Uploaded byJebasheelaSJ
PPTX, PDF37 views

Dos unit 5

The document discusses computer security, outlining its necessity for protecting sensitive information and defining key goals such as secrecy, privacy, authenticity, and integrity. It categorizes threats into passive and active attacks, detailing methods like browsing, leaking, viruses, and logic bombs. It further covers cryptography, authentication, access control, and essential design principles for creating secure systems.

Embed presentation

Download to read offline
UNIT- 5
Security- introduction • Computer systems store large amount of information, some of which is highly sensitive and valuable to their users. • Users can trust the system and rely on it only if the various resources and information of a computer system are protected against destruction and unauthorized access. • Obviously, the security requirements are different for different computer systems depending on the environment in which they are supposed to operate.
• Some of the common goals of computer security are as follows: 1) Secrecy: Information within the system must be accessible only to authorized users. 2) Privacy: Misuse of information must be prevented. That is, a piece of information given to a user should be used only for the purpose for which it was given. 3)Authenticity: When a user receives some data, the user must be able to verify its authenticity. 4) Integrity: Information within the system must be protected against accidental destruction or intentional corruption by an unauthorized user
Potential attacks to computer system • The first step in the provision of appropriate computer security is to identify the potential threats/attacks to computer systems. • The term intruder or attacker is commonly used to refer to a person or program trying to obtain unauthorized access to data or a resource of a computer system.
• An intruder may be a threat to computer security in many ways that are broadly classified into two categories: 1) Positive attacks 2) Active attacks • A positive attack does not cause any harm to the system being threatened , whereas an active attack does.
Positive attacks • In positive attacks, an intruder somehow tries to steal unauthorized information from the computer system without interfering with the normal functioning of the system. 1) Browsing 2) Leaking 3) Inferencing 4) Masquerading
• Browsing: In this method, intruders attempt to read stored files, message packets passing by on the network, other processes memory, and so on, without modifying any data. • Leaking: In this method, an intruder uses an accomplice who leaks the information to him or her. Prevention of leaking is a difficult problem to solve and requires preventing all types of communication between the accomplice and the intruder.
• Inferencing: In this method, an intruder tries to draw some inference by closely observing and analyzing the system’s data or the activities carried out by the system. In this case, an intruder observes when and where interprocess messages flow in the system, and by analyzing the frequency of message. • Masquerading: In this method, an intruder masquerades as an authorized user or program in order to gain access to uauthorized data or resources.
Active Attacks • Active intruders are more malicious than passive intruders. • Unlike passive attacks, active attacks interfere with the normal functioning of the system and often have damaging effects. • The most common types of damage that active attacks cause are corrupting files, destroying data, imitating hardware errors.
• Some commonly used forms of active attacks are: 1) Viruses 2) Worms 3) Logic Bombs.
• Viruses: A computer viruses is a piece of code attached to a legitimate program that, when executed, infects other programs in the system by replicating and attaching itself to them. • Worms: Worms are program that spread from one computer to another in a network of computers. • Logic Bombs: A logic bomb is a program that lies dormant until some trigger condition causes it to explode.
Cryptography • Cryptography is a means of protecting private information against unauthorized access in those situations where it is difficult to provide physical security. • The basic idea behind this security technique is that if it is not possible to prevent copying of information, it is better to prevent comprehension.
Basic Concepts and Terminologies • Two primitive operations employed by cryptography are encryption and decryption. • Encryption is the process of transforming an intelligible information into an unintelligible form. • Decryption is the process of transforming the information back from ciphertext to plaintext.
• When cryptography is employed for protecting information transmitted through communication channels, plaintext is also called a message. • Encryption is basically a mathematical function having the following form: C=E(P,Ke) Where P is the plaintext to be encrypted, Ke is an encryption key and C is the resulting ciphertext.
Symmetric and Asymmetric • There are two broad classes of cryptosystems, symmetric and asymmetric. • In a Symmetric cryptosystem, either both the encryption key(Ke) and decryption key(kd) are the same or one is easily derivable from the other. • In an asymmetric cryptosystem, on the other hand, the decryption key(kd) is not equal to the encryption key(Ke).
Authentication • Authentication deals with the problem of verifying the identity of a user before permitting access to the requested resource. • That is, an authentication mechanism prohibits the use of the system by unauthorized users by verifying the identity of a user making a request.
• Authentication basically involves identification and verification. • Identification is the process of claiming a certain identity by a user, while verification is the process of verifying the user’s claimed identity. • Thus, the correctness of an authentication process relies heavily on the verification procedure employed.
Types of authentication • The main types of authentication normally needed in a distributed system are as follows: 1) User logins authentication 2) One-way authentication of communicating entities 3) Two-way authentication of communicating entities
Approaches to Authentication • Proof by knowledge: In this approach, authentication involves verifying something that can only be known by an authorized principal. • Proof by possession: In this approach, a user proves his or her identity by producing some item that can only be possessed by an authorized principal. • Proof by property: In this approach, the system is designed to verify the identity of a user by measuring some physical characteristics of the user that are hard to forge.
User Login Authentication • As in centralized systems, a user access to a distributed system by logging in a host in the system. User identity is established at login, at all subsequent user activities are attributed to this identity. 1. Keeping passwords secret 2. Making passwords difficult to guess 3. Limiting damages done by a compromised password 4. Identifying and discourging unauthorized user logins. 5. Single sign-on for using all resources in the system.
Access Control • Once a user or a process has been authenticated, the next step in security is to devise ways to prohibit the user or the process from accessing those resources/information that he or she or it is not authorized to access. • This issue is called authorization and is dealt with by using access control mechanisms. • Access control mechanisms used in distributed systems are basically the same as those used in centralized systems.
• When talking about access control in computer systems, it is customary to use the following terms: 1. Objects 2.Subjects 3. Protection rules
Protection domains • A domain is an abstract definition of a set of access rights. • It is defined as a set of pairs. • Each pair specifies an object and one or more operations that can be performed on the object. • Each one of the allowed operations is called a right.
Design signature • A digital signature is basically a code, or a large number, that is unique for each message and to each message originator. • It is obtained by first processing the message with a hash function to obtain a small digest dependent on each bit of information in the message and then encrypting the digest by using the originator secret key.
• A protocol based on a digital signature for ensuring message integrity works as follows: 1. A sender(A) computes the digest(D) of a message(M). It then encrypts the digest D by using its secret key(Sa) to obtain a cipertext C1=E(D,Sa). A signed message is then created that consists of the senders identifier, the message M in its plaintext form, and the ciphertext C1. 2. On receiving the signed message, the receiver decrypts C1 by using the public key of the sender to recover the digest D.
Design principles • Based on their experience with Multics, Saltzer and Schroeder identified some design principles that can be used as a guide to designing secure systems. 1. Least privilage 2. Fail-safe defaults 3. Open design 4. Built in to the system 5.Check for current authority 6. Easy granting and revocation of access rights 7.Never trust other parties 8. Always ensure freshness of messages

