SlideShare une entreprise Scribd logo

CNS - Chapter1

J
JeevananthamArumugam

This document provides an overview of cryptography and network security concepts from the textbook "Cryptography & Network Security" by William Stallings. It covers topics like confidentiality, integrity, availability, security threats/attacks, security services, security mechanisms, and the OSI security architecture. The document includes chapter objectives, definitions of key terms, descriptions of security concepts, examples, and review questions. The overall purpose is to introduce fundamental cryptography and network security principles.

Formation
1  sur  33
2020 - 2021 Odd Semester 14ITT71 Cryptography and Network Security
14ITT71-CryptographyandNetworkSecurity Roadmap 01 Introduction & Number Theory 02 Symmetric Key Cryptography 03 Hash Function & Digital Signature 04 Security Practice & System Security 05 E Mail Security • OSI security architecture • Classical Encryption techniques • Number theory • DES • AES • RSA • DH Exchange • ECC • MAC • MD5 • SHA • HMAC • CMAC • Digital Signature • Kerberos • Firewalls • Trusted Systems • IDS • Virus and Threats • PGP • S/MIME • IP Security • Internet Key Exchange • Web Security Understand OSI security architecture and classical encryption techniques Acquire knowledge in symmetric and public key cryptography Know about hash function and digital signatures Recognize security practice and system security Gain knowledge in email and web security Cryptography & Network Security - William Stallings 6th Edition
14ITT71-CryptographyandNetworkSecurity Chapter 1 Computer and Network Security Concepts
14ITT71-CryptographyandNetworkSecurity Learning Objectives After studying this chapter, you should be able to: 1. Describe the key security requirements of confidentiality, integrity, and availability. 2. Discuss the types of security threats and attacks that must be dealt with and give examples of the types of threats and attacks that apply to different categories of computer and network assets. 3. Summarize the functional requirements for computer security. Describe the X.800 security architecture for OSI.
14ITT71-CryptographyandNetworkSecurity Computer Security The field of network and Internet security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information. 
 C A B Employee Manager Server Fired Invalidate Employees Account Confirmation ?
14ITT71-CryptographyandNetworkSecurity Computer Security The NIST Computer Security Handbook defines the term computer security as: “ the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of i n f o r m a t i o n s y s t e m resources” (includes hardware, software, firmware, information/ data, and telecommunications)
14ITT71-CryptographyandNetworkSecurity Three key objectives that are at the heart of computer security • Confidentiality • Integrity • Availability Figure 1.1 Essential Network and Computer Security Requirements Data and services Availability Integrity Accountability Authenticity Confidentiality
14ITT71-CryptographyandNetworkSecurity CIA triad • Confidentiality: Preserving authorised restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorised disclosure of information. 
 • Integrity: Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorised modification or destruction of information. 
 • Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system. 

14ITT71-CryptographyandNetworkSecurity CIA triad + AA • Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source • Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after- action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes. 

