B PART B UNIT – 5: (CH17) UNIT – 5: (CH17) Web Security Consideration, Security socket layer (SSL) and Web Security Consideration, Security socket layer (SSL) and Transport layer security, Secure Electronic Transaction. 6 Hours Transport layer security, Secure Electronic Transaction. 6 Hours
UNIT – 6: (CH18) UNIT – 6: (CH18) Intruders, Intrusion Detection, Password Management. 6 Hours Intruders, Intrusion Detection, Password Management. 6 Hours UNIT – 7: (CH19) UNIT – 7: (CH19) MALICIOUS SOFTWARE: Viruses and Related Threats, Virus MALICIOUS SOFTWARE: Viruses and Related Threats, Virus Countermeasures. Countermeasures. 6 Hours 6 Hours UNIT – 8: (CH20) UNIT – 8: (CH20) Firewalls Design Principles, Trusted Systems. Firewalls Design Principles, Trusted Systems. 7 Hours 7 Hours TEXT BOOK: TEXT BOOK: 1. Cryptography and Network Security, William Stalling, Pearson 1. Cryptography and Network Security, William Stalling, Pearson Education, 2003. Education, 2003. REFERENCE BOOKS: REFERENCE BOOKS: 1. Cryptography and Network Security, Behrouz A. Forouzan, 1. Cryptography and Network Security, Behrouz A. Forouzan, TMH, 2007. TMH, 2007. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003.
Cryptography and Cryptography and Network Security Network Security Chapter 1 – Introduction Chapter 1 – Introduction
 An original message is know as the An original message is know as the Plaintext Plaintext. .  Coded message is called the Coded message is called the Ciphertext Ciphertext. .  The process of converting from Plaintext to Ciphertext is known The process of converting from Plaintext to Ciphertext is known as as enciphering or encryption enciphering or encryption. .  Restoring the plaintext from the Ciphertext is Restoring the plaintext from the Ciphertext is deciphering or deciphering or decryption. decryption.  The many schemes used for enciphering constitute the area of The many schemes used for enciphering constitute the area of study know as study know as Cryptography. Cryptography.  Such a scheme is known as Such a scheme is known as Cryptographic System or Cryptographic System or Cipher Cipher. .  Techniques used for deciphering a message without any Techniques used for deciphering a message without any knowledge of the enciphering details fall into the area of knowledge of the enciphering details fall into the area of Crypto-analysis Crypto-analysis( Breaking the code). ( Breaking the code).  The areas of cryptography and cryptanalysis together are called The areas of cryptography and cryptanalysis together are called Cryptology. Cryptology.
Background Background  Information Security requirements have changed Information Security requirements have changed in recent times in recent times  traditionally provided by physical and traditionally provided by physical and administrative mechanisms administrative mechanisms  computer use requires computer use requires automated tools to automated tools to protect files and other stored information protect files and other stored information  use of networks and communications links use of networks and communications links requires measures to protect data during requires measures to protect data during transmission transmission
Definitions Definitions  Computer Security Computer Security - - generic name for the generic name for the collection of tools designed to protect data and collection of tools designed to protect data and to thwart hackers to thwart hackers  Network Security Network Security - - measures to protect data measures to protect data during their transmission during their transmission  Internet Security Internet Security - - measures to protect data measures to protect data during their transmission over a collection of during their transmission over a collection of interconnected networks interconnected networks
Aim Aim  our focus is on our focus is on Internet Security Internet Security  which consists of measures to prevent, which consists of measures to prevent, detect, and correct security violations that detect, and correct security violations that involve the transmission & storage of involve the transmission & storage of information information
Services, Mechanisms, and Attacks Services, Mechanisms, and Attacks Security attack Security attack: Any action that compromises the security of : Any action that compromises the security of information owned by an organization. information owned by an organization. Security mechanism Security mechanism: A mechanism that is designed to detect, : A mechanism that is designed to detect, prevent, or recover from a security attack. prevent, or recover from a security attack. Security service Security service: A service that enhances the security of the : A service that enhances the security of the data processing systems and the information transfers of an data processing systems and the information transfers of an organization. The services are intended to counter security organization. The services are intended to counter security attacks, and they make use of one or more security attacks, and they make use of one or more security mechanisms to provide the service. mechanisms to provide the service.
A partial List of common information integrity A partial List of common information integrity functions functions  Identification Identification  Authorization Authorization  License and/or certification License and/or certification  Signature Signature  Witnessing Witnessing  Concurrence Concurrence  Liability Liability  Receipts Receipts  Certification of origination Certification of origination and/or receipt and/or receipt  Endorsement Endorsement  Access Access  Validation Validation  Time of occurrence Time of occurrence  Authenticity Authenticity  Vote  Ownership  Registration  Approval/ disapproval  privacy
OSI Security Architecture OSI Security Architecture  ITU-T X.800 “Security Architecture for OSI” ITU-T X.800 “Security Architecture for OSI”  defines a systematic way of defining and defines a systematic way of defining and providing security requirements providing security requirements  It provides a useful, abstract and overview It provides a useful, abstract and overview of concepts. of concepts.
Aspects of Security Aspects of Security  consider 3 aspects of information security: consider 3 aspects of information security:  Security attack Security attack  Security mechanism Security mechanism  Security service Security service