More Related Content

PDF
BAIT1103 Chapter 1
bylimsh
 
PPTX
Security Mechanisms
bypriya_trehan
 
PPTX
Data Network Security
byAtif Rehmat
 
PDF
Security in computer systems fundamentals
byManesh T
 
PDF
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
PDF
Computer security
byMahesh Singh Madai
 
PPT
Technical seminar on Security
bySTS
 
PPT
Network Security 1st Lecture
bybabak danyal
 
BAIT1103 Chapter 1
bylimsh
 
Security Mechanisms
bypriya_trehan
 
Data Network Security
byAtif Rehmat
 
Security in computer systems fundamentals
byManesh T
 
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
Computer security
byMahesh Singh Madai
 
Technical seminar on Security
bySTS
 
Network Security 1st Lecture
bybabak danyal
 

What's hot

PPTX
Types of attacks
byVivek Gandhi
 
PPT
Chapter 01
bynathanurag
 
PPTX
Security
bychian417
 
PPT
Basic security concepts_chapter_1
byabdifatah said
 
PPTX
Cryptography and Network security # Lecture 8
byKabul Education University
 
PDF
Network Security & Attacks
byNetwax Lab
 
PPTX
Cryptography and authentication
bymbadhi
 
PDF
CNS - Chapter1
byJeevananthamArumugam
 
PDF
Security Basics
byArchitecTerra Ltd.
 
