Infomation System Security


Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Infomation System Security

  1. 1. Presented By : O8-SE-59 O8-SE-75 INFORMATION SYSTEM SECURITY
  2. 2. OVERVIEW <ul><li>What is security? </li></ul><ul><li>Why Information System Security? </li></ul><ul><li>Vulnerability, Threat and Attack. </li></ul><ul><li>ISS objectives </li></ul><ul><li>Cipher system </li></ul><ul><li>Cryptography </li></ul>
  3. 3. WHAT IS SECURITY? <ul><li>Prevention : take measures that prevent your assets from being damaged. </li></ul><ul><li>Detection : take measures so that you can detect when, how, and by whom an asset has been damaged. </li></ul><ul><li>Reaction : take measures so that you can recover your assets or to recover from a damage to your assets </li></ul>
  4. 4. EXAMPLES <ul><li>Ex. 1 - Private property </li></ul><ul><ul><li>Prevention: locks at doors, window bars, walls around the property. </li></ul></ul><ul><ul><li>Detection: stolen items aren’t there any more, burglar alarms, CCTV, … </li></ul></ul><ul><ul><li>Reaction: call the police,… </li></ul></ul><ul><li>Ex. 2 - ecommerce </li></ul><ul><ul><li>Prevention: encrypt your orders, rely on the merchant to perform checks on the caller,… </li></ul></ul><ul><ul><li>Detection: an unauthorized transaction appears on your credit card statement </li></ul></ul><ul><ul><li>Reaction: complain, ask for a new credit card number, … </li></ul></ul>
  5. 5. INFORMATION SYSTEM SECURITY <ul><li>ISS deals with </li></ul><ul><ul><li>Security of (end) systems </li></ul></ul><ul><ul><ul><li>Examples: Databases, files in a host, records, operating system, accounting information, logs, etc. </li></ul></ul></ul><ul><ul><li>Security of information in transit over a network </li></ul></ul><ul><ul><ul><li>Examples: confidential e-mails, file transfers, record transfers, e-commerce transactions, online banking, authorization messages, etc. </li></ul></ul></ul>
  6. 6. INFORMATION SYSTEM SECURITY (ISS)? Security Services Attackers Security Mechanisms Security Architecture Information System (file, message) Policies
  7. 7. VULNERABILITY, THREAT, ATTACK <ul><li>A vulnerability : is a weakness in security system </li></ul><ul><ul><li>Can be in design, implementation, etc. </li></ul></ul><ul><ul><li>Can be hardware, or software </li></ul></ul><ul><li>A threat : is a set of circumstances that has the potential to cause loss or harm </li></ul><ul><ul><li>Or it’s a potential violation of security </li></ul></ul><ul><ul><li>Threat can be: </li></ul></ul><ul><ul><ul><li>Accidental (natural disasters, human error, …) </li></ul></ul></ul><ul><ul><ul><li>Malicious (attackers, insider fraud, …) </li></ul></ul></ul><ul><li>An attack : is the actual violation of security </li></ul>
  8. 8. ISS OBJECTIVES <ul><li>Confidentiality : keeping information secret from all but those who are authorized to see it. </li></ul><ul><ul><li>Secrecy, privacy </li></ul></ul><ul><li>Data integrity : ensuring information has not been altered by unauthorized or unknown means </li></ul><ul><li>Entity authentication: corroboration of the identity of an entity (e.g., a person, a credit card, etc.) </li></ul><ul><ul><li>Identification, identity verification </li></ul></ul><ul><li>Controlled Access: </li></ul><ul><ul><li>Role based security. </li></ul></ul>
  9. 9. A CIPHER SYSTEM ( achieving confidentiality) ciphertext Encryption algorithm Decryption algorithm encryption key decryption key plaintex t plaintext Interceptor Sender (Alice) Receiver (Bob)
