1 / 29

Network Security and Cryptography lec 1

Basic terms and concepts, Cryptography, Security terms, the CIA, Levels of impact, Aspects of security

sheeraz_ahmed
Télécharger la présentation

Network Security and Cryptography lec 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Network Security and Cryptography. Lecture Slides Prepared by Dr. Sheeraz Ahmed Iqra National University Peshawar Pakistan

  2. Basic Terms and Concepts • An original message is known as the plaintext. 2. The coded message is called the ciphertext. 3. The process of converting from plaintext to ciphertextis known as enciphering or encryption. 4. Restoring the plaintext from the ciphertext is deciphering or decryption.

  3. 5. Schemes used for encryption constitute the area of study known as cryptography. Such a scheme is known as a cryptographic system or a cipher. 6. Techniques used for deciphering a message without any knowledge of the enciphering details fall into the area of cryptanalysis. Cryptanalysis is what the layperson calls “breaking the code”. 7. The areas of cryptography and cryptanalysis together are called cryptology.

  4. Cryptography (Detail) • Cryptography (or cryptology; derived from Greek κρυπτός kryptós "hidden," and the verb γράφω gráfo "write") is the study of message secrecy. • In modern times, it has become a branch of information theory, as the mathematical study of information and especially its transmission from place to place.

  5. Cryptography • The term is often used to refer to the field as a whole, as is cryptology ("the study of secrets"). • The study of how to circumvent (bypass) the confidentiality sought by using encryption is called cryptanalysis or, more loosely, "code breaking."

  6. Cryptography • Until modern times, cryptography referred almost exclusively to encryption, which is the process of converting ordinary information (plaintext) into something unintelligible (ciphertext). • Decryption is the reverse, moving from unintelligible ciphertext to plaintext. • A cipher (or cypher) is a pair of algorithms which perform this encryption and the reversing decryption.

  7. Security Concepts • Computer Security - Genericname for the collection of tools designed to protect data and to thwart (stop) hackers • Network Security - Measures to protect data during their transmission • Internet Security - Measures to protect data during their transmission over a collection of interconnected networks

  8. Key Security Concepts

  9. The CIA • Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. • Integrity: Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information. 3. Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.

  10. Levels of Impact • Can define 3 levels of impact from a security breach (break) • Low • Moderate • High

  11. Low Impact • The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. • A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might • (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; • (ii) result in minor damage to organizational assets; • (iii) result in minor financial loss; or • (iv) result in minor harm to individuals.

  12. Moderate Impact • The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. • A serious adverse effect means that, for example, the loss might • (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; • (ii) result in significant damage to organizational assets; • (iii) result in significant financial loss; or • (iv) result in significant harm to individuals that does not involve loss of life or serious, life-threatening injuries.

  13. High Impact • The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. • A severe or catastrophic adverse effect means that, for example, the loss might • (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; • (ii) result in major damage to organizational assets; • (iii) result in major financial loss; or • (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries.

  14. Examples of Security Requirements • Confidentiality – student grades • Integrity – patient information • Availability – authentication service

  15. Computer Security Challenges • Not simple – Easy to get it wrong • Must consider potential attacks • Procedures used counter-intuitive • Involve algorithms and secret info • Must decide where to deploy mechanisms • Battle of wits (minds) between attacker / admin • Not perceived on benefit until fails • Requires regular monitoring • Aprocess, not an event • Too often an after-thought

  16. Aspects of Security Consider 3 aspects of information security: • Security Attack Any action that compromises the security of information. • Security Mechanism A mechanism (Process) that is designed to detect, prevent, or recover from a security attack. • Security Service A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms

  17. Note terms • threat – Apotential for violation of security • vulnerability –A way by which loss can happen • attack –An assault on system security, a deliberate attempt to evade security services

  18. Security attack: Any action that compromises the security of information owned by an organization. A useful means of classifying security attacks is in terms of passive attacks and active attacks. 1. A passive attack attempts to learn or make use of information from the system but does not affect system resources. 2. An active attack attempts to alter system resources or affect their operation.

  19. Passive Attack – Interception

  20. Passive Attack: Traffic Analysis Observetraffic pattern

  21. Active Attack: Interruption Block delivery of message

  22. Active Attack: Fabrication Fabricate message

  23. Active Attack: Replay

  24. Active Attack: Modification Modify message

  25. Handling Attacks • Passive attacks – focus on Prevention • Easy to stop • Hard to detect • Active attacks – focus on Detection and Recovery • Hard to stop • Easy to detect

  26. Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity

  27. Security Attacks

  28. END OF 1st WEEK

More Related