570 likes | 621 Vues
Data & Network Security. Mrs. Iqra Shahid Lecturer Department of Computer Science iqrasatar@gmail.com. Instructor. MS Computer Science from UOL (Sargodha Campus). BS Computer Science from UET Lahore. Have 3 research papers published. Pre-coding Techniques (OFDMA)
E N D
Data & Network Security Mrs. Iqra Shahid Lecturer Department of Computer Science iqrasatar@gmail.com
Instructor • MS Computer Science from UOL (Sargodha Campus). • BS Computer Science from UET Lahore. • Have 3 research papers published. • Pre-coding Techniques (OFDMA) • Distributed Denial of Service (Network Security) • Multi-Level Queue and Real time Scheduling (Operating System)
Teaching Procedure • Lectures • Discussion • Assignments • Surprise Quizzes • Midterm • Presentation • Final Exam
Marks Distribution • Class Participation 05% • Assignments 05% • Surprise Quizzes 10% • Midterm 30% • Presentation 10% • Final Exam 40%
Prerequisites • Data Communication & Networks • Computer Networks
Textbook • Cryptography and Network Security, William Stallings, 5th Edition, Pearson Education, 2011 • Cryptography & Network Security, Behrouz A. Frouzen • Security in Computing, Charles P. Pfleeger, Fourth Edition, Pearson Education, 2011. • Online readings
Objectives of the lecture • To define Security • To define three security goals • To define security attacks that threaten security goals • To define security services and how they are related to the three security goals • To define security mechanisms to provide security services • To introduce two techniques, cryptography an steganography, to implement security mechanisms.
Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War, Sun Tzu
Background • Information Security requirements have changed in recent times. • Traditionally provided by physical and administrative mechanisms. • Computer use requires automated tools to protect files and other stored information. • Use of networks and communications links requires measures to protect data during transmission.
Computer Security • The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).[NIST 1995]
Definitions • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers. • Network Security - measures to protect data during their transmission. • Internet Security - measures to protect data during their transmission over a collection of interconnected networks.
Aim of Course • Our focus is on Data & Network Security • Which consists of measures to prevent, detect, deter and correct security violations that involve the transmission & storage of information.
Security Goals • This section defines three security goals. • Confidentiality • Integrity • Availability
Confidentiality • Confidentiality is probably the most common aspect of information security. • We need to protect our confidential information. • An organization needs to guard against those malicious actions that endanger the confidentiality of its information.
Integrity • Information needs to be changed constantly. • Integrity means that changes need to be done only by authorized entities and through authorized mechanisms.
Availability • The information created and stored by an organization needs to be available to authorized entities. • Information needs to be constantly changed, which means it must be accessible to authorized entities.
Examples of Security Requirements • Confidentiality – student grades • integrity – patient information • Availability – authentication service
Levels Of Impact • 3 levels of impact from a security breach • Low • Moderate • High
OSI Security Architecture • ITU-T X.800 “Security Architecture for OSI” • Defines a systematic way of defining and providing security requirements. • For us it provides a useful, if abstract, overview of concepts we will study.
Aspects of Security • Consider 3 aspects of information security: • Security Attack • Security Mechanism • Security Service
Security Attack • Any action that compromises the security of information owned by an organization. • Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems. • Often threat & attack used to mean same thing.
Security Attack • The three goals of security - confidentiality, integrity, and availability can be threatened by security attacks. • Attacks Threatening Confidentiality • AttacksThreateningIntegrity • Attacks Threatening Availability • Passive versus Active Attacks
Attacks Threading Confidentiality Snooping refers to unauthorized access to or interception of data. Traffic analysis refers to obtaining some other type of information by monitoring online traffic.
AttacksThreateningIntegrity Modificationmeans that the attacker intercepts the message and changes it. Masquerading or spoofing happens when the attacker impersonates somebody else. Replaying means the attacker obtains a copy of a message sent by a user and later tries to replay it. Repudiation means that sender of the message might later deny that she has sent the message; the receiver of the message might later deny that he has received the message.
Attacks Threatening Availability Denial of service (DoS) is a very common attack. It may slow down or totally interrupt the service of a system.
Passive Attacks (Cont…) • Passive attacks do not affect system resources • Eavesdropping, monitoring • Two types of passive attacks • Release of message contents • Traffic analysis • Passive attacks are very difficult to detect • Message transmission apparently normal • No alteration of the data • Emphasis on prevention rather than detection • By means of encryption
Active Attacks (Cont…) • Active attacks try to alter system resources or affect their operation • Modification of data, or creation of false data • Four categories • Masquerade • Replay • Modification of messages • Denial of service: preventing normal use • A specific target or entire network • Difficult to prevent • The goal is to detect and recover
Security Service & Mechanisms • ITU-T provides some security services and some mechanisms to implement those services. Security services and mechanisms are closely related because … • Mechanism or combination of mechanisms are used to provide a service… • Security Services • Security Mechanism • Relation between Services and Mechanisms
Security Service • Enhance security of data processing systems and information transfers of an organization. • Intended to counter security attacks. • Using one or more security mechanisms. • Systematically evaluate and define security requirements.
Security Services • X.800: A service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. • RFC 2828: A processing or communication service provided by a system to give a specific kind of protection to system resources.
Security Services (X.800) • Authentication - Assurance that the communicating entity is the one claimed. • Access Control - Prevention of the unauthorized use of a resource. • Data Confidentiality – Protection of data from unauthorized disclosure. • Data Integrity - Assurance that data received is as sent by an authorized entity. • Non-Repudiation - Protection against denial by one of the parties in a communication. Sender cannot deny sending of a message that they originated.
Security Mechanism • Feature designed to detect, prevent, or recover from a security attack. • No single mechanism that will support all services required. • However one particular element underlies many of the security mechanisms in use: • Cryptographic techniques
Security Mechanisms (X.800) • Specific security mechanisms: • OSI security services performed on different protocol layer. • Encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization. • Pervasive security mechanisms: • The mechanisms that are not specific to the protocol layer particular. • Trusted functionality, security labels, event detection, security audit trails, security recovery.
Specific Security Mechanisms • Encipherment is the use of algorithms mathematics to transform to the data into a form that can not be understood. • Digital Signature is a cryptographic transformation of a data unit that is used to validate the authenticity and integrity of a message. Hashing algorithm is used. • Access Control is a mechanism that ensures access to a resource by a user who have rights. • Data integrity is a mechanism that used to ensure the integrity of a data unit or stream of data units.
Cont…. • Authentication Exchange is a mechanism which aims to ensure the identity of entity for purposes of the exchange of information. • Traffic padding is added to the data bits stream analysis attempts to confuse traffic. • Routing Control receives the selection of a safe route to certain data and allow changes routing especially when security breaches made it known. • Notarization is the use of third party reliably during the process of data exchange.
Security Techniques • Mechanisms discussed in the previous sections are only theoretical recipes to implement security. The actual implementation of security goals needs some techniques. • Two techniques are prevalent today: • Cryptography • Steganography