Security Attack Security Attack  any action that compromises the security of any action that compromises the security of information owned by an organization information owned by an organization  information security is about how to prevent information security is about how to prevent attacks, or failing that, to detect attacks on attacks, or failing that, to detect attacks on information-based systems information-based systems  often often threat threat & & attack attack used to mean same thing used to mean same thing  have a wide range of attacks have a wide range of attacks  can focus of generic types of attacks can focus of generic types of attacks  Passive Passive  Active Active
Passive Attacks Passive Attacks Two types of passive attacks are • Release of message contents • Traffic analysis
Active Attacks Active Attacks • Masquerade • Replay • Modification of messages • Denial of service
 A A masquerade masquerade takes place when one entity pretends to be a takes place when one entity pretends to be a different entity. For example, authentication sequences can be different entity. For example, authentication sequences can be captured and replayed after a valid authentication sequence captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few has taken place, thus enabling an authorized entity with few privileges by impersonating an entity that has those privileges. privileges by impersonating an entity that has those privileges.  Replay Replay involves the passive capture of a data unit and its involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. subsequent retransmission to produce an unauthorized effect.  Modification of messages Modification of messages simply means that some portion of simply means that some portion of a legitimate message is altered, or that messages are delayed a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. or reordered, to produce an unauthorized effect.  The The denial of service denial of service prevents or inhibits the normal use or prevents or inhibits the normal use or management of communications facilities. management of communications facilities.
Security Mechanism Security Mechanism  feature designed to detect, prevent, or feature designed to detect, prevent, or recover from a security attack recover from a security attack  no single mechanism that will support all no single mechanism that will support all services required services required  however however one particular element underlies one particular element underlies many of the security mechanisms in use: many of the security mechanisms in use:  cryptographic techniques cryptographic techniques  hence our focus on this topic hence our focus on this topic
Security Mechanisms (X.800) Security Mechanisms (X.800)  specific security mechanisms: specific security mechanisms:  encipherment, digital signatures, access encipherment, digital signatures, access controls, data integrity, authentication controls, data integrity, authentication exchange, traffic padding, routing control, exchange, traffic padding, routing control, notarization notarization  pervasive security mechanisms: pervasive security mechanisms:  trusted functionality, security labels, event trusted functionality, security labels, event detection, security audit trails, security detection, security audit trails, security recovery recovery
Security Service Security Service  enhance security of data processing systems enhance security of data processing systems and information transfers of an organization and information transfers of an organization  intended to counter security attacks intended to counter security attacks
Security Services Security Services  X.800: X.800: “ “a service provided by a protocol layer of a service provided by a protocol layer of communicating open systems, which ensures communicating open systems, which ensures adequate security of the systems or of data adequate security of the systems or of data transfers” transfers”  RFC 2828: RFC 2828: “ “a processing or communication service a processing or communication service provided by a system to give a specific kind of provided by a system to give a specific kind of protection to system resources” protection to system resources”
Security Services (X.800) Security Services (X.800)  Authentication Authentication - - assurance that the assurance that the communicating entity is the one claimed communicating entity is the one claimed  Access Control Access Control - - prevention of the prevention of the unauthorized use of a resource unauthorized use of a resource  Data Confidentiality Data Confidentiality – –protection of data from protection of data from unauthorized disclosure unauthorized disclosure  Data Integrity Data Integrity - - assurance that data received is assurance that data received is as sent by an authorized entity as sent by an authorized entity  Non-Repudiation Non-Repudiation - - protection against denial by protection against denial by one of the parties in a communication one of the parties in a communication
Model for Network Security Model for Network Security
Model for Network Security Model for Network Security  using this model requires us to: using this model requires us to: 1. 1. design a suitable algorithm for the security design a suitable algorithm for the security transformation transformation 2. 2. generate the secret information (keys) used generate the secret information (keys) used by the algorithm by the algorithm 3. 3. develop methods to distribute and share the develop methods to distribute and share the secret information secret information 4. 4. specify a protocol enabling the principals to specify a protocol enabling the principals to use the transformation and secret use the transformation and secret information for a security service information for a security service
Model for Network Access Model for Network Access Security Security
Model for Network Access Model for Network Access Security Security  using this model requires us to: using this model requires us to: 1. 1. select appropriate gatekeeper functions to select appropriate gatekeeper functions to identify users identify users 2. 2. implement security controls to ensure only implement security controls to ensure only authorised users access designated authorised users access designated information or resources information or resources  trusted computer systems may be useful trusted computer systems may be useful to help implement this model to help implement this model
Summary Summary  have considered: have considered:  definitions for: definitions for: • computer, network, internet security computer, network, internet security  X.800 standard X.800 standard  security attacks, services, mechanisms security attacks, services, mechanisms  models for network (access) security models for network (access) security

