SlideShare a Scribd company logo

2.Types of Attacks.pptx

Download as PPTX, PDF
N
NISARSHAIKH57

Types of attacks in information security

Engineering
1 of 24
Types of Attacks Mr. N. S. Shaikh MMIT, Lohgaon, Pune-47 nisar.shaikh2022@mmit.edu.in
Security Fundamentals • Confidentiality: Data should be accessible only to entities (users/machines/processes) with the valid permissions (also includes privacy) • Integrity: – Data should be modified only by entities with the valid permissions – A system should perform its function without any deliberate manipulation by entities without valid permissions • Availability: Data and service should be accessible (timely and reliable) to entities with the valid permissions • Authentication: – Entity authentication – validating user/machine identity – Message authentication – validating whether a message came from the user/machine/source who claims to have sent it • Access control: Validating the permissions a user claims to have on a resource • Non-repudiation: Actions of an entity should be uniquely traced back to that entity.
Security Fundamentals • Cryptography (Encryption and Decryption): – Transform information from plaintext to ciphertext (encryption) so that it is not comprehensible for unauthorized entities during transmission or at the end systems (more towards confidentiality) – Every encryption algorithm needs to have a corresponding decryption algorithm to get back the plaintext • Digital Signature: A form of encryption/ decryption that ensures the message came from the appropriate entity – Non-repudiation, Message Authentication
Security Fundamentals • Hashing: A digest of the message such that even if a bit changes in the message, the hash value should change – Integrity • Notarization: Vouching for a user/machine – the notarizing authority is trusted by the associated entities – Entity authentication • Steganography: Replace certain bits in a media file with the plaintext bits and transmit them – Weak confidentiality (but not very obvious to unauthorized users)
Computer Security Challenges • Security is not simple • Potential attacks on the security features need to be considered • It is necessary to decide where to use the various security mechanisms • Requires constant monitoring • Is too often an afterthought • Security mechanisms typically involve more than a particular algorithm or protocol • Security is essentially a battle of wits between a perpetrator and the designer
Threats and Attacks (RFC 4949)
Source: William Stallings, Cryptography & Network Security, 6th ed. Passive vs. Active Attacks A passive attack attempts to learn or make use of information from the system but does not affect system resources
Source: William Stallings, Cryptography & Network Security, 6th ed. Passive vs. Active Attacks An active attack attempts to alter system resources or affect their operation
Passive Attacks • Eavesdropping (release of message contents) – solution: use encryption to prevent. • Traffic analysis (monitoring of transmission – Difficult to prevent or detect. – Though the contents of the transmission can be protected (using encryption), one can learn about the location and identity of the communicating hosts as well as the frequency and length of the messages being exchanged. • As passive attacks are difficult to detect, the emphasis is on prevention.
Active Attacks • Active attacks involve some modification of the data stream or the creation of a false stream • Active attacks can be divided into four categories: – Masquerade: When one entity pretends to be a different entity (impersonation) – Replay: Passive capture of a data unit and its subsequent retransmission (if modified, could produce an unauthorized effect) – Modification of messages: modify the captured message – Denial of service: prevent the normal use or management of communications facilities (e.g., overload a server; prevent legitimate users from use) • It is difficult to prevent active attacks; the goal is on their detection.
Active Attacks: Masquerade Source: William Stallings, Cryptography & Network Security, 6th ed.
Active Attacks: Replay Source: William Stallings, Cryptography & Network Security, 6th ed.
Active Attacks: Modification Source: William Stallings, Cryptography & Network Security, 6th ed.
Active Attacks: Denial of Service Source: William Stallings, Cryptography & Network Security, 6th ed.
Model for Network Security Source: William Stallings, Cryptography & Network Security, 6th ed.
Security Services Security Services
Security Services Authentication: The assurance that communicating entity is the one that it claims to be • Peer Entity Authentication: used in association with a logical connection to provide confidence in the identity of the entities connected • Data Origin Authentication: In a connectionless transfer, provides assurance that the source of received data is as claimed
Security Services Access Control: The prevention of unauthorized use of a resource(i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do
Security Services Data Confidentiality: The protection of data from unauthorized disclosure. • Connection Confidentiality: The protection of all user data on a connection. • Connectionless Confidentiality: The protection of all user data in a single data block. • Selective-Field Confidentiality: The confidentiality of selected fields within the user data on a connection or in a single data block.
Security Services Data Integrity: The assurance that data received are exactly as sent by an authorized entity(i.e., contain no modification, insertion, deletion, or replay). • Connection Integrity with Recovery • Connection Integrity without Recovery • Selective-Field Connection Integrity • Connectionless Integrity • Selective-Field Connectionless Integrity
Security Services Nonrepudiation: Provides protections against denial by one of the entities involved in communication of having participated in all or part of the communication. • Nonrepudiation Origin: Proof that the message was sent by the specified party. • Nonrepudiation Destination: Proof that the message was received by the specified party.
Security Mechanisms Specific Security Mechanisms • Encipherment • Digital Signature • Access Control • Data Integrity • Authentication Exchange • Traffic Padding • Routing Control • Notarization
Security Mechanism Encipherment: The use of Mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.
Security Mechanism Digital Signature:

Recommended

ch01.pdf
ch01.pdfch01.pdf
ch01.pdfSamtech6
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...NISHASOMSCS113
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityAparnaSunil24
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdfMohammedElkayesh
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1osama elfar
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyUmangThakkar26
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.pptSwapnaPavan2
 

Recommended

ch01.pdf
ch01.pdfch01.pdf
ch01.pdfSamtech6
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...NISHASOMSCS113
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityAparnaSunil24
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdfMohammedElkayesh
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1osama elfar
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyUmangThakkar26
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.pptSwapnaPavan2
 
CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxRizwanBasha12
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxsalutiontechnology
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
abc.pptx
abc.pptxabc.pptx
abc.pptxBhargaviGorde1
 
Ch01 NetSec5e.pptx
Ch01 NetSec5e.pptxCh01 NetSec5e.pptx
Ch01 NetSec5e.pptxAwais725629
 
information security.pptx
information security.pptxinformation security.pptx
information security.pptxAwais725629
 
Ch01 NetSec5e.pdf
Ch01 NetSec5e.pdfCh01 NetSec5e.pdf
Ch01 NetSec5e.pdfMohammadAbusaa3
 
Ch01
Ch01Ch01
Ch01ssusere796b3
 
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCENETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCEkarthikasivakumar3
 
ch01.ppt
ch01.pptch01.ppt
ch01.pptssuser4198c4
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network securitysneha padhiar
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdfsurajthakur474818
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptxssuseref9c81
 
ch1-1.ppt
ch1-1.pptch1-1.ppt
ch1-1.pptNayyabMirTahir
 
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for womenE content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for womenAbiramis19
 
cns unit 1.pptx
cns unit 1.pptxcns unit 1.pptx
cns unit 1.pptxSaranya Natarajan
 
Unit 1
Unit 1Unit 1
Unit 1Vinod Kumar Gorrepati
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 

More Related Content

Similar to 2.Types of Attacks.pptx

CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxRizwanBasha12
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxsalutiontechnology
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Ch01 NetSec5e.pptx
Ch01 NetSec5e.pptxCh01 NetSec5e.pptx
Ch01 NetSec5e.pptxAwais725629
 
information security.pptx
information security.pptxinformation security.pptx
information security.pptxAwais725629
 
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCENETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCEkarthikasivakumar3
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network securitysneha padhiar
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdfsurajthakur474818
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for womenE content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for womenAbiramis19
 

Similar to 2.Types of Attacks.pptx (20)

CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptx
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptx
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
abc.pptx
abc.pptxabc.pptx
abc.pptx
 
Ch01 NetSec5e.pptx
Ch01 NetSec5e.pptxCh01 NetSec5e.pptx
Ch01 NetSec5e.pptx
 
information security.pptx
information security.pptxinformation security.pptx
information security.pptx
 
Ch01 NetSec5e.pdf
Ch01 NetSec5e.pdfCh01 NetSec5e.pdf
Ch01 NetSec5e.pdf
 
Ch01
Ch01Ch01
Ch01
 
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCENETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network security
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdf
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptx
 
ch1-1.ppt
ch1-1.pptch1-1.ppt
ch1-1.ppt
 
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for womenE content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
 
cns unit 1.pptx
cns unit 1.pptxcns unit 1.pptx
cns unit 1.pptx
 
Unit 1
Unit 1Unit 1
Unit 1
 

Recently uploaded

VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringmulugeta48
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoordharasingh5698
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 

Recently uploaded (20)

VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 

2.Types of Attacks.pptx

  • 1. Types of Attacks Mr. N. S. Shaikh MMIT, Lohgaon, Pune-47 nisar.shaikh2022@mmit.edu.in
  • 2. Security Fundamentals • Confidentiality: Data should be accessible only to entities (users/machines/processes) with the valid permissions (also includes privacy) • Integrity: – Data should be modified only by entities with the valid permissions – A system should perform its function without any deliberate manipulation by entities without valid permissions • Availability: Data and service should be accessible (timely and reliable) to entities with the valid permissions • Authentication: – Entity authentication – validating user/machine identity – Message authentication – validating whether a message came from the user/machine/source who claims to have sent it • Access control: Validating the permissions a user claims to have on a resource • Non-repudiation: Actions of an entity should be uniquely traced back to that entity.
  • 3. Security Fundamentals • Cryptography (Encryption and Decryption): – Transform information from plaintext to ciphertext (encryption) so that it is not comprehensible for unauthorized entities during transmission or at the end systems (more towards confidentiality) – Every encryption algorithm needs to have a corresponding decryption algorithm to get back the plaintext • Digital Signature: A form of encryption/ decryption that ensures the message came from the appropriate entity – Non-repudiation, Message Authentication
  • 4. Security Fundamentals • Hashing: A digest of the message such that even if a bit changes in the message, the hash value should change – Integrity • Notarization: Vouching for a user/machine – the notarizing authority is trusted by the associated entities – Entity authentication • Steganography: Replace certain bits in a media file with the plaintext bits and transmit them – Weak confidentiality (but not very obvious to unauthorized users)
  • 5. Computer Security Challenges • Security is not simple • Potential attacks on the security features need to be considered • It is necessary to decide where to use the various security mechanisms • Requires constant monitoring • Is too often an afterthought • Security mechanisms typically involve more than a particular algorithm or protocol • Security is essentially a battle of wits between a perpetrator and the designer
  • 6. Threats and Attacks (RFC 4949)
  • 7. Source: William Stallings, Cryptography & Network Security, 6th ed. Passive vs. Active Attacks A passive attack attempts to learn or make use of information from the system but does not affect system resources
  • 8. Source: William Stallings, Cryptography & Network Security, 6th ed. Passive vs. Active Attacks An active attack attempts to alter system resources or affect their operation
  • 9. Passive Attacks • Eavesdropping (release of message contents) – solution: use encryption to prevent. • Traffic analysis (monitoring of transmission – Difficult to prevent or detect. – Though the contents of the transmission can be protected (using encryption), one can learn about the location and identity of the communicating hosts as well as the frequency and length of the messages being exchanged. • As passive attacks are difficult to detect, the emphasis is on prevention.
  • 10. Active Attacks • Active attacks involve some modification of the data stream or the creation of a false stream • Active attacks can be divided into four categories: – Masquerade: When one entity pretends to be a different entity (impersonation) – Replay: Passive capture of a data unit and its subsequent retransmission (if modified, could produce an unauthorized effect) – Modification of messages: modify the captured message – Denial of service: prevent the normal use or management of communications facilities (e.g., overload a server; prevent legitimate users from use) • It is difficult to prevent active attacks; the goal is on their detection.
  • 11. Active Attacks: Masquerade Source: William Stallings, Cryptography & Network Security, 6th ed.
  • 12. Active Attacks: Replay Source: William Stallings, Cryptography & Network Security, 6th ed.
  • 13. Active Attacks: Modification Source: William Stallings, Cryptography & Network Security, 6th ed.
  • 14. Active Attacks: Denial of Service Source: William Stallings, Cryptography & Network Security, 6th ed.
  • 15. Model for Network Security Source: William Stallings, Cryptography & Network Security, 6th ed.
  • 17. Security Services Authentication: The assurance that communicating entity is the one that it claims to be • Peer Entity Authentication: used in association with a logical connection to provide confidence in the identity of the entities connected • Data Origin Authentication: In a connectionless transfer, provides assurance that the source of received data is as claimed
  • 18. Security Services Access Control: The prevention of unauthorized use of a resource(i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do
  • 19. Security Services Data Confidentiality: The protection of data from unauthorized disclosure. • Connection Confidentiality: The protection of all user data on a connection. • Connectionless Confidentiality: The protection of all user data in a single data block. • Selective-Field Confidentiality: The confidentiality of selected fields within the user data on a connection or in a single data block.
  • 20. Security Services Data Integrity: The assurance that data received are exactly as sent by an authorized entity(i.e., contain no modification, insertion, deletion, or replay). • Connection Integrity with Recovery • Connection Integrity without Recovery • Selective-Field Connection Integrity • Connectionless Integrity • Selective-Field Connectionless Integrity
  • 21. Security Services Nonrepudiation: Provides protections against denial by one of the entities involved in communication of having participated in all or part of the communication. • Nonrepudiation Origin: Proof that the message was sent by the specified party. • Nonrepudiation Destination: Proof that the message was received by the specified party.
  • 22. Security Mechanisms Specific Security Mechanisms • Encipherment • Digital Signature • Access Control • Data Integrity • Authentication Exchange • Traffic Padding • Routing Control • Notarization
  • 23. Security Mechanism Encipherment: The use of Mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.