  10. 10. ISS IN GENERAL <ul><li>An information security service is a method to provide some specific aspects of security </li></ul><ul><ul><ul><li>Confidentiality is a security objective, encryption is an information security service </li></ul></ul></ul><ul><ul><ul><li>I ntegrity is another security objective, a method to ensure integrity is a security service. </li></ul></ul></ul><ul><li>Breaking a security service implies defeating the objective of the intended service </li></ul>
  11. 11. CRYPTOGRAPHY <ul><li>Cryptography is a means of providing information security. </li></ul><ul><li>Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, integrity, authentication, and non-repudiation which form the main goals of cryptography </li></ul>
  12. 12. CRYPTOLOGY CRYPTOLOGY CRYPTOGRAPHY CRYPTANALYSIS symmetric-key asymmetric-key Block Cipher Stream Cipher Integer Factorization Discrete Logarithm
  13. 13. EXAMPLE <ul><li>O riginal message was, </li></ul><ul><li>'GIVETWOMILLION' ! Plaintext </li></ul><ul><li>Encoding the message with 'Shift by 3' and produced the message as </li></ul><ul><li>'JLYHWZRPLOORQ'! Ciphertext </li></ul><ul><li>Which obviously is in an unreadable format unless you know the method of deciphering . </li></ul>
  14. 14. CRYPTOGRAPHY <ul><li>Cryptanalysis: the study of mathematical techniques for attempting to defeat cryptographic techniques </li></ul><ul><li>Cryptanalyst: is the one who engages in cryptography </li></ul><ul><li>Cryptology: the study of cryptanalysis and cryptography </li></ul><ul><li>Cryptosystem: is a general term referring to a set of cryptographic primitives used to provide information security services. </li></ul>
  15. 15. CRYPTOGRAPHY <ul><li>Cryptographic techniques are divided into 2 types: </li></ul><ul><ul><li>Symmetric-key Cryptography </li></ul></ul><ul><ul><li>Asymmetric-key Cryptography </li></ul></ul>
  16. 16. SYMMETRIC-KEY SYSTEMS <ul><li>Same key for encryption and decryption </li></ul><ul><li>Key distribution problem </li></ul><ul><li>Practical cipher systems prior to the 1980’s were symmetric cipher systems. </li></ul>
  17. 17. TYPES OF SYMMETRIC CIPHERS <ul><li>Stream ciphers </li></ul><ul><ul><li>encrypt one bit at time </li></ul></ul><ul><li>Block ciphers </li></ul><ul><ul><li>Break plaintext message in equal-size blocks </li></ul></ul><ul><ul><li>Encrypt each block as a unit </li></ul></ul>
  18. 18. SYMMETRIC-KEY SYSTEMS Locking Unlocking =
  19. 19. ASYMMETRIC-KEY SYSTEMS <ul><li>Relatively new field – 1975 </li></ul><ul><li>Each entity has 2 keys: </li></ul><ul><ul><li>Private key (a secret) </li></ul></ul><ul><ul><li>Public key (well known) </li></ul></ul>
  20. 20. ASYMMETRIC-KEY SYSTEMS (cont…) <ul><li> encryption </li></ul><ul><li>plaintext ciphertext </li></ul><ul><li> public key </li></ul><ul><li> decryption </li></ul><ul><li>ciphertext plaintext </li></ul><ul><li> </li></ul><ul><li> private key </li></ul>
  21. 21. ASYMMETRIC-KEY SYSTEMS (cont…) <ul><li>Impossible to determine the decryption key from the encryption key. </li></ul><ul><li>Public and private must be different </li></ul><ul><li>Interchangeably used with public key cipher systems. </li></ul>
  22. 22. TYPES OF ASYMMETRIC-KEY SYSTEM <ul><li>Integer Factorization </li></ul><ul><li>Sender </li></ul><ul><ul><li>Plaintext 6*11 = 66 ciphertext </li></ul></ul><ul><ul><li>Receiver </li></ul></ul><ul><ul><li>(2,33),(3,22),(6,11) </li></ul></ul><ul><li>Discrete Logarithm </li></ul>
  23. 23. ASYMMETRIC-KEY SYSTEMS (cont…) Only a key holder can unlock Anyone can lock
  24. 24. CONCLUSION <ul><li>The impact of a security breach may be far greater than you would expect. The loss of sensitive information may not only affect your competitiveness but also damage your reputation - something which may have taken you years to establish and which may be impossible to restore….!! </li></ul>
  25. 25. <ul><li>Thank you..! </li></ul>