More Related Content

PDF
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
PPT
Network Security 1st Lecture
babak danyal
 
PPTX
Introduction of network security
sneha padhiar
 
PPT
1 network securityIntroduction - MSC.ppt
bilqesahmed608
 
PPTX
I MSc CS CNS Day 1.pptx
Arumugam90
 
PPTX
Security Model
Sou Jana
 
PDF
CRYPTOGRAPHY & NETWORK SECURITY
Jyothishmathi Institute of Technology and Science Karimnagar
 
PPTX
Lecture one Network Security Introduction.pptx
AreebaSaeed18
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
Network Security 1st Lecture
babak danyal
 
Introduction of network security
sneha padhiar
 
1 network securityIntroduction - MSC.ppt
bilqesahmed608
 
I MSc CS CNS Day 1.pptx
Arumugam90
 
Security Model
Sou Jana
 
CRYPTOGRAPHY & NETWORK SECURITY
Jyothishmathi Institute of Technology and Science Karimnagar
 
Lecture one Network Security Introduction.pptx
AreebaSaeed18
 

Similar to engineering cryptography 21ECE73 Module-3 (2).pptx (20)

PPT
Ch01
Joe Christensen
 
DOCX
CCS354-NETWORK SECURITY-network-security notes
Kirubaburi R
 
PDF
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
PDF
IS-Intro.pdf
wdwd10
 
PPTX
Cyber security
JahirUddinKomol
 
PPTX
It is about the computer networks and security concepts
kavyanallana1508
 
PPT
ch01_nemo-Pendahuluan.ppt
YusufYusufKurniawan
 
PDF
cnsunit1-slide-220111071646 (1).pdf
RiyaSonawane
 
PPTX
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 
PPTX
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
Nune SrinivasRao
 
PPT
ch1-1.ppt
NayyabMirTahir
 
PPT
Module-1.ppt cryptography and network security
AparnaSunil24
 
PPT
Intro
JustineJohn3
 
PPT
Network Security
Vipul Mosaic
 
PPTX
Chapter- I introduction
Dr.Florence Dayana
 
PDF
Chapter-I introduction
Dr.Florence Dayana
 
PPT
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
tahirnaquash2
 
PDF
Meeting 15. network security
Syaiful Ahdan
 
PPT
Chapter 1.ppt
Tamer Nadeem
 
PPT
computer architecture.ppt
Pandiya Rajan
 
Ch01
Joe Christensen
 
CCS354-NETWORK SECURITY-network-security notes
Kirubaburi R
 
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
IS-Intro.pdf
wdwd10
 
Cyber security
JahirUddinKomol
 
It is about the computer networks and security concepts
kavyanallana1508
 
ch01_nemo-Pendahuluan.ppt
YusufYusufKurniawan
 
cnsunit1-slide-220111071646 (1).pdf
RiyaSonawane
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
Nune SrinivasRao
 
ch1-1.ppt
NayyabMirTahir
 
Module-1.ppt cryptography and network security
AparnaSunil24
 
Intro
JustineJohn3
 
Network Security
Vipul Mosaic
 
Chapter- I introduction
Dr.Florence Dayana
 
Chapter-I introduction
Dr.Florence Dayana
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
tahirnaquash2
 
