SlideShare a Scribd company logo

The Art of Protecting Secrets Through Cryptography and Access Control

Mukesh Chinta
Mukesh Chinta

This is the Fourth Chapter of Cisco Cyber Security Essentials course Which discusses the implementation aspects of Confidentiality via Encryption, Access Control Techniques

Engineering
1 of 33
MUKESH CHINTA ASST PROF, CSE, VRSEC Chapter 4: The Art of Protecting Secrets
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2 Chapter 4: The Art of Protecting Secrets Cybersecurity Essentials v1.1
Presentation_ID 3© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 4 - Sections & Objectives 4.1 Cryptography Explain how encryption techniques protect confidentiality. 4.2 Access Control Describe access control techniques used to protect confidentiality. 4.3 Obscuring Data Describe the concept of obscuring data.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4 4.1 Cryptography
Presentation_ID 5© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential ►Cryptology is the science of making and breaking secret codes. ►Cryptography is a way to store and transmit data so only the intended recipient can read or process it. ►Modern cryptography uses computationally secure algorithms to make sure that cyber criminals cannot easily compromise protected information.
The Enigma Rotor machine Hieroglyphics Scytale Alberti Disc
Presentation_ID 7© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential ►Data confidentiality ensures privacy so that only the intended receiver can read the message. Parties achieve this through encryption. Encryption is the process of scrambling data so that an unauthorized party cannot easily read it. ►When enabling encryption, readable data is plaintext, or cleartext, while the encrypted version is encrypted text or ciphertext. ►Encryption converts the plaintext readable message to ciphertext, which is the unreadable, disguised message. Decryption reverses the process. (Substitution and Transposition Techniques) ►Encryption also requires a key, which plays a critical role in encrypting and decrypting a message. The person possessing the key can decrypt the ciphertext to plaintext.
Presentation_ID 8© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Presentation_ID 9© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential - These algorithms use the same pre-shared key, sometimes called a secret key pair, to encrypt and decrypt data. Both the sender and receiver know the pre-shared key before any encrypted communication begins.  Symmetric algorithms use the same key to encrypt and decrypt the plaintext. Encryption algorithms that use a common key are simpler and need less computational power. - Asymmetrical encryption algorithms use one key to encrypt data and a different key to decrypt data. One key is public and the other is private. In a public-key encryption system, any person can encrypt a message using the public key of the receiver, and the receiver is the only one that can decrypt it using his private key. Parties exchange secure messages without needing a pre-shared key.  Asymmetric algorithms are more complex. These algorithms are resource intensive and slower to execute.
Presentation_ID 10© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Presentation_ID 11© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential I love this class Cipher Text Key Plain Text
Presentation_ID 12© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cipher Text Key Plain Textlets bunk today ohwv exqn wrgdb shift alphabet by 3
Presentation_ID 13© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  RSA (Rivest_Shamir-Adleman) - uses the product of two very large prime numbers with an equal length of between 100 and 200 digits. Browsers use RSA to establish a secure connection.  Diffie-Hellman - provides an electronic exchange method to share the secret key. Secure protocols, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), Secure Shell (SSH), and Internet Protocol Security (IPsec), use Diffie- Hellman.  ElGamal - uses the U.S. government standard for digital signatures. This algorithm is free to use because no one holds the patent.  Elliptic Curve Cryptography (ECC) - uses elliptic curves as part of the algorithm. In the U.S., the National Security Agency uses ECC for digital signature generation and key exchange.
Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Presentation_ID 15© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Symmetric encryption systems are more efficient and can handle more data. However, key management with symmetric encryption systems is more problematic and harder to manage.  Asymmetric cryptography is more efficient at protecting the confidentiality of small amounts of data, and its size and speed make it more secure for tasks such as electronic key exchange which is a small amount of data rather than encrypting large blocks of data.  Key management includes the generation, exchange, storage, use, and replacement of keys used in an encryption algorithm. Two terms used to describe keys are: 1. Key length - Also called the key size, this is the measure in bits. 2. Keyspace - This is the number of possibilities that a specific key length can generate.  As key length increase, the keyspace increases exponentially.
