ch01.ppt University of Education Lahore D
MuhammadShan87
19 views
26 slides
Oct 05, 2024
Slide 1 of 26
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
About This Presentation
Cyber Security Of Crypto Graphy
University of Education Lahore Pakistan
Slide Content
Cryptography and Cryptography and
Network SecurityNetwork Security
Chapter 1Chapter 1
by William Stallingsby William Stallings
Network SecurityNetwork Security
Chapter 1Chapter 1
by William Stallingsby William Stallings
Chapter 1 – IntroductionChapter 1 – Introduction
The art of war teaches us to rely not on the The art of war teaches us to rely not on the
likelihood of the enemy's not coming, but likelihood of the enemy's not coming, but
on our own readiness to receive him; not on our own readiness to receive him; not
on the chance of his not attacking, but on the chance of his not attacking, but
rather on the fact that we have made our rather on the fact that we have made our
position unassailable. position unassailable.
——The Art of War, The Art of War, Sun TzuSun Tzu
The art of war teaches us to rely not on the The art of war teaches us to rely not on the
likelihood of the enemy's not coming, but likelihood of the enemy's not coming, but
on our own readiness to receive him; not on our own readiness to receive him; not
on the chance of his not attacking, but on the chance of his not attacking, but
rather on the fact that we have made our rather on the fact that we have made our
position unassailable. position unassailable.
——The Art of War, The Art of War, Sun TzuSun Tzu
BackgroundBackground
Information Security requirements have changed Information Security requirements have changed
in recent timesin recent times
traditionally provided by physical and traditionally provided by physical and
administrative mechanismsadministrative mechanisms
computer use requires computer use requires automated tools to automated tools to
protect files and other stored informationprotect files and other stored information
use of networks and communications links use of networks and communications links
requires measures to protect data during requires measures to protect data during
transmissiontransmission
Information Security requirements have changed Information Security requirements have changed
in recent timesin recent times
traditionally provided by physical and traditionally provided by physical and
administrative mechanismsadministrative mechanisms
computer use requires computer use requires automated tools to automated tools to
protect files and other stored informationprotect files and other stored information
use of networks and communications links use of networks and communications links
requires measures to protect data during requires measures to protect data during
transmissiontransmission
DefinitionsDefinitions
Computer SecurityComputer Security - - generic name for the generic name for the
collection of tools designed to protect data from collection of tools designed to protect data from
hackershackers
Network SecurityNetwork Security - - measures to protect data measures to protect data
during their transmissionduring their transmission
Internet SecurityInternet Security - - measures to protect data measures to protect data
during their transmission over a collection of during their transmission over a collection of
interconnected networksinterconnected networks
Computer SecurityComputer Security - - generic name for the generic name for the
collection of tools designed to protect data from collection of tools designed to protect data from
hackershackers
Network SecurityNetwork Security - - measures to protect data measures to protect data
during their transmissionduring their transmission
Internet SecurityInternet Security - - measures to protect data measures to protect data
during their transmission over a collection of during their transmission over a collection of
interconnected networksinterconnected networks
Aim of CourseAim of Course
our focus is on our focus is on Internet SecurityInternet Security
which consists of measures to deter, which consists of measures to deter,
prevent, detect, and correct security prevent, detect, and correct security
violations that involve the transmission & violations that involve the transmission &
storage of informationstorage of information
our focus is on our focus is on Internet SecurityInternet Security
which consists of measures to deter, which consists of measures to deter,
prevent, detect, and correct security prevent, detect, and correct security
violations that involve the transmission & violations that involve the transmission &
storage of informationstorage of information
Security TrendsSecurity Trends
OSI Security ArchitectureOSI Security Architecture
ITU-T X.800 “Security Architecture for OSI”ITU-T X.800 “Security Architecture for OSI”
defines a systematic way of defining and defines a systematic way of defining and
providing security requirementsproviding security requirements
for us it provides a useful, if abstract, for us it provides a useful, if abstract,