Meeting 15. network security
Syaiful Ahdan
 
Chapter 1.ppt
Tamer Nadeem
 
computer architecture.ppt
Pandiya Rajan
 
Ad

Recently uploaded (20)

PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PDF
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PPTX
web development for engineering and engineering
keshriji700
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PDF
Well-logging-methods_new................
ZafriFarid
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
web development for engineering and engineering
keshriji700
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
Well-logging-methods_new................
ZafriFarid
 
Ad

engineering cryptography 21ECE73 Module-3 (2).pptx

  • 1. NETWORK SECURITY (06EC832) NETWORK SECURITY (06EC832) PART - A PART - A UNIT – 1: (CH1) UNIT – 1: (CH1) Services, mechanisms and attacks, The OSI security architecture, Services, mechanisms and attacks, The OSI security architecture, A model for network security. A model for network security. 3 Hours 3 Hours UNIT – 2: (CH2, CH3, CH5) UNIT – 2: (CH2, CH3, CH5) SYMMETRIC CIPHERS: SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Symmetric Cipher Model, Substitution Techniques, Transposition Techniques, Simplified DES, Data Techniques, Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of DES, Differential and encryption standard (DES), The strength of DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes Linear Cryptanalysis, Block Cipher Design Principles and Modes of Operation, Evaluation Criteria for Advanced Encryption of Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher. Standard, The AES Cipher. 9 Hours 9 Hours
  • 2. UNIT – 3: (CH9, CH10, CH11) UNIT – 3: (CH9, CH10, CH11) Principles of Public-Key Cryptosystems, The RSA algorithm, Key Principles of Public-Key Cryptosystems, The RSA algorithm, Key Management, Diffie - Hellman Key Exchange, Elliptic Curve Management, Diffie - Hellman Key Exchange, Elliptic Curve Arithmetic, Authentication functions, Hash Functions. Arithmetic, Authentication functions, Hash Functions. 8 Hours 8 Hours UNIT – 4: (CH13) UNIT – 4: (CH13) Digital signatures, Authentication Protocols, Digital Signature Digital signatures, Authentication Protocols, Digital Signature Standard. Standard. 7 Hours 7 Hours PART B PART B UNIT – 5: (CH17) UNIT – 5: (CH17) Web Security Consideration, Security socket layer (SSL) and Web Security Consideration, Security socket layer (SSL) and Transport layer security, Secure Electronic Transaction. 6 Hours Transport layer security, Secure Electronic Transaction. 6 Hours
  • 3. UNIT – 6: (CH18) UNIT – 6: (CH18) Intruders, Intrusion Detection, Password Management. 6 Hours Intruders, Intrusion Detection, Password Management. 6 Hours UNIT – 7: (CH19) UNIT – 7: (CH19) MALICIOUS SOFTWARE: Viruses and Related Threats, Virus MALICIOUS SOFTWARE: Viruses and Related Threats, Virus Countermeasures. Countermeasures. 6 Hours 6 Hours UNIT – 8: (CH20) UNIT – 8: (CH20) Firewalls Design Principles, Trusted Systems. Firewalls Design Principles, Trusted Systems. 7 Hours 7 Hours TEXT BOOK: TEXT BOOK: 1. Cryptography and Network Security, William Stalling, Pearson 1. Cryptography and Network Security, William Stalling, Pearson Education, 2003. Education, 2003. REFERENCE BOOKS: REFERENCE BOOKS: 1. Cryptography and Network Security, Behrouz A. Forouzan, 1. Cryptography and Network Security, Behrouz A. Forouzan, TMH, 2007. TMH, 2007. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003.
  • 4. Cryptography and Cryptography and Network Security Network Security Chapter 1 – Introduction Chapter 1 – Introduction
  • 5.  An original message is know as the An original message is know as the Plaintext Plaintext. .  Coded message is called the Coded message is called the Ciphertext Ciphertext. .  The process of converting from Plaintext to Ciphertext is known The process of converting from Plaintext to Ciphertext is known as as enciphering or encryption enciphering or encryption. .  Restoring the plaintext from the Ciphertext is Restoring the plaintext from the Ciphertext is deciphering or deciphering or decryption. decryption.  The many schemes used for enciphering constitute the area of The many schemes used for enciphering constitute the area of study know as study know as Cryptography. Cryptography.  Such a scheme is known as Such a scheme is known as Cryptographic System or Cryptographic System or Cipher Cipher. .  Techniques used for deciphering a message without any Techniques used for deciphering a message without any knowledge of the enciphering details fall into the area of knowledge of the enciphering details fall into the area of Crypto-analysis Crypto-analysis( Breaking the code). ( Breaking the code).  The areas of cryptography and cryptanalysis together are called The areas of cryptography and cryptanalysis together are called Cryptology. Cryptology.
  • 6. Background Background  Information Security requirements have changed Information Security requirements have changed in recent times in recent times  traditionally provided by physical and traditionally provided by physical and administrative mechanisms administrative mechanisms  computer use requires computer use requires automated tools to automated tools to protect files and other stored information protect files and other stored information  use of networks and communications links use of networks and communications links requires measures to protect data during requires measures to protect data during transmission transmission