Presentation_ID 16© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential There are many applications for both symmetric and asymmetric algorithms. • The electronic payment industry uses 3DES. • Operating systems use DES to protect user files and system data with passwords. • Most encrypting file systems, such as NTFS, use AES. Four protocols use asymmetric key algorithms: • Internet Key Exchange (IKE), which is a fundamental component of IPsec Virtual Private Networks (VPNs). • Secure Socket Layer (SSL), which is a means of implementing cryptography into a web browser. • Secure Shell (SSH), which is a protocol that provides a secure remote access connection to network devices. • Pretty Good Privacy (PGP), which is a computer program that provides cryptographic privacy and authentication to increase the security of email communications.
Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential A VPN is a private network that uses a public network, usually the Internet, to create a secure communication channel. A VPN connects two endpoints such as two remote offices over the Internet to form the connection.  VPNs use IPsec. IPsec is a suite of protocols developed to achieve secure services over networks.  IPsec services allow for authentication, integrity, access control, and confidentiality.  With IPsec, remote sites can exchange encrypted and verified information.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18 4.2 Access Control
Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Logical Access Controls - hardware and software solutions used to manage access to resources and systems. These technology-based solutions include tools and protocols that computer systems use for identification, authentication, authorization, and accountability. Administrative Access Controls - policies and procedures defined by organizations to implement and enforce all aspects of controlling unauthorized access. Administrative controls focus on personnel and business practices. Audit Logs CCTV Connection Control Technical Administrative Physical Layered Defense Fire Extinguisher Sentry Bollards DRPEmployee Termination User Registration Procedures Physical Access Controls - actual barriers deployed to prevent direct contact with systems. The goal is to prevent unauthorized users from gaining physical access to facilities, equipment, and other organizational assets. Physical access control determines who can enter (or exit), where they can enter (or exit), and when they can enter (or exit).
Presentation_ID 20© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Mandatory access control (MAC) - restricts the actions that a subject can perform on an object. A subject can be a user or a process. An object can be a file, a port, or an input/output device. An authorization rule enforces whether or not a subject can access the object. Discretionary access control (DAC) - DAC grants or restricts object access determined by the object’s owner. As the name implies, controls are discretionary because an object owner with certain access permissions can pass on those permissions to another subject. Role-based access control (RBAC) - is based on the role of the subject. Roles are job functions within an organization. Specific roles require permissions to perform certain operations. Users acquire permissions through their role. RBAC can work in combination with DAC or MAC by enforcing the policies of either one. Rule-based access control - uses access control lists (ACLs) to help determine whether to grant access. A series of rules is contained in the ACL, as shown in the figure. The determination of whether to grant access depends on these rules. An example of such a rule is one that states that no employee may have access to the payroll file after hours or on weekends.
Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Identification enforces the rules established by the authorization policy:  A subject requests access to a system resource.  Every time the subject requests access to a resource, the access controls determine whether to grant or deny access.  Cybersecurity policies determine which identification controls should be used.  The sensitivity of the information and information systems determine how stringent the controls.  The increase in data breaches has forced many organizations to strengthen their identification controls.
Presentation_ID 22© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential What You Know - Passwords, passphrases, or PINs are all examples of something that the user knows. Passwords are the most popular method used for authentication. What You Have - Smart cards and security key fobs are both examples of something that users have in their possession. Who You Are - A unique physical characteristic, such as a fingerprint, retina, or voice, that identifies a specific user is called biometrics. Multi-factor Authentication - Multi-factor authentication uses at least two methods of verification. A security key fob is a good example. The two factors are something you know, such as a password, and something you have, such as a security key fob.
Presentation_ID 23© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Authorization controls what a user can and cannot do on the network after successful authentication:  After a user proves his or her identity, the system checks to see what network resources the user can access and what the users can do with the resources.  Authorization uses a set of attributes that describes the user’s access to the network.  The system compares these attributes to the information contained within the authentication database, determines a set of restrictions for that user, and delivers it to the local router where the user is connected.  Defining authorization rules is the first step in controlling access. An authorization policy establishes these rules.