PDF
Network security chapter 1
byosama elfar
 
PDF
Computer Security Lecture 1: Overview
byMohamed Loey
 
PPTX
Chapter 1: Overview of Network Security
byShafaan Khaliq Bhatti
 
PDF
BAIT1103 Course Overview
bylimsh
 
PPTX
Ppt.1
byveeresh35
 
PPTX
Cryptographic Security
byjp tj
 
PPT
Ch05 Network Defenses
byInformation Technology
 
PPTX
Network security
byquest university nawabshah
 
PPTX
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
byEric Vanderburg
 
PPTX
Introduction of network security
bysneha padhiar
 
PDF
Network Security Lecture
byChanankorn Jandaeng
 
Types of attacks
byVivek Gandhi
 
Chapter 01
bynathanurag
 
Security
bychian417
 
Basic security concepts_chapter_1
byabdifatah said
 
Cryptography and Network security # Lecture 8
byKabul Education University
 
Network Security & Attacks
byNetwax Lab
 
Cryptography and authentication
bymbadhi
 
CNS - Chapter1
byJeevananthamArumugam
 
Security Basics
byArchitecTerra Ltd.
 
Network security chapter 1
byosama elfar
 
Computer Security Lecture 1: Overview
byMohamed Loey
 
Chapter 1: Overview of Network Security
byShafaan Khaliq Bhatti
 
BAIT1103 Course Overview
bylimsh
 
Ppt.1
byveeresh35
 
Cryptographic Security
byjp tj
 
Ch05 Network Defenses
byInformation Technology
 
Network security
byquest university nawabshah
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
byEric Vanderburg
 
Introduction of network security
bysneha padhiar
 
Network Security Lecture
byChanankorn Jandaeng
 

Similar to Dos unit 5

PPT
Lect13 security
byUmang Gupta
 
PPTX
System Security
byReddhi Basu
 
PDF
ch15.pdf
bySami Mughal
 
PPTX
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
byNune SrinivasRao
 
PDF
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
byVishwanathMahalle
 
PPTX
cryptography introduction.pptx
byBisharSuleiman
 
PPTX
Chapter 1 information assurance and security
bygaredew32
 
PDF
Cryptography-PART-1.pdf,taught in nitw 2025
bykc22csb0a13
 
PPTX
Communication security
bySotheavy Nhoung
 
PPTX
operating system ppt tegeng2.pptxguktgjh
bytegenefikadu91
 
PPTX
Cryptography and Network Security-ch1-4.pptx
bySamiDan3
 
PPTX
syllabus of information security for 6th semester
byPankilPatel25
 
PDF
Information Security basic introduction by professor
byadityakatare35
 
PDF
Network security & cryptography full notes
bygangadhar9989166446
 
PPTX
Computer Security. The increasing need of todays era
bypoudelpranjol5
 
PDF
chapter 1-4.pdf
byzerihunnana
 
PDF
information technology cryptography Msc chapter 1-4.pdf
bywondimagegndesta
 
PPTX
FCT UNIT 5 Foundation of computing technologies.pptx
bynandinikhalane
 
PPTX
Cryptography Introduction for CIA triad
byPratibhaJadhav22
 
PDF
OPERATING SYSTEM SECURITY
byRohitK71
 
Lect13 security
byUmang Gupta
 
System Security
byReddhi Basu
 
ch15.pdf
bySami Mughal
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
byNune SrinivasRao
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
byVishwanathMahalle
 