  • 7. Definitions Definitions  Computer Security Computer Security - - generic name for the generic name for the collection of tools designed to protect data and collection of tools designed to protect data and to thwart hackers to thwart hackers  Network Security Network Security - - measures to protect data measures to protect data during their transmission during their transmission  Internet Security Internet Security - - measures to protect data measures to protect data during their transmission over a collection of during their transmission over a collection of interconnected networks interconnected networks
  • 8. Aim Aim  our focus is on our focus is on Internet Security Internet Security  which consists of measures to prevent, which consists of measures to prevent, detect, and correct security violations that detect, and correct security violations that involve the transmission & storage of involve the transmission & storage of information information
  • 9. Services, Mechanisms, and Attacks Services, Mechanisms, and Attacks Security attack Security attack: Any action that compromises the security of : Any action that compromises the security of information owned by an organization. information owned by an organization. Security mechanism Security mechanism: A mechanism that is designed to detect, : A mechanism that is designed to detect, prevent, or recover from a security attack. prevent, or recover from a security attack. Security service Security service: A service that enhances the security of the : A service that enhances the security of the data processing systems and the information transfers of an data processing systems and the information transfers of an organization. The services are intended to counter security organization. The services are intended to counter security attacks, and they make use of one or more security attacks, and they make use of one or more security mechanisms to provide the service. mechanisms to provide the service.
  • 10. A partial List of common information integrity A partial List of common information integrity functions functions  Identification Identification  Authorization Authorization  License and/or certification License and/or certification  Signature Signature  Witnessing Witnessing  Concurrence Concurrence  Liability Liability  Receipts Receipts  Certification of origination Certification of origination and/or receipt and/or receipt  Endorsement Endorsement  Access Access  Validation Validation  Time of occurrence Time of occurrence  Authenticity Authenticity  Vote  Ownership  Registration  Approval/ disapproval  privacy
  • 11. OSI Security Architecture OSI Security Architecture  ITU-T X.800 “Security Architecture for OSI” ITU-T X.800 “Security Architecture for OSI”  defines a systematic way of defining and defines a systematic way of defining and providing security requirements providing security requirements  It provides a useful, abstract and overview It provides a useful, abstract and overview of concepts. of concepts.
  • 12. Aspects of Security Aspects of Security  consider 3 aspects of information security: consider 3 aspects of information security:  Security attack Security attack  Security mechanism Security mechanism  Security service Security service
  • 13. Security Attack Security Attack  any action that compromises the security of any action that compromises the security of information owned by an organization information owned by an organization  information security is about how to prevent information security is about how to prevent attacks, or failing that, to detect attacks on attacks, or failing that, to detect attacks on information-based systems information-based systems  often often threat threat & & attack attack used to mean same thing used to mean same thing  have a wide range of attacks have a wide range of attacks  can focus of generic types of attacks can focus of generic types of attacks  Passive Passive  Active Active
  • 14. Passive Attacks Passive Attacks Two types of passive attacks are • Release of message contents • Traffic analysis
  • 15. Active Attacks Active Attacks • Masquerade • Replay • Modification of messages • Denial of service
  • 16.  A A masquerade masquerade takes place when one entity pretends to be a takes place when one entity pretends to be a different entity. For example, authentication sequences can be different entity. For example, authentication sequences can be captured and replayed after a valid authentication sequence captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few has taken place, thus enabling an authorized entity with few privileges by impersonating an entity that has those privileges. privileges by impersonating an entity that has those privileges.  Replay Replay involves the passive capture of a data unit and its involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. subsequent retransmission to produce an unauthorized effect.  Modification of messages Modification of messages simply means that some portion of simply means that some portion of a legitimate message is altered, or that messages are delayed a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. or reordered, to produce an unauthorized effect.  The The denial of service denial of service prevents or inhibits the normal use or prevents or inhibits the normal use or management of communications facilities. management of communications facilities.
