17912 Information Security

8/13/2019 17912 Information Security

1/29

Information security

CAP194


2/29

CHAPTER-1

COMPUTER SECURITY CONCEPTS


3/29

INTRODUCTION

We use computers for everything from banking and

investing to shopping and communicating with

others through email or chat programs.

Although you may not consider yourcommunications "top secret," you probably do not

want strangers reading your email, using your

computer to attack other systems, sending forged

email from your computer, or examining personal

information stored on your computer (such as

financial statements)


4/29

Computer security is the process of preventing and

detecting unauthorized use of your computer.

Prevention measures help you to stop unauthorized

users (also known as "intruders") from accessing anypart of your computer system.

Detection helps you to determine whether or not

someone attempted to break into your system, if

they were successful, and what they may have done.


5/29

Network and Internet security

measures to protect data during theirtransmission. (communication channel)

Consists of measures to deter, prevent, detect

and correct security violations that involvesthe transmission of information.


6/29

Eg: User A transmits a file to user B.The file

contains sensitive information (e.g., payroll

records) that is to be protected from

disclosure. User C, who is not authorized to

read the file, is able to monitor the

transmission and capture a copy of the file

during its transmission


7/29

Aim of course

our focus is on Internet Security

which consists of measures to deter, prevent,

detect, and correct security violations that

involve the transmission & storage of

information


8/29

Computer security

The protection afforded to an automated

information system in order to attain the

applicable objectives of preserving the

integrity, availability and confidentiality of

information system resources.


9/29

Three key objectives of security

Also called CIA traids.

Confidentiality

Integrity

Availability


10/29

Confidentiality (disclosure of information)

Data confidentiality

Privacy

Integrity (modification of information)

Data integrity

System integrity

Availability

Accountability

Authenticity


11/29

OSI Security Architecture

defines a systematic way of defining and

providing security requirements

for us it provides a useful, if abstract, overview

of concepts we will study.


12/29

Aspects of Security

consider 3 aspects of information security:

security attack

security mechanism

security service


13/29

Security Attack

any action that compromises the security of

information owned by an organization

information security is about how to prevent attacks,

or failing that, to detect attacks on information-based systems

often threat& attackused to mean same thing

have a wide range of attacks can focus of generic types of attacks

passive

active


14/29

Active Attack

Modification of data

Types

Masquerade (pretending to be someone else)

Replay (retransmission of messages)

Modification of messages( modification of

messages)

Denial of service (suppress all messages )


15/29

Masquerade


16/29

Replay


17/29

Modification of messages


18/29

Denial of service


19/29

Passive Attacks

No alteration of data

Difficult to detect as there is no modification

of data.

Types

Release of message contents (reading the

contents)

Traffic analysis (data pattern)

For prevention , need to use encryption.


20/29


21/29


22/29


23/29

Services

Authentication

Access of control

Data confidentiality Data integrity

Non repudiation: means to ensure that a transferred messagehas been sent and received by the parties claiming to have sent and

received the message. Non-repudiation is a way to guarantee that thesender of a message cannot later deny having sent the message and that

the recipient cannot deny having received the message.


24/29

Authentication

Peer entity authentication

Data origin authentication

Access Control

Data Confidentiality

Connection confidentiality

Connectionless confidentiality

Selective field Confidentiality

Traffic Flow Confidentiality


25/29

Data Integrity

Connection integrity with recovery

Connection integrity without recovery

Selective field connection integrity

Connectionless integrity

Selective field connectionless integrity

Non-repudiation

Non repudiation,origin

Non repudiation, destination


26/29

Security Mechanisms

A process that is designed to detect, prevent

or recover from security attack.

Types:

Specific security mechanisms

Pervasive security mechanisms


27/29

Specific Security Mechanism

Encipherment

Digital Signature

Access control Data integrity

Authentication exchange

Traffic padding

Routing control

Notarization


28/29

Pervasive security mechanism

Trusted functionality (certain criteria/policies)

Security label (trademarks/brands)

Event detection Security Audit trail

Security Recovery


29/29

It is important to note the distinction between a

security service, i.e. what is provided for a system,

and a security mechanism, i.e. the means by which a

service is provided. Hence confidentialityis a service, whereas encryption

is a mechanism which can be used to provide

confidentiality. In fact encryption can be used to

provide other services, and data confidentiality canalso be provided by means other than encryption

(e.g. by physical protection of data).

Date post:	03-Jun-2018
Category:	Documents
Upload:	jigar-patel
View:	224 times
Download:	0 times

17912 Information Security

Documents