cryptography introduction.pptx
byBisharSuleiman
 
Chapter 1 information assurance and security
bygaredew32
 
Cryptography-PART-1.pdf,taught in nitw 2025
bykc22csb0a13
 
Communication security
bySotheavy Nhoung
 
operating system ppt tegeng2.pptxguktgjh
bytegenefikadu91
 
Cryptography and Network Security-ch1-4.pptx
bySamiDan3
 
syllabus of information security for 6th semester
byPankilPatel25
 
Information Security basic introduction by professor
byadityakatare35
 
Network security & cryptography full notes
bygangadhar9989166446
 
Computer Security. The increasing need of todays era
bypoudelpranjol5
 
chapter 1-4.pdf
byzerihunnana
 
information technology cryptography Msc chapter 1-4.pdf
bywondimagegndesta
 
FCT UNIT 5 Foundation of computing technologies.pptx
bynandinikhalane
 
Cryptography Introduction for CIA triad
byPratibhaJadhav22
 
OPERATING SYSTEM SECURITY
byRohitK71
 

Recently uploaded

PPTX
VAGINAL IRRIGATION..................pptx
byAneetaSharma15
 
PPTX
Report for Prepare Time Management in Odoo 19 POS
byCeline George
 
PDF
19 January 2026 Andreas Schleicher Digital Education Outlook 2026.pdf
byEduSkills OECD
 
PDF
Fanatics of LDM a Time Capsule By LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PPTX
OXYGEN ADMINISTRATION/THERAPY ......pptx
byAneetaSharma15
 
PDF
Overview of Ethiopian Agriculture: Systems and Economic Impact.pdf
byinebaseifu
 
PPTX
An Complete Overview of Survey in Odoo 18
byCeline George
 
PPTX
How to Add or Remove Multiple Followers in a Records
byCeline George
 
PPTX
Allow Quantity Modification in Combo in Odoo 19 pos
byCeline George
 
PPTX
Redox Titration - Oxidation and Reduction
byKhushbu Shah
 
PPTX
ANTISEPTICS AND DISINFECTANTS CHAPTER NO.05.pptx
byGanu Gavade
 
PPTX
Electric Charges and Fields 25.pptx notes of lecture 25 by lakshay neet 2026 2.0
byhh3360156
 
PDF
Freshman Geography Chapter 7-Population of Ethiiopia
bytfeven44
 
PDF
Q4_LE_English 8_Lesson 1_Week 1.pd Revised
byQuerisaIngridMortel
 
PPTX
Introduction of Carbohydrates - Dr.M.Jothimuniyandi
byJothimuniyandi
 
DOCX
COMMUNITY HEALTH NURSING OSCE CHECKLIST.docx
byGeetha S R
 
PPTX
Palta Utsav Open to All Quiz Final Set.pptx
bySourav Kr Podder
 
PPTX
Complete and Detailed Overview of Odoo 18 Contact
byCeline George
 
PPTX
How to Create SMS Marketing Campaigns in Odoo 18
byCeline George
 
PDF
The Unique Wildlife of Ethiopia: From the Simien to the Bale Mountains
byfirtunagebremicheal
 
VAGINAL IRRIGATION..................pptx
byAneetaSharma15
 
Report for Prepare Time Management in Odoo 19 POS
byCeline George
 
19 January 2026 Andreas Schleicher Digital Education Outlook 2026.pdf
byEduSkills OECD
 
Fanatics of LDM a Time Capsule By LDMMIA
by©LDMMIA, ©Reiki Yoga
 
OXYGEN ADMINISTRATION/THERAPY ......pptx
byAneetaSharma15
 
Overview of Ethiopian Agriculture: Systems and Economic Impact.pdf
byinebaseifu
 
An Complete Overview of Survey in Odoo 18
byCeline George
 
How to Add or Remove Multiple Followers in a Records
byCeline George
 
Allow Quantity Modification in Combo in Odoo 19 pos
byCeline George
 
Redox Titration - Oxidation and Reduction
byKhushbu Shah
 
ANTISEPTICS AND DISINFECTANTS CHAPTER NO.05.pptx
byGanu Gavade
 
Electric Charges and Fields 25.pptx notes of lecture 25 by lakshay neet 2026 2.0
byhh3360156
 