  • 17. Security Mechanism Security Mechanism  feature designed to detect, prevent, or feature designed to detect, prevent, or recover from a security attack recover from a security attack  no single mechanism that will support all no single mechanism that will support all services required services required  however however one particular element underlies one particular element underlies many of the security mechanisms in use: many of the security mechanisms in use:  cryptographic techniques cryptographic techniques  hence our focus on this topic hence our focus on this topic
  • 18. Security Mechanisms (X.800) Security Mechanisms (X.800)  specific security mechanisms: specific security mechanisms:  encipherment, digital signatures, access encipherment, digital signatures, access controls, data integrity, authentication controls, data integrity, authentication exchange, traffic padding, routing control, exchange, traffic padding, routing control, notarization notarization  pervasive security mechanisms: pervasive security mechanisms:  trusted functionality, security labels, event trusted functionality, security labels, event detection, security audit trails, security detection, security audit trails, security recovery recovery
  • 19. Security Service Security Service  enhance security of data processing systems enhance security of data processing systems and information transfers of an organization and information transfers of an organization  intended to counter security attacks intended to counter security attacks
  • 20. Security Services Security Services  X.800: X.800: “ “a service provided by a protocol layer of a service provided by a protocol layer of communicating open systems, which ensures communicating open systems, which ensures adequate security of the systems or of data adequate security of the systems or of data transfers” transfers”  RFC 2828: RFC 2828: “ “a processing or communication service a processing or communication service provided by a system to give a specific kind of provided by a system to give a specific kind of protection to system resources” protection to system resources”
  • 21. Security Services (X.800) Security Services (X.800)  Authentication Authentication - - assurance that the assurance that the communicating entity is the one claimed communicating entity is the one claimed  Access Control Access Control - - prevention of the prevention of the unauthorized use of a resource unauthorized use of a resource  Data Confidentiality Data Confidentiality – –protection of data from protection of data from unauthorized disclosure unauthorized disclosure  Data Integrity Data Integrity - - assurance that data received is assurance that data received is as sent by an authorized entity as sent by an authorized entity  Non-Repudiation Non-Repudiation - - protection against denial by protection against denial by one of the parties in a communication one of the parties in a communication
  • 22. Model for Network Security Model for Network Security
  • 23. Model for Network Security Model for Network Security  using this model requires us to: using this model requires us to: 1. 1. design a suitable algorithm for the security design a suitable algorithm for the security transformation transformation 2. 2. generate the secret information (keys) used generate the secret information (keys) used by the algorithm by the algorithm 3. 3. develop methods to distribute and share the develop methods to distribute and share the secret information secret information 4. 4. specify a protocol enabling the principals to specify a protocol enabling the principals to use the transformation and secret use the transformation and secret information for a security service information for a security service
  • 24. Model for Network Access Model for Network Access Security Security
  • 25. Model for Network Access Model for Network Access Security Security  using this model requires us to: using this model requires us to: 1. 1. select appropriate gatekeeper functions to select appropriate gatekeeper functions to identify users identify users 2. 2. implement security controls to ensure only implement security controls to ensure only authorised users access designated authorised users access designated information or resources information or resources  trusted computer systems may be useful trusted computer systems may be useful to help implement this model to help implement this model
  • 26. Summary Summary  have considered: have considered:  definitions for: definitions for: • computer, network, internet security computer, network, internet security  X.800 standard X.800 standard  security attacks, services, mechanisms security attacks, services, mechanisms  models for network (access) security models for network (access) security

Editor's Notes

  • #4: Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 4/e, by William Stallings, Chapter 1 “Introduction”.
  • #6: The requirements of information security within an organization have undergone two major changes in the last several decades. Before the widespread use of data processing equipment,the security of information felt to be valuable to an organization was provided primarily by physical (eg. rugged filing cabinets with locks) and administrative mechanisms (eg. Personnel screening procedures during hiring process). Growing computer use implies a need for automated tools for protecting files and other information stored on it. This is especially the case for a shared system, such as a time-sharing system, and even more so for systems that can be accessed over a public telephone network, data network, or the Internet. The second major change that affected security is the introduction of distributed systems and the use of networks and communications facilities for carrying data between terminal user and computer and between computer and computer. Network security measures are needed to protect data during their transmission.
  • #7: Here are some key definitions, note boundaries between them are blurred.
  • #8: Detail the focus of this book/course, which is on Internet Security - being measures to deter, prevent, detect, and correct security violations that involve the transmission & storage of information.
  • #11: To assess effectively the security needs of an organization and to evaluate and choose various security products and policies, the manager responsible for security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. This is difficult enough in a centralized data processing environment; with the use of local and wide area networks,the problems are compounded. ITU-T Recommendation X.800, Security Architecture for OSI, defines such a systematic approach. The OSI security architecture is useful to managers as a way of organizing the task of providing security.
  • #12: The OSI security architecture focuses on security attacks,mechanisms,and services. These can be defined briefly as follows: • Security attack: Any action that compromises the security of information owned by an organization. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent,or recover from a security attack. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization.The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.
  • #13: Expand on definition and use of “security attack”, as detailed above. See Stallings Table 1.1 for definitions of threat and attack.
  • #14: Have “passive attacks” which attempt to learn or make use of information from the system but does not affect system resources. By eavesdropping on, or monitoring of, transmissions to: + obtain message contents (as shown above in Stallings Figure 1.3a), or + monitor traffic flows Are difficult to detect because they do not involve any alteration of the data.
  • #15: Also have “active attacks” which attempt to alter system resources or affect their operation. By modification of data stream to: + masquerade of one entity as some other + replay previous messages (as shown above in Stallings Figure 1.4b) + modify messages in transit + denial of service Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical,software,and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them.
  • #17: Now introduce “Security Mechanism” which are the specific means of implementing one or more security services. Note these mechanisms span a wide range of technical components, but one aspect seen in many is the use of cryptographic techniques.
  • #18: Some examples of mechanisms from X.800. Note that the “specific security mechanisms” are protocol layer specific, whilst the “pervasive security mechanisms” are not. We will meet some of these mechanisms in much greater detail later. See Stallings Table 1.3 for details of these mechanisms in X.800, and Table 1.4 for the relationship between services and mechanisms.
  • #19: Consider the role of a security service, and what may be required. Note both similarities and differences with traditional paper documents, which for example: have signatures & dates; need protection from disclosure, tampering, or destruction; may be notarized or witnessed; may be recorded or licensed
  • #20: Also have a couple of definition of “security services” from relevant standards. X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. Perhaps a clearer definition is found in RFC 2828, which provides the following definition: a processing or communication service that is provided by a system to give a specific kind of protection to system resources; security services implement security policies and are implemented by security mechanisms.
  • #21: This list includes the various "classic" security services which are traditionally discussed. Note there is a degree of ambiguity as to the meaning of these terms, and overlap in their use. See Stallings Table 1.2 for details of the 5 Security Service categories and the 14 specific services given in X.800.
  • #22: In considering the place of encryption, its useful to use the following two models from Stallings section 1.6. The first, illustrated in Figure 1.5, models information flowing over an insecure communications channel, in the presence of possible opponents. Hence an appropriate security transform (encryption algorithm) can be used, with suitable keys, possibly negotiated using the presence of a trusted third party.
  • #23: This general model shows that there are four basic tasks in designing a particular security service, as listed.
  • #24: The second, illustrated in Figure 1.6, model is concerned with controlled access to information or resources on a computer system, in the presence of possible opponents. Here appropriate controls are needed on the access and within the system, to provide suitable security. Some cryptographic techniques are useful here also.
  • #25: Detail here the tasks needed to use this model. Note that trusted computer systems (discussed in Ch 20 can be useful here).
  • #26: Chapter 1 summary.