Chap. 1: Introduction



Similar documents
Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Cryptography and Network Security

Information System Security

Cryptography and Network Security Chapter 1

544 Computer and Network Security

COSC 472 Network Security

CSCI 4541/6541: NETWORK SECURITY

Notes on Network Security - Introduction

IY2760/CS3760: Part 6. IY2760: Part 6

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Introduction to Security

Table: Security Services (X.800)

Content Teaching Academy at James Madison University

Network Security. Network Security Hierarchy. CISCO Security Curriculum

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Cryptography and Network Security: Overview

Introduction. -- some basic concepts and terminology -- examples for attacks on protocols -- main network security services

INTERNATIONAL TELECOMMUNICATION UNION $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52) #452%!.$!00,)#!4)/.

INTERNATIONAL TELECOMMUNICATION UNION DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS

Overview of computer and communications security

Information Security Basic Concepts

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Introduction to Internet Security

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

Chapter 6: Fundamental Cloud Security

MSIT-121C (Elective 2): Cryptography and Network Security

CS 203 / NetSys 240. Network Security

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Module 7 Security CS655! 7-1!

Skoot Secure File Transfer

How To Protect Your Data From Being Hacked On A Network (Kerberos) On A Pc Or Mac Or Ipad (Ipad) On An Ipad Or Ipa (Networking) On Your Computer Or Ipam (Network

Lecture II : Communication Security Services

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

TELECOMMUNICATION NETWORKS

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Telecommunication security. Framework of security technologies for home network

Compter Networks Chapter 9: Network Security

Security Goals Services

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Basics of Internet Security

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Cybersecurity for the C-Level

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Information Security

Is your data safe out there? -A white Paper on Online Security

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Lesson 4: Introduction to network security

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Evaluate the Usability of Security Audits in Electronic Commerce

How To Write A Transport Layer Protocol For Wireless Networks

Application Intrusion Detection

Defense Message System Messaging, Directory Services, and Security Services

Electronic Data Interchange (EDI) Messaging Security

Chapter 10. Cloud Security Mechanisms

Network Security 101 Multiple Tactics for Multi-layered Security

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

CRYPTOGRAPHY IN NETWORK SECURITY

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Network Security. Chapter 1 Introduction. Network Security IN2101. Georg Carle. Course organization

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

CS5008: Internet Computing

Defense in Cyber Space Beating Cyber Threats that Target Mesh Networks

Weighted Total Mark. Weighted Exam Mark

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

Introduction to Computer Security

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Wireless Network Security

CSE/EE 461 Lecture 23

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

EE5723/EE4723. Computer & Network Security. Course Coverage. Prerequisites. Course Logistics. Truly a Network Security course

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

MANAGEMENT OF SECURE SYSTEMS AND SECURITY WITHIN OSI 1

Potential Targets - Field Devices

TELE 301 Network Management. Lecture 18: Network Security

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Security vulnerabilities in the Internet and possible solutions

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Intrusion Detection for Mobile Ad Hoc Networks

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. March 19, 2015

An Introduction to Cryptography and Digital Signatures

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)

Transcription:

Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed to protect data and to thwart hackers Network Security protect data during their transmission In fact, there is no clear boundaries between these two forms of security This course focuses on internet security consists of measures to deter ( ), prevent ( ), detect ( ), and correct ( ) security violations that involve the transmission of information Cryptography 1 2

Examples of security violations Confidentiality the message transmitted from A to B was intercepted by an unauthorized user C Authentication user F transmits a message to E as if it had come from D Nonrepudiation F denies sending a message to E Integrity F intercepts the message transmitted from D to E, alters the contents and then forwards the message to E Cryptography 1 3 Attacks, Services, and Mechanisms Security Attack any action that compromises the security of information Security Mechanism designed to detect, prevent, or recover from a security attack Security Service enhances the security of data processing system and the information transfers, uses one or more security mechanisms to counter security attacks Cryptography 1 4