Presentation_ID 24© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Accountability traces an action back to a person or process making the change to a system, collects this information, and reports the usage data: • The organization can use this data for such purposes as auditing or billing. • The collected data might include the log in time for a user, whether the user log in was a success or failure, or what network resources the user accessed. • This allows an organization to trace actions, errors, and mistakes during an audit or investigation. • Implementing accountability consists of technologies, policies, procedures, and education. • Log files provide detailed information based on the parameters chosen.
Presentation_ID 25© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Preventative Controls - Prevent means to keep something from happening. Preventative access controls stop unwanted or unauthorized activity from happening. Deterrent Controls - A deterrent is the opposite of a reward. A reward encourages individuals to do the right thing, while a deterrent discourages them from doing the wrong thing. Cybersecurity professionals and organizations use deterrents to limit or mitigate an action or behavior. Deterrents do not always stop these actions.
Presentation_ID 26© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Detective Controls - Detection is the act or process of noticing or discovering something. Access control detections identify different types of unauthorized activity. Detection systems can be very simple, such as a motion detector or security guard. They can also be more complex, such as an intrusion detection system. Corrective Controls - Corrective counteracts something that is undesirable. Organizations put corrective access controls in place after a system experiences a threat. Corrective controls restore the system back to a state of confidentiality, integrity, and availability. They can also restore systems to normal after unauthorized activity occurs.
Presentation_ID 27© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Recovery Controls - Recovery is a return to a normal state. Recovery access controls restore resources, functions, and capabilities after a violation of a security policy. Recovery controls can repair damage, in addition to stopping any further damage. These controls have more advanced capabilities over corrective access controls. Compensative Controls - Compensate means to make up for something. Compensative access controls provide options to other controls to bolster enforcement in support of a security policy. A compensative control can also be a substitution used in place of a control that is not possible under the circumstances.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28 4.3 Obscuring Data
Presentation_ID 29© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential is a technology that secures data by replacing sensitive information with a non-sensitive version. The non-sensitive version looks and acts like the original. This means that a business process can use non-sensitive data and there is no need to change the supporting applications or data storage facilities. In the most common use case, masking limits the propagation of sensitive data within IT systems by distributing surrogate data sets for testing and analysis. There are data masking techniques that can ensure that data remains meaningful but changed enough to protect it:  Substitution - replaces data with authentic looking values to apply anonymity to the data records.  Shuffling - derives a substitution set from the same column of data that a user wants to mask. This technique works well for financial information in a test database, for example.
Presentation_ID 30© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential conceals data (the message) in another file such as a graphic, audio, or other text file.  The advantage of steganography over cryptography is that the secret message does not attract any special attention. No one would ever know that a picture actually contained a secret message by viewing the file either electronically or in hardcopy. There are several components involved in hiding data: • There is the embedded data, which is the secret message. • Cover-text (or cover-image or cover-audio) hides the embedded data producing the stego-text (or stego-image or stego-audio). • A stego-key controls the hiding process.  The approach used to embed data in a cover-image is using hides information in plain sight by creating a message that can be read a certain way by some to get the message. Others who view it in a normal way will not see the message. is the discovery that hidden information exists. The goal of steganalysis is to discover the hidden information
Presentation_ID 31© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Presentation_ID 32© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Data obfuscation - is the use and practice of data masking and steganography techniques in the cybersecurity and cyber intelligence profession:  Obfuscation is the art of making the message confusing, ambiguous, or harder to understand.  A system may purposely scramble messages to prevent unauthorized access to sensitive information.  Software watermarking protects software from unauthorized access or modification.  Software watermarking inserts a secret message into the program as proof of ownership.  The secret message is the software watermark. If someone tries to remove the watermark, the result is nonfunctional code.
Presentation_ID 33© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Recommended

Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Mukesh Chinta
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Mukesh Chinta
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Mukesh Chinta
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 

Recommended

Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Mukesh Chinta
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Mukesh Chinta
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Mukesh Chinta
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
CA_Module_1.pptx
CA_Module_1.pptxCA_Module_1.pptx
CA_Module_1.pptxYazanSalileh
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Network Security
Network SecurityNetwork Security
Network SecurityTechknow Book
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Information security
Information security Information security
Information securityJin Castor
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...IOSR Journals
 
L017136269
L017136269L017136269
L017136269IOSR Journals
 

More Related Content

What's hot

What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Information security
Information security Information security
Information securityJin Castor
 

What's hot (20)

CA_Module_1.pptx
CA_Module_1.pptxCA_Module_1.pptx
CA_Module_1.pptx
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Network Security
Network SecurityNetwork Security
Network Security
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 
Network Security
Network SecurityNetwork Security
Network Security
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Cyber security
Cyber securityCyber security
Cyber security
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
03 cia
03 cia03 cia
03 cia
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Information security
Information security Information security
Information security
 

Similar to The Art of Protecting Secrets Through Cryptography and Access Control

Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...IOSR Journals
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Hybrid Cryptography security in public cloud using TwoFish and ECC algorithm
Hybrid Cryptography security in public cloud using TwoFish and ECC algorithmHybrid Cryptography security in public cloud using TwoFish and ECC algorithm
Hybrid Cryptography security in public cloud using TwoFish and ECC algorithmIJECEIAES
 
Computer Networks 4
Computer Networks 4Computer Networks 4
Computer Networks 4Mr Smith
 
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using CryptographyIRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using CryptographyIRJET Journal
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptxMrPrathapG
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20eyad alaa
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityEditor IJCATR
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET Journal
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
AWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption SystemAWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption SystemIRJET Journal
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security IssuesEditor IJCATR
 
Cyber security workshop talk.pptx
Cyber security workshop talk.pptxCyber security workshop talk.pptx
Cyber security workshop talk.pptxkamalakantas
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkErni Susanti
 

Similar to The Art of Protecting Secrets Through Cryptography and Access Control (20)

Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
 
L017136269
L017136269L017136269
L017136269
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key Management
 
Lecture 07 networking
Lecture 07 networkingLecture 07 networking
Lecture 07 networking
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Hybrid Cryptography security in public cloud using TwoFish and ECC algorithm
Hybrid Cryptography security in public cloud using TwoFish and ECC algorithmHybrid Cryptography security in public cloud using TwoFish and ECC algorithm
Hybrid Cryptography security in public cloud using TwoFish and ECC algorithm
 
Computer Networks 4
Computer Networks 4Computer Networks 4
Computer Networks 4
 
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using CryptographyIRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
 
Cyber security
Cyber securityCyber security
Cyber security
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptx
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data Encryption
 
AWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption SystemAWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption System
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security Issues
 
Cyber security workshop talk.pptx
Cyber security workshop talk.pptxCyber security workshop talk.pptx
Cyber security workshop talk.pptx
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
 

More from Mukesh Chinta

CCNA-2 SRWE Mod-10 LAN Security Concepts
CCNA-2 SRWE Mod-10 LAN Security ConceptsCCNA-2 SRWE Mod-10 LAN Security Concepts
CCNA-2 SRWE Mod-10 LAN Security ConceptsMukesh Chinta
 
CCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security ConfigurationCCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security ConfigurationMukesh Chinta
 
CCNA-2 SRWE Mod-12 WLAN Concepts
CCNA-2 SRWE Mod-12 WLAN ConceptsCCNA-2 SRWE Mod-12 WLAN Concepts
CCNA-2 SRWE Mod-12 WLAN ConceptsMukesh Chinta
 
CCNA-2 SRWE Mod-13 WLAN Configuration
CCNA-2 SRWE Mod-13 WLAN ConfigurationCCNA-2 SRWE Mod-13 WLAN Configuration
CCNA-2 SRWE Mod-13 WLAN ConfigurationMukesh Chinta
 
CCNA-2 SRWE Mod-15 Static IP Routing
CCNA-2 SRWE Mod-15 Static IP RoutingCCNA-2 SRWE Mod-15 Static IP Routing
CCNA-2 SRWE Mod-15 Static IP RoutingMukesh Chinta
 
CCNA-2 SRWE Mod-14 Routing Concepts
CCNA-2 SRWE Mod-14 Routing ConceptsCCNA-2 SRWE Mod-14 Routing Concepts
CCNA-2 SRWE Mod-14 Routing ConceptsMukesh Chinta
 
Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4
Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4
Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4Mukesh Chinta
 
Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3
Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3
Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3Mukesh Chinta
 
Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2
Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2
Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2Mukesh Chinta
 
The need for Cybersecurity - Cisco Intro to Cybersec Chap-1
The need for Cybersecurity - Cisco Intro to Cybersec Chap-1The need for Cybersecurity - Cisco Intro to Cybersec Chap-1
The need for Cybersecurity - Cisco Intro to Cybersec Chap-1Mukesh Chinta
 
Protocols and Reference models CCNAv7-1
Protocols and Reference models CCNAv7-1Protocols and Reference models CCNAv7-1
Protocols and Reference models CCNAv7-1Mukesh Chinta
 
Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2Mukesh Chinta
 
Introduction to networks CCNAv7 Module-1
Introduction to networks CCNAv7 Module-1Introduction to networks CCNAv7 Module-1
Introduction to networks CCNAv7 Module-1Mukesh Chinta
 
Process scheduling (CPU Scheduling)
Process scheduling (CPU Scheduling)Process scheduling (CPU Scheduling)
Process scheduling (CPU Scheduling)Mukesh Chinta
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process ConceptsMukesh Chinta
 
Operating systems system structures
Operating systems system structuresOperating systems system structures
Operating systems system structuresMukesh Chinta
 
Introduction to Operating Systems
Introduction to Operating SystemsIntroduction to Operating Systems
Introduction to Operating SystemsMukesh Chinta
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Wireless communication
Wireless communicationWireless communication
Wireless communicationMukesh Chinta
 

More from Mukesh Chinta (20)

CCNA-2 SRWE Mod-10 LAN Security Concepts
CCNA-2 SRWE Mod-10 LAN Security ConceptsCCNA-2 SRWE Mod-10 LAN Security Concepts
CCNA-2 SRWE Mod-10 LAN Security Concepts
 
CCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security ConfigurationCCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security Configuration
 
CCNA-2 SRWE Mod-12 WLAN Concepts
CCNA-2 SRWE Mod-12 WLAN ConceptsCCNA-2 SRWE Mod-12 WLAN Concepts
CCNA-2 SRWE Mod-12 WLAN Concepts
 
CCNA-2 SRWE Mod-13 WLAN Configuration
CCNA-2 SRWE Mod-13 WLAN ConfigurationCCNA-2 SRWE Mod-13 WLAN Configuration
CCNA-2 SRWE Mod-13 WLAN Configuration
 
CCNA-2 SRWE Mod-15 Static IP Routing
CCNA-2 SRWE Mod-15 Static IP RoutingCCNA-2 SRWE Mod-15 Static IP Routing
CCNA-2 SRWE Mod-15 Static IP Routing
 
CCNA-2 SRWE Mod-14 Routing Concepts
CCNA-2 SRWE Mod-14 Routing ConceptsCCNA-2 SRWE Mod-14 Routing Concepts
CCNA-2 SRWE Mod-14 Routing Concepts
 
Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4
Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4
Protecting the Organization - Cisco: Intro to Cybersecurity Chap-4
 
Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3
Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3
Protecting Your Data and Privacy- Cisco: Intro to Cybersecurity chap-3
 
Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2
Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2
Attacks, Concepts and Techniques - Cisco: Intro to Cybersecurity Chap-2
 
The need for Cybersecurity - Cisco Intro to Cybersec Chap-1
The need for Cybersecurity - Cisco Intro to Cybersec Chap-1The need for Cybersecurity - Cisco Intro to Cybersec Chap-1
The need for Cybersecurity - Cisco Intro to Cybersec Chap-1
 
Protocols and Reference models CCNAv7-1
Protocols and Reference models CCNAv7-1Protocols and Reference models CCNAv7-1
Protocols and Reference models CCNAv7-1
 
Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2
 
Introduction to networks CCNAv7 Module-1
Introduction to networks CCNAv7 Module-1Introduction to networks CCNAv7 Module-1
Introduction to networks CCNAv7 Module-1
 
Process scheduling (CPU Scheduling)
Process scheduling (CPU Scheduling)Process scheduling (CPU Scheduling)
Process scheduling (CPU Scheduling)
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process Concepts
 
Operating systems system structures
Operating systems system structuresOperating systems system structures
Operating systems system structures
 
