Scribd
Upload
4 views23 pages

Lecture 1

The document provides an overview of cryptography and network security, focusing on key concepts such as confidentiality, integrity, authentication, and the OSI security architecture. It categorizes security attacks into passive and active types, and discusses various security services and mechanisms aimed at protecting information systems. Additionally, it highlights the importance of data confidentiality, integrity, and nonrepudiation in maintaining secure communications.

Uploaded by

vtsrykqs42
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views23 pages

Lecture 1

The document provides an overview of cryptography and network security, focusing on key concepts such as confidentiality, integrity, authentication, and the OSI security architecture. It categorizes security attacks into passive and active types, and discusses various security services and mechanisms aimed at protecting information systems. Additionally, it highlights the importance of data confidentiality, integrity, and nonrepudiation in maintaining secure communications.

Uploaded by

vtsrykqs42
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Cryptography

and Network
Security
by William Stallings
LECTURE1

Overview
CLO

 CLO1. Explain basic concepts of cryptography in


terms of confidentiality, integrity and authentication

3
“The combination of space, time, and strength
that must be considered as the basic elements of
this theory of defense makes this a fairly
complicated matter. Consequently, it is not easy to
find a fixed point of departure.”
— On War,
Carl Von Clausewitz

4
Computer Security

 The NIST Computer Security Handbook defines the


term computer security as:
“the protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality of
information system resources” (includes
hardware, software, firmware, information/
data, and telecommunications)

5
The field of network and
Internet security consists of:

measures to deter,
prevent, detect, and
correct security violations
that involve the
transmission of
information

6
Computer Security Objectives

Confidentiality
• Data confidentiality
• Assures that private or confidential information is not made available or disclosed to
unauthorized individuals
• Privacy
• Assures that individuals control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed

Integrity
• Data integrity
• Assures that information and programs are changed only in a specified and authorized
manner
• System integrity
• Assures that a system performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the system

Availability
• Assures that systems work promptly and service is not denied to authorized
users 7
CIA Triad

8
Possible additional
concepts:

Authenticity Accountability
• Verifying that users • The security goal that
are who they say generates the
they are and that requirement for
each input arriving at actions of an entity to
the system came from be traced uniquely to
a trusted source that entity

9
Breach of Security
Levels of Impact

• The loss could be expected to have a severe or


High catastrophic adverse effect on organizational
operations, organizational assets, or individuals

• The loss could be expected to have a


Moderate serious adverse effect on
organizational operations,
organizational assets, or individuals

• The loss could be expected


to have a limited adverse
Low effect on organizational
operations, organizational
assets, or individuals
10
OSI Security Architecture

 Security attack
 Any action that compromises the security of information
owned by an organization
 Security mechanism
 A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security
attack
 Security service
 A processing or communication service that enhances the
security of the data processing systems and the
information transfers of an organization
 Intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service
11
Threats and Attacks

12
Security
Attacks
•A means of classifying security
attacks, used both in X.800 and
RFC 4949, is in terms of passive
attacks and active attacks

•A passive attack attempts to


learn or make use of information
from the system but does not
affect system resources

•An active attack attempts to


alter system resources or affect
their operation
Passive
Attacks

• Are in the nature of


eavesdropping on, or
monitoring of, transmissions
• Goal of the opponent is to  Two types of passive
obtain information that is
being transmitted attacks are:
 The release of
message contents
 Traffic analysis
Active Attacks

 Involve some modification of the


data stream or the creation of a • Takes place when one entity
pretends to be a different entity
false stream Masquerade • Usually includes one of the other
forms of active attack
 Difficult to prevent because of the
wide variety of potential physical,
software, and network • Involves the passive capture of a
vulnerabilities Replay data unit and its subsequent
retransmission to produce an
 Goal is to detect attacks and to unauthorized effect
recover from any disruption or
delays caused by them
• Some portion of a legitimate
Modification message is altered, or messages
of messages are delayed or reordered to
produce an unauthorized effect

Denial of • Prevents or inhibits the normal


use or management of
service communications facilities
Authentication

 Concerned with assuring that a communication is


authentic
 In the case of a single message, assures the recipient that
the message is from the source that it claims to be from
 In the case of ongoing interaction, assures the two entities
are authentic and that the connection is not interfered with
in such a way that a third party can masquerade as one
of the two legitimate parties

Two specific authentication services are defined in X.800:

• Peer entity authentication


• Data origin authentication
16
Access Control

 The ability to limit and control the access to host


systems and applications via communications
links
 To achieve this, each entity trying to gain access
must first be indentified, or authenticated, so
that access rights can be tailored to the
individual

17
Data Confidentiality

 The protection of transmitted data from passive


attacks
 Broadest service protects all user data transmitted
between two users over a period of time
 Narrower forms of service includes the protection of a
single message or even specific fields within a message
 The protection of traffic flow from analysis
 This requires that an attacker not be able to observe
the source and destination, frequency, length, or other
characteristics of the traffic on a communications facility
18
Data Integrity

Can apply to a stream of messages, a single


message, or selected fields within a message

Connection-oriented integrity service, one that deals


with a stream of messages, assures that messages
are received as sent with no duplication, insertion,
modification, reordering, or replays

A connectionless integrity service, one that deals with


individual messages without regard to any larger
context, generally provides protection against
message modification only

19
Nonrepudiation

 Prevents either sender or receiver from denying a


transmitted message
 When a message is sent, the receiver can prove that
the alleged sender in fact sent the message
 When a message is received, the sender can prove
that the alleged receiver in fact received the message

20
Model for Network Security

21
Summary

 Computer security  Security services


concepts  Authentication
 Definition  Access control
 Examples  Data confidentiality
 Challenges  Data integrity

 The OSI security  Nonrepudiation

architecture  Availability service

 Security attacks  Security mechanisms


 Passive attacks
 Active attacks
Reference

 Cryptography and Network Security”, 6/e, by


William Stallings

You might also like