Freshman Geography Chapter 7-Population of Ethiiopia
bytfeven44
 
Q4_LE_English 8_Lesson 1_Week 1.pd Revised
byQuerisaIngridMortel
 
Introduction of Carbohydrates - Dr.M.Jothimuniyandi
byJothimuniyandi
 
COMMUNITY HEALTH NURSING OSCE CHECKLIST.docx
byGeetha S R
 
Palta Utsav Open to All Quiz Final Set.pptx
bySourav Kr Podder
 
Complete and Detailed Overview of Odoo 18 Contact
byCeline George
 
How to Create SMS Marketing Campaigns in Odoo 18
byCeline George
 
The Unique Wildlife of Ethiopia: From the Simien to the Bale Mountains
byfirtunagebremicheal
 

Dos unit 5

  • 1.
  • 2.
    Security- introduction • Computersystems store large amount of information, some of which is highly sensitive and valuable to their users. • Users can trust the system and rely on it only if the various resources and information of a computer system are protected against destruction and unauthorized access. • Obviously, the security requirements are different for different computer systems depending on the environment in which they are supposed to operate.
  • 3.
    • Some ofthe common goals of computer security are as follows: 1) Secrecy: Information within the system must be accessible only to authorized users. 2) Privacy: Misuse of information must be prevented. That is, a piece of information given to a user should be used only for the purpose for which it was given. 3)Authenticity: When a user receives some data, the user must be able to verify its authenticity. 4) Integrity: Information within the system must be protected against accidental destruction or intentional corruption by an unauthorized user
  • 4.
    Potential attacks tocomputer system • The first step in the provision of appropriate computer security is to identify the potential threats/attacks to computer systems. • The term intruder or attacker is commonly used to refer to a person or program trying to obtain unauthorized access to data or a resource of a computer system.
  • 5.
    • An intrudermay be a threat to computer security in many ways that are broadly classified into two categories: 1) Positive attacks 2) Active attacks • A positive attack does not cause any harm to the system being threatened , whereas an active attack does.
  • 6.
    Positive attacks • Inpositive attacks, an intruder somehow tries to steal unauthorized information from the computer system without interfering with the normal functioning of the system. 1) Browsing 2) Leaking 3) Inferencing 4) Masquerading
  • 7.
    • Browsing: Inthis method, intruders attempt to read stored files, message packets passing by on the network, other processes memory, and so on, without modifying any data. • Leaking: In this method, an intruder uses an accomplice who leaks the information to him or her. Prevention of leaking is a difficult problem to solve and requires preventing all types of communication between the accomplice and the intruder.
  • 8.
    • Inferencing: Inthis method, an intruder tries to draw some inference by closely observing and analyzing the system’s data or the activities carried out by the system. In this case, an intruder observes when and where interprocess messages flow in the system, and by analyzing the frequency of message. • Masquerading: In this method, an intruder masquerades as an authorized user or program in order to gain access to uauthorized data or resources.
  • 9.
    Active Attacks • Activeintruders are more malicious than passive intruders. • Unlike passive attacks, active attacks interfere with the normal functioning of the system and often have damaging effects. • The most common types of damage that active attacks cause are corrupting files, destroying data, imitating hardware errors.
  • 10.
    • Some commonlyused forms of active attacks are: 1) Viruses 2) Worms 3) Logic Bombs.
  • 11.
    • Viruses: Acomputer viruses is a piece of code attached to a legitimate program that, when executed, infects other programs in the system by replicating and attaching itself to them. • Worms: Worms are program that spread from one computer to another in a network of computers. • Logic Bombs: A logic bomb is a program that lies dormant until some trigger condition causes it to explode.
  • 12.
    Cryptography • Cryptography isa means of protecting private information against unauthorized access in those situations where it is difficult to provide physical security. • The basic idea behind this security technique is that if it is not possible to prevent copying of information, it is better to prevent comprehension.
  • 13.
    Basic Concepts andTerminologies • Two primitive operations employed by cryptography are encryption and decryption. • Encryption is the process of transforming an intelligible information into an unintelligible form. • Decryption is the process of transforming the information back from ciphertext to plaintext.
