SlideShare a Scribd company logo
cryptography and network security
Chapter : 1
Prepared by: Osama Elfar
Supervisored by: Dr-Noha Ezzat
Portsaid university
Faculty of science
Math, I.T & computer science dpet
Learning Objectives
After studying this chapter, you should be able to:
-Describe the key security requirements of confidentiality, integrity, and availability.
-Discuss the types of security threats and attacks that must be dealt with and give
examples of the types of threats and attacks that apply to different
categories of computer and network assets.
-Summarize the functional requirements for computer security.
-Describe the X.800 security architecture for OSI.
Cryptographic algorithms and protocols can be grouped into four main areas:
• Symmetric encryption: Used to conceal the contents of blocks or streams of
data of any size, including messages, files, encryption keys, and passwords.
• Asymmetric encryption: Used to conceal small blocks of data, such as encryp-
tion keys and hash function values, which are used in digital signatures.
• Data integrity algorithms: Used to protect blocks of data, such as messages,
from alteration.
• Authentication protocols: These are schemes based on the use of crypto-
graphic algorithms designed to authenticate the identity of entities.
Computer security concepts
Computer security concepts
• Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is
not made available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information
related to them may be collected and stored and by whom and to whom
that information may be disclosed.
• Integrity: This term covers two related concepts:
Data integrity: Assures that information and programs are changed only in
a specified and authorized manner.
System integrity: Assures that a system performs its intended function in
an unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.
• Availability: Assures that systems work promptly and service is not denied to
authorized users.
CIA triad
Computer security concepts
Computer security concepts
But we have to add :
• Authenticity: The property of being genuine and being able to be verified and
trusted; confidence in the validity of a transmission, a message, or message
originator. This means verifying that users are who they say they are and that
each input arriving at the system came from a trusted source.
• Accountability: The security goal that generates the requirement for actions
of an entity to be traced uniquely to that entity. This supports nonrepudia-
tion, deterrence, fault isolation, intrusion detection and prevention, and after-
action recovery and legal action. Because truly secure systems are not yet an
achievable goal, we must be able to trace a security breach to a responsible
party. Systems must keep records of their activities to permit later forensic
analysis to trace security breaches or to aid in transaction disputes.
Levers of attack impact on organizations
Computer security concepts
The Challenges of Computer Security:
First. Is it really a challenge ??
LulzSec Sony, News International, CIA, FBI, Scotland Yard, and several
noteworthy accounts
Adrian Lamo Yahoo!, Microsoft, Google, and The New York Times,many US
government sectors
Mathew Bevan
and Richard
Pryce
US military computers and used it as a means to infiltrate the foreign
systems
Kevin Mitnick Nokia, Motorola and Pentagon
Albert Gonzalez 170 million credit cards and ATM numbers.
Computer security concepts
The Challenges of Computer Security:
1- Security is not as simple as it might first appear to the novice. But the mechanisms used to meet those
requirements can be quite complex, and understanding them may involve rather subtle reasoning.
2- In many cases, successful attacks are designed by looking at the problem in a completely different way,
therefore exploiting an unexpected weakness in the mechanism.
3-Because of point 2, the procedures used to provide particular services are often counterintuitive
4-Having designed various security mechanisms, it is necessary to decide where to use them.
5-Security mechanisms typically involve more than a particular algorithm or protocol. They also require that
participants be in possession of some secret information (e.g., an encryption key), which raises questions
about the creation, distribution, and protection of that secret information.
6-the attacker has is that he or she need only find a single weakness, while the designer must find and
eliminate all weaknesses to achieve perfect security.
7-There is a natural tendency on the part of users and system managers
8- Security requires regular, even constant, monitoring
9- Security is still too often an afterthought to be incorporated into a system after the design is complete
10- Many users and even security administrators view strong security as an impedimeant to efficient and user-
friendly operation of an information system or use of information.
Computer security concepts
The OSI Security Architecture
The OSI security architecture focuses on security attacks, mechanisms, and
services. These can be defined briefly as :
• Security attack: Any action that compromises the security of information
owned by an organization.
• Security mechanism: A process (or a device incorporating such a process) that
is designed to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the
security of the data processing systems and the information transfers of an
organization. The services are intended to counter security attacks, and they
make use of one or more security mechanisms to provide the service.
X.800, Security Architecture for OSI
Threats and Attacks (RFC 4949)
Threat: A potential for violation of security, which exists when there is a circumstance, capability,
action, or event that could breach security and cause harm. That is, a threat is a possible
danger that might exploit a vulnerability.
Attack: An assault on system security that derives from an intelligent threat; that is, an intelligent
act that is a deliberate attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.
Security attacks
Active vs passive attacks:
Active attacks (Figure 1.1b) involve some modification of the data stream or the
creation of a false stream and can be subdivided into four categories: masquerade,
replay, modification of messages, and denial of service.
Security attacks
Active vs passive attacks:
Passive attacks (Figure 1.1) are in the nature of eavesdropping on, or monitoring
of, transmissions. The goal of the opponent is to obtain information that is being
transmitted. Two types of passive attacks are the release of message contents and
traffic analysis.
Security attacks
Security services
RFC 4949 ‘s definition :
a processing or communication service that is
provided by a system to give a specific kind of protection to system resources
AUTHENTICATION
The assurance that the communicating entity is the one that it claims to be.
Peer Entity Authentication - Data-Origin Authentication
ACCESS CONTROL
The prevention of unauthorized use of a resource
DATA CONFIDENTIALITY
The protection of data from unauthorized disclosure.
Connection Confidentiality - Connection Confidentiality - Selective-Field Confidentiality - Traffic-
Flow Confidentiality
DATA INTEGRITY:
The assurance that data receConnection Integrity with Recoveryived are exactly as sent by an
authorized entity
Connection Integrity with Recovery - Connection Integrity without Recovery - Selective-Field
Connection Integrity - Connectionless Integrity - Selective-Field Connectionless Integrity
NONREPUDIATION:
Provides protection against denial by one of the entities involved in a communication
Nonrepudiation, Origin - Nonrepudiation, Destination
Security services
security mechanisms
SPECIFIC SECURITY MECHANISMS
May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services.
- Encipherment:The use of mathematical algorithms to transform data into a form that is not readily
intelligible.
Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient
of the data unit to prove the source and integrity of the data unit and protect against forgery .
-Access Control: A variety of mechanisms that enforce access rights to resources.
Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
-Data Integrity:A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
-Authentication Exchange:A mechanism intended to ensure the identity of an entity by means of
information exchange.
Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
-Routing Control:Enables selection of particular physically secure routes for certain data and allows routing
changes,
Notarization: The use of a trusted third party to assure certain properties of a data exchange.
PERVASIVE SECURITY MECHANISMS
Mechanisms that are not specific to any particular OSI security service or protocol layer
Trusted Functionality:That which is perceived to be correct with respect to some criteria
(e.g., as established by a security policy).
Security Label:The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
Event Detection: Detection of security-relevant events.
Security Audit Trail: Data collected and potentially used to facilitate a security audit, which
is an independent review and examination of system records and activities.
Security Recovery: Deals with requests from mechanisms, such as event
handling and management functions, and takes
recovery actions.
security mechanisms
A model for Network security
Network security   chapter 1

