Security Introduction
Potential attacks
Positive attacks
Active attacks
Cryptography
Terminologies
Symmetric and asymmetric
authentication
types of authentication
approaches to authentication
user login
access control
protection domains
design signature
design principle
2. Security- introduction
• Computer systems store large amount of information, some of
which is highly sensitive and valuable to their users.
• Users can trust the system and rely on it only if the various
resources and information of a computer system are protected
against destruction and unauthorized access.
• Obviously, the security requirements are different for different
computer systems depending on the environment in which
they are supposed to operate.
3. • Some of the common goals of computer security are as
follows:
1) Secrecy: Information within the system must be accessible
only to authorized users.
2) Privacy: Misuse of information must be prevented. That
is, a piece of information given to a user should be used only
for the purpose for which it was given.
3)Authenticity: When a user receives some data, the user
must be able to verify its authenticity.
4) Integrity: Information within the system must be protected
against accidental destruction or intentional corruption by an
unauthorized user
4. Potential attacks to computer
system
• The first step in the provision of appropriate computer security
is to identify the potential threats/attacks to computer systems.
• The term intruder or attacker is commonly used to refer to a
person or program trying to obtain unauthorized access to data
or a resource of a computer system.
5. • An intruder may be a threat to computer security in many
ways that are broadly classified into two categories:
1) Positive attacks
2) Active attacks
• A positive attack does not cause any harm to the system being
threatened , whereas an active attack does.
6. Positive attacks
• In positive attacks, an intruder somehow tries to steal
unauthorized information from the computer system without
interfering with the normal functioning of the system.
1) Browsing
2) Leaking
3) Inferencing
4) Masquerading
7. • Browsing: In this method, intruders attempt to read stored
files, message packets passing by on the network, other
processes memory, and so on, without modifying any data.
• Leaking: In this method, an intruder uses an accomplice who
leaks the information to him or her. Prevention of leaking is a
difficult problem to solve and requires preventing all types of
communication between the accomplice and the intruder.
8. • Inferencing: In this method, an intruder tries to draw some
inference by closely observing and analyzing the system’s data
or the activities carried out by the system. In this case, an
intruder observes when and where interprocess messages flow
in the system, and by analyzing the frequency of message.
• Masquerading: In this method, an intruder masquerades as an
authorized user or program in order to gain access to
uauthorized data or resources.
9. Active Attacks
• Active intruders are more malicious than passive intruders.
• Unlike passive attacks, active attacks interfere with the normal
functioning of the system and often have damaging effects.
• The most common types of damage that active attacks cause
are corrupting files, destroying data, imitating hardware errors.
10. • Some commonly used forms of active attacks are:
1) Viruses
2) Worms
3) Logic Bombs.
11. • Viruses: A computer viruses is a piece of code attached to a
legitimate program that, when executed, infects other
programs in the system by replicating and attaching itself to
them.
• Worms: Worms are program that spread from one computer to
another in a network of computers.
• Logic Bombs: A logic bomb is a program that lies dormant
until some trigger condition causes it to explode.
12. Cryptography
• Cryptography is a means of protecting private information
against unauthorized access in those situations where it is
difficult to provide physical security.
• The basic idea behind this security technique is that if it is not
possible to prevent copying of information, it is better to
prevent comprehension.
13. Basic Concepts and Terminologies
• Two primitive operations employed by cryptography are
encryption and decryption.
• Encryption is the process of transforming an intelligible
information into an unintelligible form.
• Decryption is the process of transforming the
information back from ciphertext to plaintext.
14. • When cryptography is employed for protecting information
transmitted through communication channels, plaintext is also
called a message.
• Encryption is basically a mathematical function having the
following form:
C=E(P,Ke)
Where P is the plaintext to be encrypted, Ke is an encryption key
and C is the resulting ciphertext.
15. Symmetric and Asymmetric
• There are two broad classes of cryptosystems, symmetric and
asymmetric.
• In a Symmetric cryptosystem, either both the encryption
key(Ke) and decryption key(kd) are the same or one is easily
derivable from the other.
• In an asymmetric cryptosystem, on the other hand, the
decryption key(kd) is not equal to the encryption key(Ke).
16. Authentication
• Authentication deals with the problem of verifying the identity
of a user before permitting access to the requested resource.
• That is, an authentication mechanism prohibits the use of the
system by unauthorized users by verifying the identity of a
user making a request.
17. • Authentication basically involves identification and
verification.
• Identification is the process of claiming a certain identity by a
user, while verification is the process of verifying the user’s
claimed identity.
• Thus, the correctness of an authentication process relies
heavily on the verification procedure employed.
18. Types of authentication
• The main types of authentication normally needed in a
distributed system are as follows:
1) User logins authentication
2) One-way authentication of communicating entities
3) Two-way authentication of communicating entities
19. Approaches to Authentication
• Proof by knowledge: In this approach, authentication involves
verifying something that can only be known by an authorized
principal.
• Proof by possession: In this approach, a user proves his or her
identity by producing some item that can only be possessed by
an authorized principal.
• Proof by property: In this approach, the system is designed to
verify the identity of a user by measuring some physical
characteristics of the user that are hard to forge.
20. User Login Authentication
• As in centralized systems, a user access to a distributed system
by logging in a host in the system. User identity is established
at login, at all subsequent user activities are attributed to this
identity.
1. Keeping passwords secret
2. Making passwords difficult to guess
3. Limiting damages done by a compromised password
4. Identifying and discourging unauthorized user logins.
5. Single sign-on for using all resources in the system.
21. Access Control
• Once a user or a process has been authenticated, the next step
in security is to devise ways to prohibit the user or the process
from accessing those resources/information that he or she or it
is not authorized to access.
• This issue is called authorization and is dealt with by using
access control mechanisms.
• Access control mechanisms used in distributed systems are
basically the same as those used in centralized systems.
22. • When talking about access control in computer systems, it is
customary to use the following terms:
1. Objects
2.Subjects
3. Protection rules
23. Protection domains
• A domain is an abstract definition of a set of access rights.
• It is defined as a set of pairs.
• Each pair specifies an object and one or more operations that
can be performed on the object.
• Each one of the allowed operations is called a right.
24. Design signature
• A digital signature is basically a code, or a large number, that
is unique for each message and to each message originator.
• It is obtained by first processing the message with a hash
function to obtain a small digest dependent on each bit of
information in the message and then encrypting the digest by
using the originator secret key.
25. • A protocol based on a digital signature for ensuring message
integrity works as follows:
1. A sender(A) computes the digest(D) of a message(M). It
then encrypts the digest D by using its secret key(Sa) to obtain
a cipertext C1=E(D,Sa). A signed message is then created that
consists of the senders identifier, the message M in its
plaintext form, and the ciphertext C1.
2. On receiving the signed message, the receiver decrypts
C1 by using the public key of the sender to recover the digest
D.
26. Design principles
• Based on their experience with Multics, Saltzer and Schroeder
identified some design principles that can be used as a guide to
designing secure systems.
1. Least privilage
2. Fail-safe defaults
3. Open design
4. Built in to the system
5.Check for current authority
6. Easy granting and revocation of access rights
7.Never trust other parties
8. Always ensure freshness of messages