  • 14.
    • When cryptographyis employed for protecting information transmitted through communication channels, plaintext is also called a message. • Encryption is basically a mathematical function having the following form: C=E(P,Ke) Where P is the plaintext to be encrypted, Ke is an encryption key and C is the resulting ciphertext.
  • 15.
    Symmetric and Asymmetric •There are two broad classes of cryptosystems, symmetric and asymmetric. • In a Symmetric cryptosystem, either both the encryption key(Ke) and decryption key(kd) are the same or one is easily derivable from the other. • In an asymmetric cryptosystem, on the other hand, the decryption key(kd) is not equal to the encryption key(Ke).
  • 16.
    Authentication • Authentication dealswith the problem of verifying the identity of a user before permitting access to the requested resource. • That is, an authentication mechanism prohibits the use of the system by unauthorized users by verifying the identity of a user making a request.
  • 17.
    • Authentication basicallyinvolves identification and verification. • Identification is the process of claiming a certain identity by a user, while verification is the process of verifying the user’s claimed identity. • Thus, the correctness of an authentication process relies heavily on the verification procedure employed.
  • 18.
    Types of authentication •The main types of authentication normally needed in a distributed system are as follows: 1) User logins authentication 2) One-way authentication of communicating entities 3) Two-way authentication of communicating entities
  • 19.
    Approaches to Authentication •Proof by knowledge: In this approach, authentication involves verifying something that can only be known by an authorized principal. • Proof by possession: In this approach, a user proves his or her identity by producing some item that can only be possessed by an authorized principal. • Proof by property: In this approach, the system is designed to verify the identity of a user by measuring some physical characteristics of the user that are hard to forge.
  • 20.
    User Login Authentication •As in centralized systems, a user access to a distributed system by logging in a host in the system. User identity is established at login, at all subsequent user activities are attributed to this identity. 1. Keeping passwords secret 2. Making passwords difficult to guess 3. Limiting damages done by a compromised password 4. Identifying and discourging unauthorized user logins. 5. Single sign-on for using all resources in the system.
  • 21.
    Access Control • Oncea user or a process has been authenticated, the next step in security is to devise ways to prohibit the user or the process from accessing those resources/information that he or she or it is not authorized to access. • This issue is called authorization and is dealt with by using access control mechanisms. • Access control mechanisms used in distributed systems are basically the same as those used in centralized systems.
  • 22.
    • When talkingabout access control in computer systems, it is customary to use the following terms: 1. Objects 2.Subjects 3. Protection rules
  • 23.
    Protection domains • Adomain is an abstract definition of a set of access rights. • It is defined as a set of pairs. • Each pair specifies an object and one or more operations that can be performed on the object. • Each one of the allowed operations is called a right.
  • 24.
    Design signature • Adigital signature is basically a code, or a large number, that is unique for each message and to each message originator. • It is obtained by first processing the message with a hash function to obtain a small digest dependent on each bit of information in the message and then encrypting the digest by using the originator secret key.
  • 25.
    • A protocolbased on a digital signature for ensuring message integrity works as follows: 1. A sender(A) computes the digest(D) of a message(M). It then encrypts the digest D by using its secret key(Sa) to obtain a cipertext C1=E(D,Sa). A signed message is then created that consists of the senders identifier, the message M in its plaintext form, and the ciphertext C1. 2. On receiving the signed message, the receiver decrypts C1 by using the public key of the sender to recover the digest D.
  • 26.
    Design principles • Basedon their experience with Multics, Saltzer and Schroeder identified some design principles that can be used as a guide to designing secure systems. 1. Least privilage 2. Fail-safe defaults 3. Open design 4. Built in to the system 5.Check for current authority 6. Easy granting and revocation of access rights 7.Never trust other parties 8. Always ensure freshness of messages