14ITT71-CryptographyandNetworkSecurity The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals High Moderate Low Breach of Security & its Impacts
14ITT71-CryptographyandNetworkSecurity Security is not simple Potential attacks on the security features need to be considered Security mechanisms typically involve more than a particular algorithm or protocol Security is essentially a battle of wits between a perpetrator and the designer Procedures used to provide particular services are often counter-intuitive Little benefit from security investment is perceived until a security failure occursIt is necessary to decide where to use the various security mechanisms Requires constant monitoring Is too often an afterthought Strong security is often viewed as an impediment to efficient and user-friendly operation Computer Security Challenges
14ITT71-CryptographyandNetworkSecurity OSI Security Architecture 1. Security attack • Any action that compromises the security of information owned by an organisation 2. Security mechanism • A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack 3. Security service • A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization • Intended to counter security attacks, and they make use of one or more security mechanisms to provide the service
14ITT71-CryptographyandNetworkSecurity Threats vs Attacks
14ITT71-CryptographyandNetworkSecurity Security Attacks
14ITT71-CryptographyandNetworkSecurity Security Attacks A passive attack attempts to learn or make use of information from the system but does not affect system resources (a) Passive attacks Alice (b) Active attacks Figure 1.2 Security Attacks Bob Darth Internet or other comms facility Bob Darth Alice Internet or other comms facility 1 2 3 An active attack attempts to alter system resources or affect their operation
14ITT71-CryptographyandNetworkSecurity Passive Attacks Two types of passive attacks are: • The release of message contents • Traffic analysis
14ITT71-CryptographyandNetworkSecurity Active Attacks • Involve some modification of the data stream or the creation of a false stream • Difficult to prevent because of the wide variety of potential physical, software, and network vulnerabilities • Goal is to detect attacks and to recover from any disruption or delays caused by them • Takes place when one entity pretends to be a different entity • Usually includes one of the other forms of active attack Masquerade • Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect Replay • Some portion of a legitimate message is altered, or messages are delayed or reordered to produce an unauthorized effect Modification of messages • Prevents or inhibits the normal use or management of communications facilities Denial of service
14ITT71-CryptographyandNetworkSecurity Security Services • Defined by X.800 as: •A service provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers • Defined by RFC 4949 as: •A processing or communication service provided by a system to give a specific kind of protection to system resources
14ITT71-CryptographyandNetworkSecurity Security Services (X.800) (This table is found on page 18 in textbook)
14ITT71-CryptographyandNetworkSecurity Authentication Concerned with assuring that a communication is authentic • In the case of a single message, assures the recipient that the message is from the source that it claims to be from • In the case of ongoing interaction, assures the two entities are authentic and that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties Two specific authentication services are defined in X.800: Peer entity authentication Data origin authentication
14ITT71-CryptographyandNetworkSecurity Access Control • The ability to limit and control the access to host systems and applications via communications links • To achieve this, each entity trying to gain access must first be indentified, or authenticated, so that access rights can be tailored to the individual
14ITT71-CryptographyandNetworkSecurity Data Confidentiality The protection of transmitted data from passive attacks • Broadest service protects all user data transmitted between two users over a period of time • Narrower forms of service includes the protection of a single message or even specific fields within a message The protection of traffic flow from analysis • This requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility
14ITT71-CryptographyandNetworkSecurity Data Integrity Can apply to a stream of messages, a single message, or selected fields within a message Connection-oriented integrity service, one that deals with a stream of messages, assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays A connectionless integrity service, one that deals with individual messages without regard to any larger context, generally provides protection against message modification only
14ITT71-CryptographyandNetworkSecurity Nonrepudiation • Prevents either sender or receiver from denying a transmitted message • When a message is sent, the receiver can prove that the alleged sender in fact sent the message • When a message is received, the sender can prove that the alleged receiver in fact received the message
14ITT71-CryptographyandNetworkSecurity Availability Service • Protects a system to ensure its availability • This service addresses the security concerns raised by denial-of- service attacks • It depends on proper management and control of system resources and thus depends on access control service and other security services
14ITT71-CryptographyandNetworkSecurity Security Mechanisms (X.800) Specific Security Mechanisms •Encipherment •Digital signatures •Access controls •Data integrity •Authentication exchange •Traffic padding •Routing control Pervasive Security Mechanisms •Trusted functionality •Security labels •Event detection •Security audit trails •Security recovery
14ITT71-CryptographyandNetworkSecurity Security Mechanisms (X.800) (This table is found on pages 14-15 in textbook)
14ITT71-CryptographyandNetworkSecurity Relationship Between Security Services and Mechanisms
14ITT71-CryptographyandNetworkSecurity Model for Network Security Information Channel Security-related transformation Sender Secret information Message Message Secure message Secure message Recipient Opponent Trusted third party (e.g., arbiter, distributer of secret information) Figure 1.5 Model for Network Security Security-related transformation Secret information
14ITT71-CryptographyandNetworkSecurity Network Access Security Model Computing resources (processor, memory, I/O) Data Processes Software Internal security controls Information System Gatekeeper function Opponent —human (e.g., hacker) —software (e.g., virus, worm) Figure 1.6 Network Access Security Model Access Channel
14ITT71-CryptographyandNetworkSecurity Review Questions • What is the OSI security architecture? • What is the difference between passive and active security threats? • List and briefly define categories of passive and active security attacks. • List and briefly define categories of security services. • List and briefly define categories of security mechanisms. 

14ITT71-CryptographyandNetworkSecurity Review Questions 1. Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement. 2. Consider a desktop publishing system used to produce documents for various organizations. • Give an example of a type of publication for which confidentiality of the stored data is the most important requirement. • Give an example of a type of publication in which data integrity is the most important requirement. • Give an example in which system availability is the most important requirement.
14ITT71-CryptographyandNetworkSecurity Review Questions 1. Draw a matrix similar to Slide No 28 that shows the relationship between security services and attacks. 2. For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers. a. An organization managing public information on its Web server.
 b. A law enforcement organization managing extremely sensitive investigative 
 information.
 c. A financial organization managing routine administrative information (not 
 privacy-related information).
 d. An information system used for large acquisitions in a contracting organization 
 contains both sensitive, pre-solicitation phase contract information and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole. 
 e. A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installa- tion. The SCADA system contains both real-time sensor data and routine admin- istrative information. Assess the impact for the two data sets separately and the information system as a whole.