overview of concepts we will studyoverview of concepts we will study
ITU-T X.800 “Security Architecture for OSI”ITU-T X.800 “Security Architecture for OSI”
defines a systematic way of defining and defines a systematic way of defining and
providing security requirementsproviding security requirements
for us it provides a useful, if abstract, for us it provides a useful, if abstract,
overview of concepts we will studyoverview of concepts we will study
Aspects of SecurityAspects of Security
consider 3 aspects of information security:consider 3 aspects of information security:
security attacksecurity attack
security mechanismsecurity mechanism
security servicesecurity service
consider 3 aspects of information security:consider 3 aspects of information security:
security attacksecurity attack
security mechanismsecurity mechanism
security servicesecurity service
Security AttackSecurity Attack
any action that compromises the security of any action that compromises the security of
information owned by an organizationinformation owned by an organization
information security is about how to prevent information security is about how to prevent
attacks, or failing that, to detect attacks on attacks, or failing that, to detect attacks on
information-based systemsinformation-based systems
often often threatthreat & & attackattack used to mean same thing used to mean same thing
have a wide range of attackshave a wide range of attacks
can focus of generic types of attackscan focus of generic types of attacks
passivepassive
activeactive
any action that compromises the security of any action that compromises the security of
information owned by an organizationinformation owned by an organization
information security is about how to prevent information security is about how to prevent
attacks, or failing that, to detect attacks on attacks, or failing that, to detect attacks on
information-based systemsinformation-based systems
often often threatthreat & & attackattack used to mean same thing used to mean same thing
have a wide range of attackshave a wide range of attacks
can focus of generic types of attackscan focus of generic types of attacks
passivepassive
activeactive
Passive AttacksPassive Attacks
Active AttacksActive Attacks
Security ServiceSecurity Service
enhance security of data processing systems enhance security of data processing systems
and information transfers of an organizationand information transfers of an organization
intended to counter security attacksintended to counter security attacks
using one or more security mechanisms using one or more security mechanisms
often replicates functions normally associated often replicates functions normally associated
with physical documentswith physical documents
•which, for example, have signatures, dates; need which, for example, have signatures, dates; need
protection from disclosure, tampering, or protection from disclosure, tampering, or
destruction; be notarized or witnessed; be destruction; be notarized or witnessed; be
recorded or licensedrecorded or licensed
enhance security of data processing systems enhance security of data processing systems
and information transfers of an organizationand information transfers of an organization
intended to counter security attacksintended to counter security attacks
using one or more security mechanisms using one or more security mechanisms
often replicates functions normally associated often replicates functions normally associated
with physical documentswith physical documents
•which, for example, have signatures, dates; need which, for example, have signatures, dates; need
protection from disclosure, tampering, or protection from disclosure, tampering, or
destruction; be notarized or witnessed; be destruction; be notarized or witnessed; be
recorded or licensedrecorded or licensed
Security ServicesSecurity Services
X.800:X.800:
““a service provided by a protocol layer of a service provided by a protocol layer of
communicating open systems, which ensures communicating open systems, which ensures
adequate security of the systems or of data adequate security of the systems or of data
transfers”transfers”
RFC 2828:RFC 2828:
““a processing or communication service a processing or communication service
provided by a system to give a specific kind of provided by a system to give a specific kind of
protection to system resources”protection to system resources”
X.800:X.800:
““a service provided by a protocol layer of a service provided by a protocol layer of
communicating open systems, which ensures communicating open systems, which ensures
adequate security of the systems or of data adequate security of the systems or of data
transfers”transfers”
RFC 2828:RFC 2828:
““a processing or communication service a processing or communication service
provided by a system to give a specific kind of provided by a system to give a specific kind of
protection to system resources”protection to system resources”
Security Services (X.800)Security Services (X.800)
