Infomation System Security

  • 1,920 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,920
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
0
Comments
0
Likes
3

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Presented By : O8-SE-59 O8-SE-75 INFORMATION SYSTEM SECURITY
  • 2. OVERVIEW
    • What is security?
    • Why Information System Security?
    • Vulnerability, Threat and Attack.
    • ISS objectives
    • Cipher system
    • Cryptography
  • 3. WHAT IS SECURITY?
    • Prevention : take measures that prevent your assets from being damaged.
    • Detection : take measures so that you can detect when, how, and by whom an asset has been damaged.
    • Reaction : take measures so that you can recover your assets or to recover from a damage to your assets
  • 4. EXAMPLES
    • Ex. 1 - Private property
      • Prevention: locks at doors, window bars, walls around the property.
      • Detection: stolen items aren’t there any more, burglar alarms, CCTV, …
      • Reaction: call the police,…
    • Ex. 2 - ecommerce
      • Prevention: encrypt your orders, rely on the merchant to perform checks on the caller,…
      • Detection: an unauthorized transaction appears on your credit card statement
      • Reaction: complain, ask for a new credit card number, …
  • 5. INFORMATION SYSTEM SECURITY
    • ISS deals with
      • Security of (end) systems
        • Examples: Databases, files in a host, records, operating system, accounting information, logs, etc.
      • Security of information in transit over a network
        • Examples: confidential e-mails, file transfers, record transfers, e-commerce transactions, online banking, authorization messages, etc.
  • 6. INFORMATION SYSTEM SECURITY (ISS)? Security Services Attackers Security Mechanisms Security Architecture Information System (file, message) Policies
  • 7. VULNERABILITY, THREAT, ATTACK
    • A vulnerability : is a weakness in security system
      • Can be in design, implementation, etc.
      • Can be hardware, or software
    • A threat : is a set of circumstances that has the potential to cause loss or harm
      • Or it’s a potential violation of security
      • Threat can be:
        • Accidental (natural disasters, human error, …)
        • Malicious (attackers, insider fraud, …)
    • An attack : is the actual violation of security
  • 8. ISS OBJECTIVES
    • Confidentiality : keeping information secret from all but those who are authorized to see it.
      • Secrecy, privacy
    • Data integrity : ensuring information has not been altered by unauthorized or unknown means
    • Entity authentication: corroboration of the identity of an entity (e.g., a person, a credit card, etc.)
      • Identification, identity verification
    • Controlled Access:
      • Role based security.
  • 9. A CIPHER SYSTEM ( achieving confidentiality) ciphertext Encryption algorithm Decryption algorithm encryption key decryption key plaintex t plaintext Interceptor Sender (Alice) Receiver (Bob)
  • 10. ISS IN GENERAL
    • An information security service is a method to provide some specific aspects of security
        • Confidentiality is a security objective, encryption is an information security service
        • I ntegrity is another security objective, a method to ensure integrity is a security service.
    • Breaking a security service implies defeating the objective of the intended service
  • 11. CRYPTOGRAPHY
    • Cryptography is a means of providing information security.
    • Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, integrity, authentication, and non-repudiation which form the main goals of cryptography
  • 12. CRYPTOLOGY CRYPTOLOGY CRYPTOGRAPHY CRYPTANALYSIS symmetric-key asymmetric-key Block Cipher Stream Cipher Integer Factorization Discrete Logarithm
  • 13. EXAMPLE
    • O riginal message was,
    • 'GIVETWOMILLION' ! Plaintext
    • Encoding the message with 'Shift by 3' and produced the message as
    • 'JLYHWZRPLOORQ'! Ciphertext
    • Which obviously is in an unreadable format unless you know the method of deciphering .
  • 14. CRYPTOGRAPHY
    • Cryptanalysis: the study of mathematical techniques for attempting to defeat cryptographic techniques
    • Cryptanalyst: is the one who engages in cryptography
    • Cryptology: the study of cryptanalysis and cryptography
    • Cryptosystem: is a general term referring to a set of cryptographic primitives used to provide information security services.
  • 15. CRYPTOGRAPHY
    • Cryptographic techniques are divided into 2 types:
      • Symmetric-key Cryptography
      • Asymmetric-key Cryptography
  • 16. SYMMETRIC-KEY SYSTEMS
    • Same key for encryption and decryption
    • Key distribution problem
    • Practical cipher systems prior to the 1980’s were symmetric cipher systems.
  • 17. TYPES OF SYMMETRIC CIPHERS
    • Stream ciphers
      • encrypt one bit at time
    • Block ciphers
      • Break plaintext message in equal-size blocks
      • Encrypt each block as a unit
  • 18. SYMMETRIC-KEY SYSTEMS Locking Unlocking =
  • 19. ASYMMETRIC-KEY SYSTEMS
    • Relatively new field – 1975
    • Each entity has 2 keys:
      • Private key (a secret)
      • Public key (well known)
  • 20. ASYMMETRIC-KEY SYSTEMS (cont…)
    • encryption
    • plaintext ciphertext
    • public key
    • decryption
    • ciphertext plaintext
    • private key
  • 21. ASYMMETRIC-KEY SYSTEMS (cont…)
    • Impossible to determine the decryption key from the encryption key.
    • Public and private must be different
    • Interchangeably used with public key cipher systems.
  • 22. TYPES OF ASYMMETRIC-KEY SYSTEM
    • Integer Factorization
    • Sender
      • Plaintext 6*11 = 66 ciphertext
      • Receiver
      • (2,33),(3,22),(6,11)
    • Discrete Logarithm
  • 23. ASYMMETRIC-KEY SYSTEMS (cont…) Only a key holder can unlock Anyone can lock
  • 24. CONCLUSION
    • The impact of a security breach may be far greater than you would expect. The loss of sensitive information may not only affect your competitiveness but also damage your reputation - something which may have taken you years to establish and which may be impossible to restore….!!
  • 25.
    • Thank you..!