Recommandé

Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Shashank Shetty
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
zahid-mian
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
patisa
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
gangadhar9989166446
 

Recommandé

Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Shashank Shetty
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
zahid-mian
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
patisa
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
gangadhar9989166446
 
Cryptography
CryptographyCryptography
Cryptography
Sidharth Mohapatra
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
Rajapriya82
 
Cryptography
CryptographyCryptography
Cryptography
jayashri kolekar
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Md. Afif Al Mamun
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsec
PACHIYAPPAN PACHIYAPPAS
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DES
Hemant Sharma
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 
Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)
Ameer Sameer
 
Message authentication
Message authenticationMessage authentication
Message authentication
CAS
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 
distributed Computing system model
distributed Computing system modeldistributed Computing system model
distributed Computing system model
Harshad Umredkar
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
Zaheer720515
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
Dr Naim R Kidwai
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
Krishna Gehlot
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
Monoalphabetic Substitution Cipher
Monoalphabetic Substitution CipherMonoalphabetic Substitution Cipher
Monoalphabetic Substitution Cipher
SHUBHA CHATURVEDI
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
Prince Rachit
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
limsh
 
abc.pptx
abc.pptxabc.pptx
abc.pptx
BhargaviGorde1
 

Contenu connexe

Tendances

Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)
Ameer Sameer
 

Tendances (20)

Cryptography
CryptographyCryptography
Cryptography
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Cryptography
CryptographyCryptography
Cryptography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsec
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DES
 
Security models
Security models Security models
Security models
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
 
Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)
 
Message authentication
Message authenticationMessage authentication
Message authentication
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
Intruders
IntrudersIntruders
Intruders
 
distributed Computing system model
distributed Computing system modeldistributed Computing system model
distributed Computing system model
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
Monoalphabetic Substitution Cipher
Monoalphabetic Substitution CipherMonoalphabetic Substitution Cipher
Monoalphabetic Substitution Cipher
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 

Similaire à CNS - Chapter1

BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
limsh
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
AparnaSunil24
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 

Similaire à CNS - Chapter1 (20)

BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
abc.pptx
abc.pptxabc.pptx
abc.pptx
 
Ch01 NetSec5e.pptx
Ch01 NetSec5e.pptxCh01 NetSec5e.pptx
Ch01 NetSec5e.pptx
 
information security.pptx
information security.pptxinformation security.pptx
information security.pptx
 
Ch01 NetSec5e.pdf
Ch01 NetSec5e.pdfCh01 NetSec5e.pdf
Ch01 NetSec5e.pdf
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptx
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptx
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
Cryptography introduction
Cryptography introductionCryptography introduction
Cryptography introduction
 
Introduction to Network security
Introduction to Network securityIntroduction to Network security
Introduction to Network security
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
ch01.pdf
ch01.pdfch01.pdf
ch01.pdf
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 

Plus de JeevananthamArumugam

Plus de JeevananthamArumugam (10)

SQL Procedures & Functions
SQL Procedures & FunctionsSQL Procedures & Functions
SQL Procedures & Functions
 
Advanced Encryption Standard - AES
Advanced Encryption Standard - AESAdvanced Encryption Standard - AES
Advanced Encryption Standard - AES
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
 
Data Encryption Standard
Data Encryption StandardData Encryption Standard
Data Encryption Standard
 
Square and Multiply - Shortcut Method
Square and Multiply - Shortcut MethodSquare and Multiply - Shortcut Method
Square and Multiply - Shortcut Method
 
Chinese Reminder Theorem
Chinese Reminder TheoremChinese Reminder Theorem
Chinese Reminder Theorem
 
Euler's Theorem
Euler's TheoremEuler's Theorem
Euler's Theorem
 
NCC | General Subject | Public speaking
NCC | General Subject | Public speaking NCC | General Subject | Public speaking
NCC | General Subject | Public speaking
 
NCC | General Subject | Communication Skills | Year II
NCC | General Subject | Communication Skills | Year IINCC | General Subject | Communication Skills | Year II
NCC | General Subject | Communication Skills | Year II
 