AuthenticationAuthentication - - assurance that the assurance that the
communicating entity is the one claimedcommunicating entity is the one claimed
Access ControlAccess Control - - prevention of the prevention of the
unauthorized use of a resourceunauthorized use of a resource
Data ConfidentialityData Confidentiality – –protection of data from protection of data from
unauthorized disclosureunauthorized disclosure
Data IntegrityData Integrity - - assurance that data received is assurance that data received is
as sent by an authorized entityas sent by an authorized entity
Non-RepudiationNon-Repudiation - - protection against denial by protection against denial by
one of the parties in a communicationone of the parties in a communication
AuthenticationAuthentication - - assurance that the assurance that the
communicating entity is the one claimedcommunicating entity is the one claimed
Access ControlAccess Control - - prevention of the prevention of the
unauthorized use of a resourceunauthorized use of a resource
Data ConfidentialityData Confidentiality – –protection of data from protection of data from
unauthorized disclosureunauthorized disclosure
Data IntegrityData Integrity - - assurance that data received is assurance that data received is
as sent by an authorized entityas sent by an authorized entity
Non-RepudiationNon-Repudiation - - protection against denial by protection against denial by
one of the parties in a communicationone of the parties in a communication
Security MechanismSecurity Mechanism
feature designed to detect, prevent, or feature designed to detect, prevent, or
recover from a security attackrecover from a security attack
no single mechanism that will support all no single mechanism that will support all
services requiredservices required
however however one particular element underlies one particular element underlies
many of the security mechanisms in use:many of the security mechanisms in use:
cryptographic techniquescryptographic techniques
hence our focus on this topichence our focus on this topic
feature designed to detect, prevent, or feature designed to detect, prevent, or
recover from a security attackrecover from a security attack
no single mechanism that will support all no single mechanism that will support all
services requiredservices required
however however one particular element underlies one particular element underlies
many of the security mechanisms in use:many of the security mechanisms in use:
cryptographic techniquescryptographic techniques
hence our focus on this topichence our focus on this topic
Security Mechanisms (X.800)Security Mechanisms (X.800)
specific security mechanisms:specific security mechanisms:
encipherment, digital signatures, access encipherment, digital signatures, access
controls, data integrity, authentication controls, data integrity, authentication
exchange, traffic padding, routing control, exchange, traffic padding, routing control,
notarizationnotarization
pervasive security mechanisms:pervasive security mechanisms:
trusted functionality, security labels, event trusted functionality, security labels, event
detection, security audit trails, security detection, security audit trails, security
recoveryrecovery
specific security mechanisms:specific security mechanisms:
encipherment, digital signatures, access encipherment, digital signatures, access
controls, data integrity, authentication controls, data integrity, authentication
exchange, traffic padding, routing control, exchange, traffic padding, routing control,
notarizationnotarization
pervasive security mechanisms:pervasive security mechanisms:
trusted functionality, security labels, event trusted functionality, security labels, event
detection, security audit trails, security detection, security audit trails, security
recoveryrecovery
Security Mechanisms (X.800)Security Mechanisms (X.800)
Specific security mechanisms:Specific security mechanisms:
EnciphermentEncipherment
The use of mathematical algorithms to transformThe use of mathematical algorithms to transform
data into a form that is not readily intelligible. Thedata into a form that is not readily intelligible. The
transformation and subsequent recovery of thetransformation and subsequent recovery of the
data depend on an algorithm and zero or moredata depend on an algorithm and zero or more
encryption keys.encryption keys.
Access ControlAccess Control
A variety of mechanisms that enforce access rights toA variety of mechanisms that enforce access rights to
resourcesresources
Specific security mechanisms:Specific security mechanisms:
EnciphermentEncipherment
The use of mathematical algorithms to transformThe use of mathematical algorithms to transform
data into a form that is not readily intelligible. Thedata into a form that is not readily intelligible. The
transformation and subsequent recovery of thetransformation and subsequent recovery of the
data depend on an algorithm and zero or moredata depend on an algorithm and zero or more
encryption keys.encryption keys.
Access ControlAccess Control
A variety of mechanisms that enforce access rights toA variety of mechanisms that enforce access rights to
resourcesresources
Security Mechanisms (X.800)Security Mechanisms (X.800)
specific security mechanisms:specific security mechanisms:
Digital SignatureDigital Signature
Data appended to, or a cryptographic transformationData appended to, or a cryptographic transformation
of, a data unit that allows a recipient of the data unitof, a data unit that allows a recipient of the data unit
to prove the source and integrity of the data unit andto prove the source and integrity of the data unit and
protect against forgery (e.g., by the recipient).protect against forgery (e.g., by the recipient).
Data IntegrityData Integrity
A variety of mechanisms used to assure the integrityA variety of mechanisms used to assure the integrity
of a data unit or stream of data units.of a data unit or stream of data units.
specific security mechanisms:specific security mechanisms:
Digital SignatureDigital Signature
Data appended to, or a cryptographic transformationData appended to, or a cryptographic transformation
of, a data unit that allows a recipient of the data unitof, a data unit that allows a recipient of the data unit
to prove the source and integrity of the data unit andto prove the source and integrity of the data unit and
protect against forgery (e.g., by the recipient).protect against forgery (e.g., by the recipient).
Data IntegrityData Integrity
A variety of mechanisms used to assure the integrityA variety of mechanisms used to assure the integrity
of a data unit or stream of data units.of a data unit or stream of data units.
Security Mechanisms (X.800)Security Mechanisms (X.800)
specific security mechanisms:specific security mechanisms:
Authentication ExchangeAuthentication Exchange
A mechanism intended to ensure the identity of anA mechanism intended to ensure the identity of an
entity by means of information exchange.entity by means of information exchange.
Traffic PaddingTraffic Padding
The insertion of bits into gaps in a data stream toThe insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.frustrate traffic analysis attempts.
specific security mechanisms:specific security mechanisms:
Authentication ExchangeAuthentication Exchange
A mechanism intended to ensure the identity of anA mechanism intended to ensure the identity of an
entity by means of information exchange.entity by means of information exchange.
Traffic PaddingTraffic Padding
The insertion of bits into gaps in a data stream toThe insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.frustrate traffic analysis attempts.
Security Mechanisms (X.800)Security Mechanisms (X.800)
specific security mechanisms:specific security mechanisms:
Routing ControlRouting Control
Enables selection of particular physically secureEnables selection of particular physically secure
routes for certain data and allows routing changes,routes for certain data and allows routing changes,
especially when a breach of security is suspected.especially when a breach of security is suspected.
NotarizationNotarization
The use of a trusted third party to assure certainThe use of a trusted third party to assure certain
properties of a data exchange.properties of a data exchange.
specific security mechanisms:specific security mechanisms:
Routing ControlRouting Control
Enables selection of particular physically secureEnables selection of particular physically secure
routes for certain data and allows routing changes,routes for certain data and allows routing changes,
especially when a breach of security is suspected.especially when a breach of security is suspected.
NotarizationNotarization
The use of a trusted third party to assure certainThe use of a trusted third party to assure certain
properties of a data exchange.properties of a data exchange.
Security Mechanisms (X.800)Security Mechanisms (X.800)
Pervasive security mechanisms:Pervasive security mechanisms:
Trusted FunctionalityTrusted Functionality
That which is perceived to be correct with respectThat which is perceived to be correct with respect
to some criteria (e.g., as established by a securityto some criteria (e.g., as established by a security
policy).policy).
Security LabelSecurity Label
The marking bound to a resource (which may be aThe marking bound to a resource (which may be a
data unit) that names or designates the security data unit) that names or designates the security
attributes of that resource.attributes of that resource.
Pervasive security mechanisms:Pervasive security mechanisms:
Trusted FunctionalityTrusted Functionality
That which is perceived to be correct with respectThat which is perceived to be correct with respect
to some criteria (e.g., as established by a securityto some criteria (e.g., as established by a security
policy).policy).
Security LabelSecurity Label
The marking bound to a resource (which may be aThe marking bound to a resource (which may be a
data unit) that names or designates the security data unit) that names or designates the security
attributes of that resource.attributes of that resource.
Security Mechanisms (X.800)Security Mechanisms (X.800)
Pervasive security mechanisms:Pervasive security mechanisms:
Event DetectionEvent Detection
Detection of security-relevant events.Detection of security-relevant events.
Security Audit TrailSecurity Audit Trail
Data collected and potentially used to facilitate aData collected and potentially used to facilitate a
security audit, which is an independent review andsecurity audit, which is an independent review and
examination of system records and activities.examination of system records and activities.
Security RecoverySecurity Recovery
Deals with requests from mechanisms, such as eventDeals with requests from mechanisms, such as event
handling and management functions, and takeshandling and management functions, and takes
recovery actions.recovery actions.
Pervasive security mechanisms:Pervasive security mechanisms:
Event DetectionEvent Detection
Detection of security-relevant events.Detection of security-relevant events.
Security Audit TrailSecurity Audit Trail
Data collected and potentially used to facilitate aData collected and potentially used to facilitate a
security audit, which is an independent review andsecurity audit, which is an independent review and
examination of system records and activities.examination of system records and activities.
Security RecoverySecurity Recovery
Deals with requests from mechanisms, such as eventDeals with requests from mechanisms, such as event
handling and management functions, and takeshandling and management functions, and takes
recovery actions.recovery actions.
Model for Network SecurityModel for Network Security
Model for Network SecurityModel for Network Security
using this model requires us to: using this model requires us to:
1.1.design a suitable algorithm for the security design a suitable algorithm for the security
transformation transformation
2.2.generate the secret information (keys) used generate the secret information (keys) used
by the algorithm by the algorithm
3.3.develop methods to distribute and share the develop methods to distribute and share the
secret information secret information
4.4.specify a protocol enabling the principals to specify a protocol enabling the principals to
use the transformation and secret use the transformation and secret
information for a security service information for a security service
using this model requires us to: using this model requires us to:
1.1.design a suitable algorithm for the security design a suitable algorithm for the security
transformation transformation
2.2.generate the secret information (keys) used generate the secret information (keys) used
by the algorithm by the algorithm
3.3.develop methods to distribute and share the develop methods to distribute and share the
secret information secret information
4.4.specify a protocol enabling the principals to specify a protocol enabling the principals to
use the transformation and secret use the transformation and secret
information for a security service information for a security service
Model for Network Access Model for Network Access
SecuritySecurity
SecuritySecurity
Model for Network Access Model for Network Access
SecuritySecurity
using this model requires us to: using this model requires us to:
1.1.select appropriate gatekeeper functions to select appropriate gatekeeper functions to
identify users identify users
2.2.implement security controls to ensure only implement security controls to ensure only
authorised users access designated authorised users access designated
information or resources information or resources
trusted computer systems may be useful trusted computer systems may be useful
to help implement this model to help implement this model
SecuritySecurity
using this model requires us to: using this model requires us to:
1.1.select appropriate gatekeeper functions to select appropriate gatekeeper functions to
identify users identify users
2.2.implement security controls to ensure only implement security controls to ensure only
authorised users access designated authorised users access designated
information or resources information or resources
trusted computer systems may be useful trusted computer systems may be useful
to help implement this model to help implement this model
Categories
EducationDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 19
- Slides 26
- Age 426 days
Related Slideshows
11
TLE-9-Prepare-Salad-and-Dressing.pptxkkk
MaAngelicaCanceran
33 views
12
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx
JojitGueta
28 views
60
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru
MaAngelicaCanceran
45 views
26
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx
KaistaGlow
43 views
![Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx](https://slidepub.com/thumb/5828/284015828.jpg)
54
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx
acecamero20
28 views
7
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd
acecamero20
28 views