Introduction to Operating Systems
Introduction to Operating SystemsIntroduction to Operating Systems
Introduction to Operating Systems
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Mobile IP
Mobile IPMobile IP
Mobile IP
 
Wireless communication
Wireless communicationWireless communication
Wireless communication
 

Recently uploaded

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 

Recently uploaded (20)

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 

The Art of Protecting Secrets Through Cryptography and Access Control

  • 1. MUKESH CHINTA ASST PROF, CSE, VRSEC Chapter 4: The Art of Protecting Secrets
  • 2. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2 Chapter 4: The Art of Protecting Secrets Cybersecurity Essentials v1.1
  • 3. Presentation_ID 3© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 4 - Sections & Objectives 4.1 Cryptography Explain how encryption techniques protect confidentiality. 4.2 Access Control Describe access control techniques used to protect confidentiality. 4.3 Obscuring Data Describe the concept of obscuring data.
  • 4. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4 4.1 Cryptography
  • 5. Presentation_ID 5© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential ►Cryptology is the science of making and breaking secret codes. ►Cryptography is a way to store and transmit data so only the intended recipient can read or process it. ►Modern cryptography uses computationally secure algorithms to make sure that cyber criminals cannot easily compromise protected information.
  • 6. The Enigma Rotor machine Hieroglyphics Scytale Alberti Disc
  • 7. Presentation_ID 7© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential ►Data confidentiality ensures privacy so that only the intended receiver can read the message. Parties achieve this through encryption. Encryption is the process of scrambling data so that an unauthorized party cannot easily read it. ►When enabling encryption, readable data is plaintext, or cleartext, while the encrypted version is encrypted text or ciphertext. ►Encryption converts the plaintext readable message to ciphertext, which is the unreadable, disguised message. Decryption reverses the process. (Substitution and Transposition Techniques) ►Encryption also requires a key, which plays a critical role in encrypting and decrypting a message. The person possessing the key can decrypt the ciphertext to plaintext.
  • 8. Presentation_ID 8© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
  • 9. Presentation_ID 9© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential - These algorithms use the same pre-shared key, sometimes called a secret key pair, to encrypt and decrypt data. Both the sender and receiver know the pre-shared key before any encrypted communication begins.  Symmetric algorithms use the same key to encrypt and decrypt the plaintext. Encryption algorithms that use a common key are simpler and need less computational power. - Asymmetrical encryption algorithms use one key to encrypt data and a different key to decrypt data. One key is public and the other is private. In a public-key encryption system, any person can encrypt a message using the public key of the receiver, and the receiver is the only one that can decrypt it using his private key. Parties exchange secure messages without needing a pre-shared key.  Asymmetric algorithms are more complex. These algorithms are resource intensive and slower to execute.
  • 10. Presentation_ID 10© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
  • 11. Presentation_ID 11© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential I love this class Cipher Text Key Plain Text
  • 12. Presentation_ID 12© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cipher Text Key Plain Textlets bunk today ohwv exqn wrgdb shift alphabet by 3
  • 13. Presentation_ID 13© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  RSA (Rivest_Shamir-Adleman) - uses the product of two very large prime numbers with an equal length of between 100 and 200 digits. Browsers use RSA to establish a secure connection.  Diffie-Hellman - provides an electronic exchange method to share the secret key. Secure protocols, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), Secure Shell (SSH), and Internet Protocol Security (IPsec), use Diffie- Hellman.  ElGamal - uses the U.S. government standard for digital signatures. This algorithm is free to use because no one holds the patent.  Elliptic Curve Cryptography (ECC) - uses elliptic curves as part of the algorithm. In the U.S., the National Security Agency uses ECC for digital signature generation and key exchange.
  • 14. Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
  • 15. Presentation_ID 15© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Symmetric encryption systems are more efficient and can handle more data. However, key management with symmetric encryption systems is more problematic and harder to manage.  Asymmetric cryptography is more efficient at protecting the confidentiality of small amounts of data, and its size and speed make it more secure for tasks such as electronic key exchange which is a small amount of data rather than encrypting large blocks of data.  Key management includes the generation, exchange, storage, use, and replacement of keys used in an encryption algorithm. Two terms used to describe keys are: 1. Key length - Also called the key size, this is the measure in bits. 2. Keyspace - This is the number of possibilities that a specific key length can generate.  As key length increase, the keyspace increases exponentially.
