2. Principles of security
Confidentiality – only sender and receiver have access to data
Authentication – who is who?
Integrity – data/msg travels without alteration(Modification)
Non-repudation – do not allow sender/r to deny the claim of not sending/r the msg
Availability – resource/service must be available to authentic users(DOS)
Access Control – Role & Rule mgmt.
3. Types of attacks
Passive – doesn’t involve modification(traffic analysis)
Active - modification happens in some way(Modification,DOS)
Packet sniffing
Packet spoofing
Phishing – fraudal attempt to steal info.
Socially engineered
4. Cryptography
Plain text – message – language easily understood
Cipher text – encrypted message – language cannot be understood
Cryptography – Art of hiding messages
Cryptos=hidden/secret
Graphein=to write
5. Cryptography techniques
Substitution cipher – subs one alphabet with another (Caesar)
Transposition cipher – changing the position/arrangement of alphabets
(Rail Fence)
7. Types of cryptography
Symmetric key
Same key for enc. dec.
very fast
Key distribution prob
Asymmetric key
Key pair
Slow
Exponentiation & Modulus
RSA-(Rivest-Shamir-Adleman)
8. Hashing and Digital Sign.
Hash – unique representation of a message similar to human fingerprint
Digital signature – Hashing algos – MD5(128),SHA-1(160),SHA-2
9. Data level security
SaaS
App
Middleware
Guest OS
Hypervisor
Storage
H/W
N/W
PaaS
App
Middleware
Guest OS
Hypervisor
Storage
H/W
N/W
IaaS
App
Middleware
Guest OS
Hypervisor
Storage
H/W
N/W
11. Issues with Service Providers
Creation –
What is confidential/can be shared?
Rights & permissions while creation
Storage –
Where is my data?
How its separated from other users’ data?
Which data will be encrypted & how?
Key types and permissions?
Is govt. Able to seize it?
Backup & recovery
12. Issues with Service Providers
Usage and Sharing -
Is the data intact? (auditing and accounting)
Logs?
Is it encrypted while in transit?
Achieving –
Type of media used?
Destruction(Data Remanence) –
Are all the redundant copies deleted?
How to ensure that?