Scribd
Upload
42 views30 pages

Internet Security Fundamentals Explained

This document provides an overview of cryptography and network security. It discusses the CIA triad and levels of impact. The aim is on internet security using the OSI security architecture. Security attacks can be passive like traffic analysis, or active like modification of messages. Security services like authentication, access control, and data confidentiality are discussed. Security mechanisms are features to prevent, detect, or recover from attacks using algorithms and secret keys. Models for network and access security are also presented.

Uploaded by

Himani GS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Topics covered

  • Password Protection,
  • Traffic Padding,
  • Replay Attacks,
  • Security Policies,
  • Digital Signatures,
  • Threat Detection,
  • Data Integrity,
  • Security Transformation,
  • Trusted Functionality,
  • Active Attacks
42 views30 pages

Internet Security Fundamentals Explained

This document provides an overview of cryptography and network security. It discusses the CIA triad and levels of impact. The aim is on internet security using the OSI security architecture. Security attacks can be passive like traffic analysis, or active like modification of messages. Security services like authentication, access control, and data confidentiality are discussed. Security mechanisms are features to prevent, detect, or recover from attacks using algorithms and secret keys. Models for network and access security are also presented.

Uploaded by

Himani GS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Topics covered

  • Password Protection,
  • Traffic Padding,
  • Replay Attacks,
  • Security Policies,
  • Digital Signatures,
  • Threat Detection,
  • Data Integrity,
  • Security Transformation,
  • Trusted Functionality,
  • Active Attacks

Cryptography and

Network Security
Chapter 1

[Link]
Assistant Professor
MITE
• CIA TRIAD ---- define security objectives
3 levels of impact on
organization or indiviual

• Low-- loss will have limited effect on organization


• Moderate---- loss will have serious effect on Org.
• High---loss will have severe or catastrophic adverse effect
on Org.
Aim of Course
our focus is on Internet Security
which consists of measures to deter,
prevent, detect, and correct security
violations that involve the transmission &
storage of information
OSI Security Architecture
ITU-T X.800 “Security Architecture for OSI”
defines a systematic approach of defining
and providing security requirements
Useful to managers to organize their task
Security Attack
any action that compromises the security of
information owned by an organization
information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
often threat & attack used to mean same thing
have a wide range of attacks
can focus of generic types of attacks
 passive
 active
Passive Attacks
Passive Attacks


Release of message content

Traffic Analysis
Active Attacks
Active Attacks

Masquerade

Replay

Modification of messages

Denial of Service
Security Service
 enhance security of data processing systems
and information transfers of an organization
 intended to counter security attacks

 using one or more security mechanisms

 often replicates functions normally associated

with physical documents


• which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction;
be notarized or witnessed; be recorded or licensed
Security Services (X.800)
Authentication - assurance that the
communicating entity is the one claimed
Access Control - prevention of the unauthorized
use of a resource
Data Confidentiality –protection of data from
unauthorized disclosure
Data Integrity - assurance that data received is
as sent by an authorized entity
Non-Repudiation - protection against denial by
one of the parties in a communication
Security Services (X.800)

Authentication

Peer entity authentication

Data origin authentication

Access control

Data confidentiality

Connection confidentiality

Connectionless confidentiality --- data block

Selective field confidentiality

Traffic flow confidentiality-- protection from traffic
analysis
Security Services (X.800)

Data integrity --- ensures that data received is
as its sent

Connection integrity with recovery – detects any
modification with recovery

Connection integrity without recovery---

Selective field connection integrity

Connectionless integrity

Selective field connection less integrity
Security Services (X.800)

Non repudiation --- denial by one of entities

Non repudiation,origin --proof that msg was sent
by specified party

Non repudiation, destination
Security Mechanism
feature designed to detect, prevent, or
recover from a security attack
no single mechanism that will support all
services required
Implemented in particular layer & those
that r not specific to any layer
Security Mechanisms (X.800)
specific security mechanisms:
protocol layer
1) Encipherment
2) Digital signatures -- data appended Prove the
source & integrity of data, protection against forgery
3) access controls --- access right of resources
4) data integrity --- assure integrity of data
5) authentication exchange ---- ensure identity of entity
6) traffic padding--- prevent traffic analysis
7) routing control --- select secure routes when breach
is suspected
8) notarization---- use trusted third party to assure
properties of data exchange
Pervasive security mechanisms

• Not specific to any OSI security service or protocol


layer
pervasive security mechanisms:

trusted functionality---- correct respect to criteria
(security policies)

security labels---- marking to resources

event detection --- detect security related events

security audit trails ---- review , examination of
records

security recovery ---recovery actions taken
Model for Network Security
• All techniques have 2 components:

• Security related transformation-- algorithm


• Secret information --- key
Model for Network Security
using this model requires 4 basic task:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used

by the algorithm
3. develop methods to distribute and share the

secret information
4. specify a protocol enabling the principals to

use the transformation and secret information


for a security service
Model for Network Access
Security

2 kinds of threats

Information access threats --- intercept or
modify data

Service threats ---- exploit service flaws in
computer


Hacker- attempt to penetrate system

--- simply gets satisfaction by breaking / entering
system

--- disgruntled employee

---- criminal who exploit for financial gain
Model for Network Access
Security
using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only

authorised users access designated information


or resources
trusted computer systems may be useful to
help implement this model
gatekeeper functions -----password based login
procedures ---- authorised users
Screening logic- --- detect and reject worms viruses
Unwanted users & softwares are detected

You might also like