  • 16. Presentation_ID 16© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential There are many applications for both symmetric and asymmetric algorithms. • The electronic payment industry uses 3DES. • Operating systems use DES to protect user files and system data with passwords. • Most encrypting file systems, such as NTFS, use AES. Four protocols use asymmetric key algorithms: • Internet Key Exchange (IKE), which is a fundamental component of IPsec Virtual Private Networks (VPNs). • Secure Socket Layer (SSL), which is a means of implementing cryptography into a web browser. • Secure Shell (SSH), which is a protocol that provides a secure remote access connection to network devices. • Pretty Good Privacy (PGP), which is a computer program that provides cryptographic privacy and authentication to increase the security of email communications.
  • 17. Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential A VPN is a private network that uses a public network, usually the Internet, to create a secure communication channel. A VPN connects two endpoints such as two remote offices over the Internet to form the connection.  VPNs use IPsec. IPsec is a suite of protocols developed to achieve secure services over networks.  IPsec services allow for authentication, integrity, access control, and confidentiality.  With IPsec, remote sites can exchange encrypted and verified information.
  • 18. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18 4.2 Access Control
  • 19. Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Logical Access Controls - hardware and software solutions used to manage access to resources and systems. These technology-based solutions include tools and protocols that computer systems use for identification, authentication, authorization, and accountability. Administrative Access Controls - policies and procedures defined by organizations to implement and enforce all aspects of controlling unauthorized access. Administrative controls focus on personnel and business practices. Audit Logs CCTV Connection Control Technical Administrative Physical Layered Defense Fire Extinguisher Sentry Bollards DRPEmployee Termination User Registration Procedures Physical Access Controls - actual barriers deployed to prevent direct contact with systems. The goal is to prevent unauthorized users from gaining physical access to facilities, equipment, and other organizational assets. Physical access control determines who can enter (or exit), where they can enter (or exit), and when they can enter (or exit).
  • 20. Presentation_ID 20© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Mandatory access control (MAC) - restricts the actions that a subject can perform on an object. A subject can be a user or a process. An object can be a file, a port, or an input/output device. An authorization rule enforces whether or not a subject can access the object. Discretionary access control (DAC) - DAC grants or restricts object access determined by the object’s owner. As the name implies, controls are discretionary because an object owner with certain access permissions can pass on those permissions to another subject. Role-based access control (RBAC) - is based on the role of the subject. Roles are job functions within an organization. Specific roles require permissions to perform certain operations. Users acquire permissions through their role. RBAC can work in combination with DAC or MAC by enforcing the policies of either one. Rule-based access control - uses access control lists (ACLs) to help determine whether to grant access. A series of rules is contained in the ACL, as shown in the figure. The determination of whether to grant access depends on these rules. An example of such a rule is one that states that no employee may have access to the payroll file after hours or on weekends.
  • 21. Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Identification enforces the rules established by the authorization policy:  A subject requests access to a system resource.  Every time the subject requests access to a resource, the access controls determine whether to grant or deny access.  Cybersecurity policies determine which identification controls should be used.  The sensitivity of the information and information systems determine how stringent the controls.  The increase in data breaches has forced many organizations to strengthen their identification controls.
  • 22. Presentation_ID 22© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential What You Know - Passwords, passphrases, or PINs are all examples of something that the user knows. Passwords are the most popular method used for authentication. What You Have - Smart cards and security key fobs are both examples of something that users have in their possession. Who You Are - A unique physical characteristic, such as a fingerprint, retina, or voice, that identifies a specific user is called biometrics. Multi-factor Authentication - Multi-factor authentication uses at least two methods of verification. A security key fob is a good example. The two factors are something you know, such as a password, and something you have, such as a security key fob.
  • 23. Presentation_ID 23© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Authorization controls what a user can and cannot do on the network after successful authentication:  After a user proves his or her identity, the system checks to see what network resources the user can access and what the users can do with the resources.  Authorization uses a set of attributes that describes the user’s access to the network.  The system compares these attributes to the information contained within the authentication database, determines a set of restrictions for that user, and delivers it to the local router where the user is connected.  Defining authorization rules is the first step in controlling access. An authorization policy establishes these rules.