Security Aspects Concerning Paper Document Paper documents typically have signatures and dates May need to be protected from disclosure, tampering, or destruction May be notarized or witnessed May be recorded licensed Cryptography 1 5 Security Aspects Concerning Electronic Document To provide electronic documents with the above functions is more challenging It is hard to discriminate between the original and its copies Alternation of bits in electronic documents leaves no physical trace The proof process of of a physical document depends on the physical characteristics of that document (e.g., handwritten signature or an embossed notary seal); whereas the proof of authenticity of an electronic document must be based on internal evidence present in the information itself. Cryptography 1 6

Classification of Security Services Confidentiality ensures that information in a computer system or transmitted information are accessible by authorized parties Authentication ensures that the origin of a message or electronic document is correctly identified Integrity ensures that only authorized parties are able to modify computer system assets and transmitted information, including writing, changing, changing status, deleting, creating, delaying, or replaying transmitted information Nonrepudiation neither the sender nor the receiver of a message be able to deny the transmission Access control access to information resources may be controlled by or for the target system Availability computer system assets be available to authorized parties when available Cryptography 1 7 Security Mechanisms No single mechanism will provide all the services required One that underlies most of the security mechanism is cryptographic mechanism See Table 1.2 for some examples of security attacks Cryptography 1 8

The OSI Security Architecture ITU-T Recommendation X.800, Security Architecture for OSI Defines a systematic way of defining and providing security requirements Focuses on security services, mechanisms, and attacks Cryptography 1 9 X.800 Security Services X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources Security services implement security polices, and are implemented by security mechanisms Security Polices Security Services Security Mechanisms Cryptography 1 10

X.800 - Security Services Categories Authentication assuring that the communicating entity is the one that it claims to be Peer entity authentication Data origin authentication Access control prevention of unauthorized use of a resource Confidentiality protection of data from unauthorized disclosure Data Integrity assures that data received are exactly as sent by an authorized entity (i.e., with no modification, insertion, deletion, or replays) Nonrepudiation prevents either sender or receiver from denying a transmitted message Cryptography 1 11 X.800 Security Mechanisms specific security mechanisms: Encipherment digital signatures access controls data integrity authentication exchange traffic padding routing control notarization pervasive security mechanisms: trusted functionality, security labels, event detection, security audit trails, security recovery Cryptography 1 12

X.800 Security Attacks Two types of attacks passive attack, active attack Passive attacks Eavesdropping on, or monitoring of, transmission The goal of an opponent is to obtain information being transmitted Two types of passive attacks Release of message contents Traffic analysis It is very difficult to detect passive attacks To prevent passive attack is usually by means of encryption Cryptography 1 13 X.800 Active Attacks Active attacks involves some modification of the data stream or the creation of a false stream Four categories of active attacks: Masquerade one entity pretends to be a different entity Replay the passive capture of a data unit and its subsequent retransmission to produce unauthorized effect Modification of Message some portion of a legitimate message is altered, or that messages are delayed, to produce unauthorized effect Denial of Service prevents or inhibits the normal use or management of communications facilities Cryptography 1 14

A Model for Network Security Sender Recipient Cryptography 1 15 A Model for Network Security (cont.) Four basic tasks in designing a particular security service: An algorithm for performing the security-related transformation Generate the secret information to be used with the algorithm Develop method for the distribution and sharing of the secret information Specify a protocol to be used by the two principals that make use of the security algorithm and the secret information to achieve a particular security service Cryptography 1 16

Network Access Security Model Cryptography 1 17 Network Access Security Model (cont.) Opponents Human (e.g., hackers) Software (e.g., virus, worm) Information access threats intercept or modify data on behalf of users who should not have access to the data Service threats exploit service flaws in computers to inhibit use by legitimate users Security mechanism Gatekeeper function includes password-based login procedure and screening logic internal controls monitor activity and analyze stored information Cryptography 1 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information