IoT - Scope and Opportunities
IoT - Scope and OpportunitiesIoT - Scope and Opportunities
IoT - Scope and Opportunities
 

Dernier

Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Dernier (20)

Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 

CNS - Chapter1

  • 1. 2020 - 2021 Odd Semester 14ITT71 Cryptography and Network Security
  • 2. 14ITT71-CryptographyandNetworkSecurity Roadmap 01 Introduction & Number Theory 02 Symmetric Key Cryptography 03 Hash Function & Digital Signature 04 Security Practice & System Security 05 E Mail Security • OSI security architecture • Classical Encryption techniques • Number theory • DES • AES • RSA • DH Exchange • ECC • MAC • MD5 • SHA • HMAC • CMAC • Digital Signature • Kerberos • Firewalls • Trusted Systems • IDS • Virus and Threats • PGP • S/MIME • IP Security • Internet Key Exchange • Web Security Understand OSI security architecture and classical encryption techniques Acquire knowledge in symmetric and public key cryptography Know about hash function and digital signatures Recognize security practice and system security Gain knowledge in email and web security Cryptography & Network Security - William Stallings 6th Edition
  • 4. 14ITT71-CryptographyandNetworkSecurity Learning Objectives After studying this chapter, you should be able to: 1. Describe the key security requirements of confidentiality, integrity, and availability. 2. Discuss the types of security threats and attacks that must be dealt with and give examples of the types of threats and attacks that apply to different categories of computer and network assets. 3. Summarize the functional requirements for computer security. Describe the X.800 security architecture for OSI.
  • 5. 14ITT71-CryptographyandNetworkSecurity Computer Security The field of network and Internet security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information. 
 C A B Employee Manager Server Fired Invalidate Employees Account Confirmation ?
  • 6. 14ITT71-CryptographyandNetworkSecurity Computer Security The NIST Computer Security Handbook defines the term computer security as: “ the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of i n f o r m a t i o n s y s t e m resources” (includes hardware, software, firmware, information/ data, and telecommunications)
  • 7. 14ITT71-CryptographyandNetworkSecurity Three key objectives that are at the heart of computer security • Confidentiality • Integrity • Availability Figure 1.1 Essential Network and Computer Security Requirements Data and services Availability Integrity Accountability Authenticity Confidentiality
  • 8. 14ITT71-CryptographyandNetworkSecurity CIA triad • Confidentiality: Preserving authorised restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorised disclosure of information. 
 • Integrity: Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorised modification or destruction of information. 
 • Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system. 

  • 9. 14ITT71-CryptographyandNetworkSecurity CIA triad + AA • Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source • Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after- action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes. 

