This document discusses cryptography and network security. It defines key terms like computer security, network security, and internet security. It outlines three aspects of information security: security attacks, security mechanisms, and security services. Security attacks can be passive like unauthorized reading or active like modifying messages. Security mechanisms detect, prevent, or recover from attacks using things like encryption and authentication. Security services provided by protocols include authentication, access control, confidentiality, integrity, and non-repudiation. The document presents models for providing network security and implementing security services.

1. Cryptography and Network
Security
Chapter 1
Fourth Edition
by William Stallings
Lecture slides by Lawrie Brown
Partially Edited by
Dr. Md Abir Hossain
1

2. Internet and Web Resource
oWeb Sites for This Book
oStudent Support
2

3. Definitions
oComputer Security - generic name for the
collection of tools designed to protect data and to
thwart hackers
oNetwork Security - measures to protect data during
their transmission
oInternet Security - measures to protect data during
their transmission over a collection of
interconnected networks
3

4. Aspects of Security
Consider 3 aspects of information security:
o Security attack
-Passive attacks, which include unauthorized reading of a
message of file and traffic analysis; and
-Active attacks is a modification of messages of files, and denial of
service
o Security mechanism
- Is any process that is designed to detect, prevent, or recover from a
security attack. Ex: encryption algorithms, digital signatures, and
authentication protocols.
o Security service
- A processing or communication service that enhances the security
of the data processing systems and the information transfers of an
organization. Ex: authentication, access control, data confidentiality
4

5. Security Attack
o Any action that compromises the security of information
owned by an organization
o Information security is about how to prevent attacks, or failing
that, to detect attacks on information-based systems
oCan focus of generic types of attacks
opassive
oactive
5

6. Passive Attacks
6
attempt to learn or
make use of
information from the
system but does not
affect system
resources.

7. Active Attacks
7
attempt to alter
system resources
or affect their
operation

8. Security Service
o Enhance security of data processing systems and
information transfers of an organization
o Intended to counter security attacks
o Using one or more security mechanisms
o Often replicates functions normally associated with physical
documents
o Which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction; be
notarized or witnessed; be recorded or licensed
8

9. Security Services
oX.800:
o A service provided by a protocol layer of communicating
open systems, which ensures adequate security of the
systems or of data transfers
oRFC 2828:
o A processing or communication service provided by a
system to give a specific kind of protection to system
resources
9

10. Security Services (X.800)
oAuthentication - assurance that the communicating
entity is the one claimed
oAccess Control - prevention of the unauthorized
use of a resource
oData Confidentiality –protection of data from
unauthorized disclosure
oData Integrity - assurance that data received is as
sent by an authorized entity
oNon-Repudiation - protection against denial by one
of the parties in a communication
10

11. Security Services (X.800)
11

12. Security Services (X.800)
12

13. Security Services (X.800)
13

14. Security Mechanism (X.800)
ofeatures designed to detect, prevent, or recover from a
security attack
o No single mechanism that will support all services required
o There security mechanism is categorized in two section
o Specific Security Mechanism
o Pervasive Security Mechanism
14

15. Security Mechanism (X.800)
15

16. Security Mechanism (X.800)
16

17. Model for Network Security
17

18. Model for Network Security
Using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by the
algorithm
3. develop methods to distribute and share the secret
information
4. specify a protocol enabling the principals to use the
transformation and secret information for a security
service
18

19. 19