lecture2-1 part one about cryptography.ppt
abduganiyevbekzod011
13 views
18 slides
Sep 14, 2024
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
no comment
Slide Content
Review security basic concepts
IT 352 : Lecture 2-
part1
Najwa AlGhamdi , MSc – 2012 /1433
IT 352 : Lecture 2-
part1
Najwa AlGhamdi , MSc – 2012 /1433
Outline
•Computer Security Concept
•Aspects of Security
•Security Attack
•OSI Security Structure
•Model for Network Security
•Computer Security Concept
•Aspects of Security
•Security Attack
•OSI Security Structure
•Model for Network Security
Computer Security Concept
Computer Security Definition
the protection afforded to an automated information system in order
to attain the applicable objectives of preserving the integrity,
availability and confidentiality of information system resources
(includes hardware, software, information/data, and
telecommunications)
Computer Security Definition
the protection afforded to an automated information system in order
to attain the applicable objectives of preserving the integrity,
availability and confidentiality of information system resources
(includes hardware, software, information/data, and
telecommunications)
Computer Security Concept
1.Confidentiality preserving authorized restrictions on
information access and disclosure, including means for
protecting personal privacy and proprietary information.
2.Integrity Guarding against improper information
modification or destruction, and includes ensuring
information non-repudiation and authenticity
3. Availability Ensuring timely and reliable access to and
use of information.
1.Confidentiality preserving authorized restrictions on
information access and disclosure, including means for
protecting personal privacy and proprietary information.
2.Integrity Guarding against improper information
modification or destruction, and includes ensuring
information non-repudiation and authenticity
3. Availability Ensuring timely and reliable access to and
use of information.
Aspects of Security
•consider 3 aspects of information security:
•security attack
•security mechanism
•security service
•note terms
•threat – a potential for violation of security
•attack – an assault on system security, a deliberate attempt to
evade security services
•consider 3 aspects of information security:
•security attack
•security mechanism
•security service
•note terms
•threat – a potential for violation of security
•attack – an assault on system security, a deliberate attempt to
evade security services
Security Attack
•Passive Attack
•attempts to learn or make use
of information from the system
but does not affect system
resources.
•Two types of passive
attacks are:
1.Release of message contents
2.Traffic analysis.
•Passive Attack
•attempts to learn or make use
of information from the system
but does not affect system
resources.
•Two types of passive
attacks are:
1.Release of message contents
2.Traffic analysis.
Active Attack
•Active Attack
•modification of the data
stream or the creation of a
false stream
•Four types of active attacks
1.masquerade,
2.Replay
3.modification of messages,
4.denial of service.
•Active Attack
•modification of the data
stream or the creation of a
false stream
•Four types of active attacks
1.masquerade,
2.Replay
3.modification of messages,
4.denial of service.
OSI Security Structure
•The OSI security architecture is useful to managers as a
way of organizing the task of providing security.
•Define Security Services and mechanism
•The OSI security architecture is useful to managers as a
way of organizing the task of providing security.
•Define Security Services and mechanism
OSI Security Structure – Security
Services
•Authentication - assurance that communicating
entity is the one claimed
•have both peer-entity & data origin authentication
•Access Control - prevention of the unauthorized use
of a resource
•Data Confidentiality –protection of data from
unauthorized disclosure
•Data Integrity - assurance that data received is as
sent by an authorized entity
•Non-Repudiation) - protection against denial by one
of the parties in a communication
•Availability – resource accessible/usable
Services
•Authentication - assurance that communicating
entity is the one claimed
•have both peer-entity & data origin authentication
•Access Control - prevention of the unauthorized use
of a resource
•Data Confidentiality –protection of data from
unauthorized disclosure
•Data Integrity - assurance that data received is as
sent by an authorized entity
•Non-Repudiation) - protection against denial by one
of the parties in a communication
•Availability – resource accessible/usable
OSI Security Structure – Security
Mechanism
•specific security mechanisms ( OSI
model)
•Encipherment, digital signatures, access controls, data integrity,
authentication exchange, traffic padding, routing control,
notarization
Mechanism
•specific security mechanisms ( OSI
model)
•Encipherment, digital signatures, access controls, data integrity,
authentication exchange, traffic padding, routing control,
notarization
OSI Security Structure –
Security Mechanism
Security Mechanism
OSI Security Structure –
Security Mechanism
•pervasive security mechanisms:
•trusted functionality: functionality that can be trusted to perform
as intended.
•security labels: every item is associated with a security label. For
example : a label for sensitivity level.
• event detection : detective and could be corrective mechanism
m for security event.
•security audit trails: Review and Examination of system records
and activities
• security recovery : implementing corrective security mechanisms
and putting them in appropriate place.
Security Mechanism
•pervasive security mechanisms:
•trusted functionality: functionality that can be trusted to perform
as intended.
•security labels: every item is associated with a security label. For
example : a label for sensitivity level.
• event detection : detective and could be corrective mechanism
m for security event.
•security audit trails: Review and Examination of system records
and activities
• security recovery : implementing corrective security mechanisms
and putting them in appropriate place.
Model for Network Security
Model for Network Security
using this model requires us to:
1.design a suitable algorithm for the security transformation
2.generate the secret information (keys) used by the algorithm
3.develop methods to distribute and share the secret
information
4.specify a protocol enabling the principals to use the
transformation and secret information for a security service
using this model requires us to:
1.design a suitable algorithm for the security transformation
2.generate the secret information (keys) used by the algorithm
3.develop methods to distribute and share the secret
information
4.specify a protocol enabling the principals to use the
transformation and secret information for a security service
Model for Network Security
Model for Network Security
using this model requires us to:
1.select appropriate gatekeeper functions to identify users
2.implement security controls to ensure only authorised users
access designated information or resources
using this model requires us to:
1.select appropriate gatekeeper functions to identify users
2.implement security controls to ensure only authorised users
access designated information or resources
Summary
•topic roadmap & standards organizations
•security concepts:
•confidentiality, integrity, availability
•X.800 security architecture
•security attacks, services, mechanisms
•models for network (access) security
•topic roadmap & standards organizations
•security concepts:
•confidentiality, integrity, availability
•X.800 security architecture
•security attacks, services, mechanisms
•models for network (access) security
Resources
•Network Security Essential , chapter 1 .
•Network Security Essential , chapter 1 .
Tags
Categories
EducationDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 13
- Slides 18
- Age 445 days
Related Slideshows
11
TLE-9-Prepare-Salad-and-Dressing.pptxkkk
MaAngelicaCanceran
32 views
12
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx
JojitGueta
26 views
60
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru
MaAngelicaCanceran
41 views
26
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx
KaistaGlow
40 views
![Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx](https://slidepub.com/thumb/5828/284015828.jpg)
54
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx
acecamero20
25 views
7
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd
acecamero20
25 views