  • 24. Presentation_ID 24© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Accountability traces an action back to a person or process making the change to a system, collects this information, and reports the usage data: • The organization can use this data for such purposes as auditing or billing. • The collected data might include the log in time for a user, whether the user log in was a success or failure, or what network resources the user accessed. • This allows an organization to trace actions, errors, and mistakes during an audit or investigation. • Implementing accountability consists of technologies, policies, procedures, and education. • Log files provide detailed information based on the parameters chosen.
  • 25. Presentation_ID 25© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Preventative Controls - Prevent means to keep something from happening. Preventative access controls stop unwanted or unauthorized activity from happening. Deterrent Controls - A deterrent is the opposite of a reward. A reward encourages individuals to do the right thing, while a deterrent discourages them from doing the wrong thing. Cybersecurity professionals and organizations use deterrents to limit or mitigate an action or behavior. Deterrents do not always stop these actions.
  • 26. Presentation_ID 26© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Detective Controls - Detection is the act or process of noticing or discovering something. Access control detections identify different types of unauthorized activity. Detection systems can be very simple, such as a motion detector or security guard. They can also be more complex, such as an intrusion detection system. Corrective Controls - Corrective counteracts something that is undesirable. Organizations put corrective access controls in place after a system experiences a threat. Corrective controls restore the system back to a state of confidentiality, integrity, and availability. They can also restore systems to normal after unauthorized activity occurs.
  • 27. Presentation_ID 27© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Recovery Controls - Recovery is a return to a normal state. Recovery access controls restore resources, functions, and capabilities after a violation of a security policy. Recovery controls can repair damage, in addition to stopping any further damage. These controls have more advanced capabilities over corrective access controls. Compensative Controls - Compensate means to make up for something. Compensative access controls provide options to other controls to bolster enforcement in support of a security policy. A compensative control can also be a substitution used in place of a control that is not possible under the circumstances.
  • 28. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28 4.3 Obscuring Data
  • 29. Presentation_ID 29© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential is a technology that secures data by replacing sensitive information with a non-sensitive version. The non-sensitive version looks and acts like the original. This means that a business process can use non-sensitive data and there is no need to change the supporting applications or data storage facilities. In the most common use case, masking limits the propagation of sensitive data within IT systems by distributing surrogate data sets for testing and analysis. There are data masking techniques that can ensure that data remains meaningful but changed enough to protect it:  Substitution - replaces data with authentic looking values to apply anonymity to the data records.  Shuffling - derives a substitution set from the same column of data that a user wants to mask. This technique works well for financial information in a test database, for example.
  • 30. Presentation_ID 30© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential conceals data (the message) in another file such as a graphic, audio, or other text file.  The advantage of steganography over cryptography is that the secret message does not attract any special attention. No one would ever know that a picture actually contained a secret message by viewing the file either electronically or in hardcopy. There are several components involved in hiding data: • There is the embedded data, which is the secret message. • Cover-text (or cover-image or cover-audio) hides the embedded data producing the stego-text (or stego-image or stego-audio). • A stego-key controls the hiding process.  The approach used to embed data in a cover-image is using hides information in plain sight by creating a message that can be read a certain way by some to get the message. Others who view it in a normal way will not see the message. is the discovery that hidden information exists. The goal of steganalysis is to discover the hidden information
  • 31. Presentation_ID 31© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
  • 32. Presentation_ID 32© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Data obfuscation - is the use and practice of data masking and steganography techniques in the cybersecurity and cyber intelligence profession:  Obfuscation is the art of making the message confusing, ambiguous, or harder to understand.  A system may purposely scramble messages to prevent unauthorized access to sensitive information.  Software watermarking protects software from unauthorized access or modification.  Software watermarking inserts a secret message into the program as proof of ownership.  The secret message is the software watermark. If someone tries to remove the watermark, the result is nonfunctional code.
  • 33. Presentation_ID 33© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential