Basics of Data Security and Cryptographic techniques
DrJAYAKRUSHNASAHOOII
15 views
25 slides
Aug 27, 2024
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
Data Security
Slide Content
Basics of Data Security
1
1
Threat
•Athreatisanypotentialdangertoinformationor
systems.
•Threatscouldbeanintrudernetworkthroughaport
onthefirewall,aprocessaccessingdatainawaythat
violatesthesecuritypolicy,atornadowipingouta
facility,oranemployeemakinganunintentional
mistakethatcouldexposeconfidentialinformationor
destroyafile’sintegrity.
2
•Athreatisanypotentialdangertoinformationor
systems.
•Threatscouldbeanintrudernetworkthroughaport
onthefirewall,aprocessaccessingdatainawaythat
violatesthesecuritypolicy,atornadowipingouta
facility,oranemployeemakinganunintentional
mistakethatcouldexposeconfidentialinformationor
destroyafile’sintegrity.
2
Common Data Threats
•Technical Data Threats
oHacking
oCracking
oMalware
oData Leakage
oCloud Computing
oAvailability Attacks
oAdvanced Persistent Threats (APT)
•Non-Technical Threats
oPhysical
oEnvironmental
oInsider Threat
oSocial Media
oDumpster Diving
oSocial Engineering
3
•Technical Data Threats
oHacking
oCracking
oMalware
oData Leakage
oCloud Computing
oAvailability Attacks
oAdvanced Persistent Threats (APT)
•Non-Technical Threats
oPhysical
oEnvironmental
oInsider Threat
oSocial Media
oDumpster Diving
oSocial Engineering
3
Vulnerability
•Avulnerabilityisaweaknessthatcanbeexploitedby
cybercriminalstogainunauthorizedaccesstoa
computersystem.
•Afterexploitingavulnerability,acyberattackcanrun
maliciouscode,installmalware,andevensteal
sensitivedata.
•Itexposesconfidential,sensitive,orprotected
informationtoanunauthorizedperson.Thefilesina
databreachareviewedand/orsharedwithout
permission.
4
•Avulnerabilityisaweaknessthatcanbeexploitedby
cybercriminalstogainunauthorizedaccesstoa
computersystem.
•Afterexploitingavulnerability,acyberattackcanrun
maliciouscode,installmalware,andevensteal
sensitivedata.
•Itexposesconfidential,sensitive,orprotected
informationtoanunauthorizedperson.Thefilesina
databreachareviewedand/orsharedwithout
permission.
4
Key security goals
•Confidentiality: Data not leaked
•Integrity: Data not modified
•Availability: Data is accessible when needed
•Authenticity: Data origin cannot be spoofed
5
•Confidentiality: Data not leaked
•Integrity: Data not modified
•Availability: Data is accessible when needed
•Authenticity: Data origin cannot be spoofed
5
Confidentiality
•Need to ensure that confidential data is only available
to correct people
•Need to ensure that the entire database is secure from
external and internal system breaches
•Need to provide reporting on who has accessed what
data and what they have done with it
•Mission critical and Legally sensitive data must be
highly security at the potential risk of lost business
and litigation
6
•Need to ensure that confidential data is only available
to correct people
•Need to ensure that the entire database is secure from
external and internal system breaches
•Need to provide reporting on who has accessed what
data and what they have done with it
•Mission critical and Legally sensitive data must be
highly security at the potential risk of lost business
and litigation
6
7
Confidentiality
•“Need to know” basisfor data access
–How do we know who needs what data?
Approach: accesscontrolspecifies whocan access what
–How do we know a user is the person she claims to be?
Need her identityand need to verifythis identity
Approach: identificationand authentication
•Analogously: “Needto access/use” basis for physical
assets
–E.g., access to a computer room, use of a desktop
•Confidentiality is:
–difficult to ensure
–easiestto assess in terms of success(binaryin nature:Yes / No)
Confidentiality
•“Need to know” basisfor data access
–How do we know who needs what data?
Approach: accesscontrolspecifies whocan access what
–How do we know a user is the person she claims to be?
Need her identityand need to verifythis identity
Approach: identificationand authentication
•Analogously: “Needto access/use” basis for physical
assets
–E.g., access to a computer room, use of a desktop
•Confidentiality is:
–difficult to ensure
–easiestto assess in terms of success(binaryin nature:Yes / No)
Integrity
•Needtoverifythatanyexternaldatahasthecorrect
formattingandothermetadata
•Needtoverifythatallinputdataisaccurateand
verifiable
•Needtoensurethatdataisfollowingthecorrect
workflowrulesforyourinstitution/corporation
•Needtobeabletoreportonalldatachangesandwho
authoredthemtoensurecompliancewithcorporate
rulesandprivacylaws.
8
•Needtoverifythatanyexternaldatahasthecorrect
formattingandothermetadata
•Needtoverifythatallinputdataisaccurateand
verifiable
•Needtoensurethatdataisfollowingthecorrect
workflowrulesforyourinstitution/corporation
•Needtobeabletoreportonalldatachangesandwho
authoredthemtoensurecompliancewithcorporate
rulesandprivacylaws.
8
Integrity
•Integrity vs. Confidentiality
–Concerned with unauthorized modificationof assets (= resources)
Confidentiality -concered with accessto assets
–Integrity is more difficult to measurethan confidentiality
Not binary–degrees of integrity
Context-dependent-means different things in different contexts
Could mean any subset ofthese asset properties:
{ precision / accuracy / currency / consistency /
meaningfulness / usefulness / ...}
•Types of integrity—an example
–Quote from a politician
–Preserve the quote (data integrity) but misattribute (origin
integrity)
•Integrity vs. Confidentiality
–Concerned with unauthorized modificationof assets (= resources)
Confidentiality -concered with accessto assets
–Integrity is more difficult to measurethan confidentiality
Not binary–degrees of integrity
Context-dependent-means different things in different contexts
Could mean any subset ofthese asset properties:
{ precision / accuracy / currency / consistency /
meaningfulness / usefulness / ...}
•Types of integrity—an example
–Quote from a politician
–Preserve the quote (data integrity) but misattribute (origin
integrity)
Availability
•Data needs to be available at all necessary times
•Data needs to be available to only the appropriate
users
•Need to be able to track who has access to and who
has accessed what data
10
•Data needs to be available at all necessary times
•Data needs to be available to only the appropriate
users
•Need to be able to track who has access to and who
has accessed what data
10
Availability
•We can say that an asset (resource)is availableif:
–Timely request response
–Fair allocation of resources (no starvation!)
–Fault tolerant (no total breakdown)
–Easy to use in the intended way
–Provides controlled concurrency (concurrency control,
deadlock control, ...)
•We can say that an asset (resource)is availableif:
–Timely request response
–Fair allocation of resources (no starvation!)
–Fault tolerant (no total breakdown)
–Easy to use in the intended way
–Provides controlled concurrency (concurrency control,
deadlock control, ...)
Authenticity
•Need to ensure that the data has been edited by an
authorized source
•Need to confirm that users accessing the system are
who they say they are
•Need to verify that all report requests are from
authorized users
•Need to verify that any outbound data is going to the
expected receiver
12
•Need to ensure that the data has been edited by an
authorized source
•Need to confirm that users accessing the system are
who they say they are
•Need to verify that all report requests are from
authorized users
•Need to verify that any outbound data is going to the
expected receiver
12
QUIZ
Determinewhichofthefollowingviolatestheprinciples
ofconfidentiality,integrity,and/oravailability(more
thanoneprinciplemaybeviolated).
1.RobincopiesAkhil’shomeassignmentsolution.
2.AkhilcrashesRobin’sComputer
3.TheBankemployeechangestheamountofthe
customer'scheckfromRs10000toRs100000
4.RobinmakesafakesignatureofAkhil.
5.Robinregistersthedomainname“iiitkottayam.ac.in"
butthisdomainisnotavailable.
Determinewhichofthefollowingviolatestheprinciples
ofconfidentiality,integrity,and/oravailability(more
thanoneprinciplemaybeviolated).
1.RobincopiesAkhil’shomeassignmentsolution.
2.AkhilcrashesRobin’sComputer
3.TheBankemployeechangestheamountofthe
customer'scheckfromRs10000toRs100000
4.RobinmakesafakesignatureofAkhil.
5.Robinregistersthedomainname“iiitkottayam.ac.in"
butthisdomainisnotavailable.
Basic Cryptographic Tools
•Encryption
•Message Authentication Codes
•Digital Signatures
14
•Encryption
•Message Authentication Codes
•Digital Signatures
14
•Cipher is a method for encrypting messages
•Encryption algorithms are standardized & published
•The key which is an input to the algorithm is secret
–Key is a string of numbers or characters
–If same key is used for encryption & decryption the algorithm is called
symmetric
–If different keys are used for encryption & decryption the algorithm is called
asymmetric
Encryption
Cipher
Plain Text
Encryption
Algorithm
Key A Key B
Cipher Text Plain Text
Decryption
Algorithm
•Encryption algorithms are standardized & published
•The key which is an input to the algorithm is secret
–Key is a string of numbers or characters
–If same key is used for encryption & decryption the algorithm is called
symmetric
–If different keys are used for encryption & decryption the algorithm is called
asymmetric
Encryption
Cipher
Plain Text
Encryption
Algorithm
Key A Key B
Cipher Text Plain Text
Decryption
Algorithm
Alittlemoreformally,encryptionconsistsofthe
followingthreeprotocols:
•KeyGen-akeygenerationalgorithmthatgenerates
thenecessarycryptographickeys,
•Enc(k;p)=c-anencryptionalgorithmthatusesa
keyktoscrambletheplaintextpintociphertextc,
•Dec(k;c)=p-adecryptionalgorithmthatusesthe
keyktorecovertheplaintextpfromtheciphertextc.
16
Encryption
followingthreeprotocols:
•KeyGen-akeygenerationalgorithmthatgenerates
thenecessarycryptographickeys,
•Enc(k;p)=c-anencryptionalgorithmthatusesa
keyktoscrambletheplaintextpintociphertextc,
•Dec(k;c)=p-adecryptionalgorithmthatusesthe
keyktorecovertheplaintextpfromtheciphertextc.
16
Encryption
17
Symmetric-key cryptography
Asymmetric-key cryptography
Symmetric-key cryptography
Asymmetric-key cryptography
Symmetric-key cryptography
•EX: AES,DES 3DES
•Advantages:
–Simple
–Faster
•Disadvantages:
–Key must exchanges in secure way
–Easy for hacker to get a key as it is passed in
unsecure way.
•EX: AES,DES 3DES
•Advantages:
–Simple
–Faster
•Disadvantages:
–Key must exchanges in secure way
–Easy for hacker to get a key as it is passed in
unsecure way.
Asymmetric Encryption
19
•Asymmetricencryptionusestwokeys,onetoencryptthedata,
andanotherkeytodecryptthedata.
•Thesekeysaregeneratedtogether
•OneisnamedaPublickeyandisdistributedfreely.Theother
isnamedasPrivateKeyanditiskepthidden.
•Both the Sender & Recipient has to share their Public Keys for
Encryption and has to use their Private Keys for Decryption.
19
•Asymmetricencryptionusestwokeys,onetoencryptthedata,
andanotherkeytodecryptthedata.
•Thesekeysaregeneratedtogether
•OneisnamedaPublickeyandisdistributedfreely.Theother
isnamedasPrivateKeyanditiskepthidden.
•Both the Sender & Recipient has to share their Public Keys for
Encryption and has to use their Private Keys for Decryption.
How it WORKS…….?
20
20
EX: RSA, Diffie-Hellman, Pretty Good Privacy
(PGP)
Advantages
1.More Secured
2.Authentication
Disadvantages
1.Relatively Complex
21
(PGP)
Advantages
1.More Secured
2.Authentication
Disadvantages
1.Relatively Complex
21
•Authentication is the process of validating the
identity of a user or the integrity of a piece of data.
•There are three technologies that provide
authentication
–Message Digests / Message Authentication Codes
–Digital Signatures
–Public Key Infrastructure
•There are two types of user authentication:
–Identity presented by a remote or application participating
in a session
–Sender’s identity is presented along with a message.
Authentication
Basics
identity of a user or the integrity of a piece of data.
•There are three technologies that provide
authentication
–Message Digests / Message Authentication Codes
–Digital Signatures
–Public Key Infrastructure
•There are two types of user authentication:
–Identity presented by a remote or application participating
in a session
–Sender’s identity is presented along with a message.
Authentication
Basics
•A message digest is a fingerprint for a document
•Purpose of the message digest is to provide proof that data
has not altered
•Process of generating a message digest from data is called
hashing
•Hash functions are one way functions with following
properties
–Infeasible to reverse the function
–Infeasible to construct two messages which hash to same digest
•Commonly used hash algorithms are
–MD5 –128 bit hashing algorithm by Ron Rivest of RSA
–SHA & SHA-1 –162 bit hashing algorithm developed by NIST
Authentication
Message Digests
Message
Message
Digest
Algorithm
Digest
•Purpose of the message digest is to provide proof that data
has not altered
•Process of generating a message digest from data is called
hashing
•Hash functions are one way functions with following
properties
–Infeasible to reverse the function
–Infeasible to construct two messages which hash to same digest
•Commonly used hash algorithms are
–MD5 –128 bit hashing algorithm by Ron Rivest of RSA
–SHA & SHA-1 –162 bit hashing algorithm developed by NIST
Authentication
Message Digests
Message
Message
Digest
Algorithm
Digest
•A message digest created with a key
•Creates security by requiring a secret key to be possessed by
both parties in order to retrieve the message
•HMAC, NMAC
Message Authentication Codes
Basics
Message
Message
Digest
Algorithm
Digest
Secret Key
•Creates security by requiring a secret key to be possessed by
both parties in order to retrieve the message
•HMAC, NMAC
Message Authentication Codes
Basics
Message
Message
Digest
Algorithm
Digest
Secret Key
•A digital signature is a data item which accompanies or is
logically associated with a digitally encoded message.
•It has two goals
–A guarantee of the source of the data
–Proof that the data has not been tampered with
Authentication
Digital Signatures
Message
Sent to
Receiver
Digest
Algorithm
Digital
Signature
Sent to
Receiver
Message
Digest
Sender’s
Private Key
Sender’s
Public Key
Message
Digest
Signature
Algorithm
Signature
Algorithm
Digest
Algorithm
Message
Digest
Sender Receiver
Same?
logically associated with a digitally encoded message.
•It has two goals
–A guarantee of the source of the data
–Proof that the data has not been tampered with
Authentication
Digital Signatures
Message
Sent to
Receiver
Digest
Algorithm
Digital
Signature
Sent to
Receiver
Message
Digest
Sender’s
Private Key
Sender’s
Public Key
Message
Digest
Signature
Algorithm
Signature
Algorithm
Digest
Algorithm
Message
Digest
Sender Receiver
Same?
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 15
- Slides 25
- Age 464 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views