More Related Content

What's hot

Network forensic
Network forensicNetwork forensic
Network forensic
Manjushree Mashal
 
Information security
Information security Information security
Information security
razendar79
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
Dr.Florence Dayana
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
symmetric key encryption algorithms
 symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
Rashmi Burugupalli
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
System security
System securitySystem security
System security
invertis university
 
Protection models
Protection modelsProtection models
Protection models
G Prachi
 
Network security
Network securityNetwork security
Network security
fatimasaham
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 

What's hot (20)

Network forensic
Network forensicNetwork forensic
Network forensic
 
Information security
Information security Information security
Information security
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
symmetric key encryption algorithms
 symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
System security
System securitySystem security
System security
 
Protection models
Protection modelsProtection models
Protection models
 
Network security
Network securityNetwork security
Network security
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 

Similar to Network security chapter 1

ch01-4.ppt
ch01-4.pptch01-4.ppt
ch01-4.ppt
faizalkhan673954
 
Nw sec
Nw secNw sec
Nw sec
shivz3
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
AparnaSunil24
 
CH01.ppt
CH01.pptCH01.ppt
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdf
MohammedElkayesh
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptx
RavikumarVadana
 
Ch01
Ch01Ch01
cns unit 1.pptx
cns unit 1.pptxcns unit 1.pptx
cns unit 1.pptx
Saranya Natarajan
 
Ch01
Ch01Ch01
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
ssuser4198c4
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
vishnukp34
 
Cryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.pptCryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.ppt
shanthishyam
 
osi-security-architectureppt.pptx
osi-security-architectureppt.pptxosi-security-architectureppt.pptx
osi-security-architectureppt.pptx
kumarkaushal17
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptx
Arumugam90
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
Unit 1.ppt
Unit 1.pptUnit 1.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
tahirnaquash2
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptx
ssuseref9c81
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
Zara Nawaz
 

Similar to Network security chapter 1 (20)

ch01-4.ppt
ch01-4.pptch01-4.ppt
ch01-4.ppt
 
Nw sec
Nw secNw sec
Nw sec
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
 
CH01.ppt
CH01.pptCH01.ppt
CH01.ppt
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdf
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptx
 
Ch01
Ch01Ch01
Ch01
 
cns unit 1.pptx
cns unit 1.pptxcns unit 1.pptx
cns unit 1.pptx
 
Ch01
Ch01Ch01
Ch01
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Cryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.pptCryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.ppt
 
osi-security-architectureppt.pptx
osi-security-architectureppt.pptxosi-security-architectureppt.pptx
osi-security-architectureppt.pptx
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptx
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 
Unit 1.ppt
Unit 1.pptUnit 1.ppt
Unit 1.ppt
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptx
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 

Recently uploaded

JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 

Recently uploaded (20)

JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 

Network security chapter 1

  • 1. cryptography and network security Chapter : 1 Prepared by: Osama Elfar Supervisored by: Dr-Noha Ezzat Portsaid university Faculty of science Math, I.T & computer science dpet
  • 2. Learning Objectives After studying this chapter, you should be able to: -Describe the key security requirements of confidentiality, integrity, and availability. -Discuss the types of security threats and attacks that must be dealt with and give examples of the types of threats and attacks that apply to different categories of computer and network assets. -Summarize the functional requirements for computer security. -Describe the X.800 security architecture for OSI.
  • 3. Cryptographic algorithms and protocols can be grouped into four main areas: • Symmetric encryption: Used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords. • Asymmetric encryption: Used to conceal small blocks of data, such as encryp- tion keys and hash function values, which are used in digital signatures. • Data integrity algorithms: Used to protect blocks of data, such as messages, from alteration. • Authentication protocols: These are schemes based on the use of crypto- graphic algorithms designed to authenticate the identity of entities. Computer security concepts
  • 5. • Confidentiality: This term covers two related concepts: Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. • Integrity: This term covers two related concepts: Data integrity: Assures that information and programs are changed only in a specified and authorized manner. System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. • Availability: Assures that systems work promptly and service is not denied to authorized users. CIA triad Computer security concepts
  • 6. Computer security concepts But we have to add : • Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. • Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudia- tion, deterrence, fault isolation, intrusion detection and prevention, and after- action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
  • 7. Levers of attack impact on organizations Computer security concepts
  • 8. The Challenges of Computer Security: First. Is it really a challenge ?? LulzSec Sony, News International, CIA, FBI, Scotland Yard, and several noteworthy accounts Adrian Lamo Yahoo!, Microsoft, Google, and The New York Times,many US government sectors Mathew Bevan and Richard Pryce US military computers and used it as a means to infiltrate the foreign systems Kevin Mitnick Nokia, Motorola and Pentagon Albert Gonzalez 170 million credit cards and ATM numbers. Computer security concepts
  • 9. The Challenges of Computer Security: 1- Security is not as simple as it might first appear to the novice. But the mechanisms used to meet those requirements can be quite complex, and understanding them may involve rather subtle reasoning. 2- In many cases, successful attacks are designed by looking at the problem in a completely different way, therefore exploiting an unexpected weakness in the mechanism. 3-Because of point 2, the procedures used to provide particular services are often counterintuitive 4-Having designed various security mechanisms, it is necessary to decide where to use them. 5-Security mechanisms typically involve more than a particular algorithm or protocol. They also require that participants be in possession of some secret information (e.g., an encryption key), which raises questions about the creation, distribution, and protection of that secret information. 6-the attacker has is that he or she need only find a single weakness, while the designer must find and eliminate all weaknesses to achieve perfect security. 7-There is a natural tendency on the part of users and system managers 8- Security requires regular, even constant, monitoring 9- Security is still too often an afterthought to be incorporated into a system after the design is complete 10- Many users and even security administrators view strong security as an impedimeant to efficient and user- friendly operation of an information system or use of information. Computer security concepts
  • 10. The OSI Security Architecture The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined briefly as : • Security attack: Any action that compromises the security of information owned by an organization. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. X.800, Security Architecture for OSI
  • 11. Threats and Attacks (RFC 4949) Threat: A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. Attack: An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. Security attacks
  • 12. Active vs passive attacks: Active attacks (Figure 1.1b) involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service. Security attacks
  • 13. Active vs passive attacks: Passive attacks (Figure 1.1) are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis. Security attacks
  • 14. Security services RFC 4949 ‘s definition : a processing or communication service that is provided by a system to give a specific kind of protection to system resources
  • 15. AUTHENTICATION The assurance that the communicating entity is the one that it claims to be. Peer Entity Authentication - Data-Origin Authentication ACCESS CONTROL The prevention of unauthorized use of a resource DATA CONFIDENTIALITY The protection of data from unauthorized disclosure. Connection Confidentiality - Connection Confidentiality - Selective-Field Confidentiality - Traffic- Flow Confidentiality DATA INTEGRITY: The assurance that data receConnection Integrity with Recoveryived are exactly as sent by an authorized entity Connection Integrity with Recovery - Connection Integrity without Recovery - Selective-Field Connection Integrity - Connectionless Integrity - Selective-Field Connectionless Integrity NONREPUDIATION: Provides protection against denial by one of the entities involved in a communication Nonrepudiation, Origin - Nonrepudiation, Destination Security services
  • 16. security mechanisms SPECIFIC SECURITY MECHANISMS May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. - Encipherment:The use of mathematical algorithms to transform data into a form that is not readily intelligible. Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery . -Access Control: A variety of mechanisms that enforce access rights to resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. -Data Integrity:A variety of mechanisms used to assure the integrity of a data unit or stream of data units. -Authentication Exchange:A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. -Routing Control:Enables selection of particular physically secure routes for certain data and allows routing changes, Notarization: The use of a trusted third party to assure certain properties of a data exchange.
  • 17. PERVASIVE SECURITY MECHANISMS Mechanisms that are not specific to any particular OSI security service or protocol layer Trusted Functionality:That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). Security Label:The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Event Detection: Detection of security-relevant events. Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions. security mechanisms
  • 18.
  • 19. A model for Network security