  • 10. 14ITT71-CryptographyandNetworkSecurity The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals High Moderate Low Breach of Security & its Impacts
  • 11. 14ITT71-CryptographyandNetworkSecurity Security is not simple Potential attacks on the security features need to be considered Security mechanisms typically involve more than a particular algorithm or protocol Security is essentially a battle of wits between a perpetrator and the designer Procedures used to provide particular services are often counter-intuitive Little benefit from security investment is perceived until a security failure occursIt is necessary to decide where to use the various security mechanisms Requires constant monitoring Is too often an afterthought Strong security is often viewed as an impediment to efficient and user-friendly operation Computer Security Challenges
  • 12. 14ITT71-CryptographyandNetworkSecurity OSI Security Architecture 1. Security attack • Any action that compromises the security of information owned by an organisation 2. Security mechanism • A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack 3. Security service • A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization • Intended to counter security attacks, and they make use of one or more security mechanisms to provide the service
  • 15. 14ITT71-CryptographyandNetworkSecurity Security Attacks A passive attack attempts to learn or make use of information from the system but does not affect system resources (a) Passive attacks Alice (b) Active attacks Figure 1.2 Security Attacks Bob Darth Internet or other comms facility Bob Darth Alice Internet or other comms facility 1 2 3 An active attack attempts to alter system resources or affect their operation
  • 16. 14ITT71-CryptographyandNetworkSecurity Passive Attacks Two types of passive attacks are: • The release of message contents • Traffic analysis
  • 17. 14ITT71-CryptographyandNetworkSecurity Active Attacks • Involve some modification of the data stream or the creation of a false stream • Difficult to prevent because of the wide variety of potential physical, software, and network vulnerabilities • Goal is to detect attacks and to recover from any disruption or delays caused by them • Takes place when one entity pretends to be a different entity • Usually includes one of the other forms of active attack Masquerade • Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect Replay • Some portion of a legitimate message is altered, or messages are delayed or reordered to produce an unauthorized effect Modification of messages • Prevents or inhibits the normal use or management of communications facilities Denial of service
  • 18. 14ITT71-CryptographyandNetworkSecurity Security Services • Defined by X.800 as: •A service provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers • Defined by RFC 4949 as: •A processing or communication service provided by a system to give a specific kind of protection to system resources
  • 20. 14ITT71-CryptographyandNetworkSecurity Authentication Concerned with assuring that a communication is authentic • In the case of a single message, assures the recipient that the message is from the source that it claims to be from • In the case of ongoing interaction, assures the two entities are authentic and that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties Two specific authentication services are defined in X.800: Peer entity authentication Data origin authentication
  • 21. 14ITT71-CryptographyandNetworkSecurity Access Control • The ability to limit and control the access to host systems and applications via communications links • To achieve this, each entity trying to gain access must first be indentified, or authenticated, so that access rights can be tailored to the individual
  • 22. 14ITT71-CryptographyandNetworkSecurity Data Confidentiality The protection of transmitted data from passive attacks • Broadest service protects all user data transmitted between two users over a period of time • Narrower forms of service includes the protection of a single message or even specific fields within a message The protection of traffic flow from analysis • This requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility
  • 23. 14ITT71-CryptographyandNetworkSecurity Data Integrity Can apply to a stream of messages, a single message, or selected fields within a message Connection-oriented integrity service, one that deals with a stream of messages, assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays A connectionless integrity service, one that deals with individual messages without regard to any larger context, generally provides protection against message modification only
  • 24. 14ITT71-CryptographyandNetworkSecurity Nonrepudiation • Prevents either sender or receiver from denying a transmitted message • When a message is sent, the receiver can prove that the alleged sender in fact sent the message • When a message is received, the sender can prove that the alleged receiver in fact received the message
  • 25. 14ITT71-CryptographyandNetworkSecurity Availability Service • Protects a system to ensure its availability • This service addresses the security concerns raised by denial-of- service attacks • It depends on proper management and control of system resources and thus depends on access control service and other security services
  • 26. 14ITT71-CryptographyandNetworkSecurity Security Mechanisms (X.800) Specific Security Mechanisms •Encipherment •Digital signatures •Access controls •Data integrity •Authentication exchange •Traffic padding •Routing control Pervasive Security Mechanisms •Trusted functionality •Security labels •Event detection •Security audit trails •Security recovery
  • 29. 14ITT71-CryptographyandNetworkSecurity Model for Network Security Information Channel Security-related transformation Sender Secret information Message Message Secure message Secure message Recipient Opponent Trusted third party (e.g., arbiter, distributer of secret information) Figure 1.5 Model for Network Security Security-related transformation Secret information
  • 30. 14ITT71-CryptographyandNetworkSecurity Network Access Security Model Computing resources (processor, memory, I/O) Data Processes Software Internal security controls Information System Gatekeeper function Opponent —human (e.g., hacker) —software (e.g., virus, worm) Figure 1.6 Network Access Security Model Access Channel
  • 31. 14ITT71-CryptographyandNetworkSecurity Review Questions • What is the OSI security architecture? • What is the difference between passive and active security threats? • List and briefly define categories of passive and active security attacks. • List and briefly define categories of security services. • List and briefly define categories of security mechanisms. 

  • 32. 14ITT71-CryptographyandNetworkSecurity Review Questions 1. Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement. 2. Consider a desktop publishing system used to produce documents for various organizations. • Give an example of a type of publication for which confidentiality of the stored data is the most important requirement. • Give an example of a type of publication in which data integrity is the most important requirement. • Give an example in which system availability is the most important requirement.
  • 33. 14ITT71-CryptographyandNetworkSecurity Review Questions 1. Draw a matrix similar to Slide No 28 that shows the relationship between security services and attacks. 2. For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers. a. An organization managing public information on its Web server.
 b. A law enforcement organization managing extremely sensitive investigative 
 information.
 c. A financial organization managing routine administrative information (not 
 privacy-related information).
 d. An information system used for large acquisitions in a contracting organization 
 contains both sensitive, pre-solicitation phase contract information and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole. 
 e. A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installa- tion. The SCADA system contains both real-time sensor data and routine admin- istrative information. Assess the impact for the two data sets separately and the information system as a whole.