SlideShare a Scribd company logo
cryptography and network security
Chapter : 1
Prepared by: Osama Elfar
Supervisored by: Dr-Noha Ezzat
Portsaid university
Faculty of science
Math, I.T & computer science dpet
Learning Objectives
After studying this chapter, you should be able to:
-Describe the key security requirements of confidentiality, integrity, and availability.
-Discuss the types of security threats and attacks that must be dealt with and give
examples of the types of threats and attacks that apply to different
categories of computer and network assets.
-Summarize the functional requirements for computer security.
-Describe the X.800 security architecture for OSI.
Cryptographic algorithms and protocols can be grouped into four main areas:
• Symmetric encryption: Used to conceal the contents of blocks or streams of
data of any size, including messages, files, encryption keys, and passwords.
• Asymmetric encryption: Used to conceal small blocks of data, such as encryp-
tion keys and hash function values, which are used in digital signatures.
• Data integrity algorithms: Used to protect blocks of data, such as messages,
from alteration.
• Authentication protocols: These are schemes based on the use of crypto-
graphic algorithms designed to authenticate the identity of entities.
Computer security concepts
Computer security concepts
• Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is
not made available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information
related to them may be collected and stored and by whom and to whom
that information may be disclosed.
• Integrity: This term covers two related concepts:
Data integrity: Assures that information and programs are changed only in
a specified and authorized manner.
System integrity: Assures that a system performs its intended function in
an unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.
• Availability: Assures that systems work promptly and service is not denied to
authorized users.
CIA triad
Computer security concepts
Computer security concepts
But we have to add :
• Authenticity: The property of being genuine and being able to be verified and
trusted; confidence in the validity of a transmission, a message, or message
originator. This means verifying that users are who they say they are and that
each input arriving at the system came from a trusted source.
• Accountability: The security goal that generates the requirement for actions
of an entity to be traced uniquely to that entity. This supports nonrepudia-
tion, deterrence, fault isolation, intrusion detection and prevention, and after-
action recovery and legal action. Because truly secure systems are not yet an
achievable goal, we must be able to trace a security breach to a responsible
party. Systems must keep records of their activities to permit later forensic
analysis to trace security breaches or to aid in transaction disputes.
Levers of attack impact on organizations
Computer security concepts
The Challenges of Computer Security:
First. Is it really a challenge ??
LulzSec Sony, News International, CIA, FBI, Scotland Yard, and several
noteworthy accounts
Adrian Lamo Yahoo!, Microsoft, Google, and The New York Times,many US
government sectors
Mathew Bevan
and Richard
Pryce
US military computers and used it as a means to infiltrate the foreign
systems
Kevin Mitnick Nokia, Motorola and Pentagon
Albert Gonzalez 170 million credit cards and ATM numbers.
Computer security concepts
The Challenges of Computer Security:
1- Security is not as simple as it might first appear to the novice. But the mechanisms used to meet those
requirements can be quite complex, and understanding them may involve rather subtle reasoning.
2- In many cases, successful attacks are designed by looking at the problem in a completely different way,
therefore exploiting an unexpected weakness in the mechanism.
3-Because of point 2, the procedures used to provide particular services are often counterintuitive
4-Having designed various security mechanisms, it is necessary to decide where to use them.
5-Security mechanisms typically involve more than a particular algorithm or protocol. They also require that
participants be in possession of some secret information (e.g., an encryption key), which raises questions
about the creation, distribution, and protection of that secret information.
6-the attacker has is that he or she need only find a single weakness, while the designer must find and
eliminate all weaknesses to achieve perfect security.
7-There is a natural tendency on the part of users and system managers
8- Security requires regular, even constant, monitoring
9- Security is still too often an afterthought to be incorporated into a system after the design is complete
10- Many users and even security administrators view strong security as an impedimeant to efficient and user-
friendly operation of an information system or use of information.
Computer security concepts
The OSI Security Architecture
The OSI security architecture focuses on security attacks, mechanisms, and
services. These can be defined briefly as :
• Security attack: Any action that compromises the security of information
owned by an organization.
• Security mechanism: A process (or a device incorporating such a process) that
is designed to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the
security of the data processing systems and the information transfers of an
organization. The services are intended to counter security attacks, and they
make use of one or more security mechanisms to provide the service.
X.800, Security Architecture for OSI
Threats and Attacks (RFC 4949)
Threat: A potential for violation of security, which exists when there is a circumstance, capability,
action, or event that could breach security and cause harm. That is, a threat is a possible
danger that might exploit a vulnerability.
Attack: An assault on system security that derives from an intelligent threat; that is, an intelligent
act that is a deliberate attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.
Security attacks
Active vs passive attacks:
Active attacks (Figure 1.1b) involve some modification of the data stream or the
creation of a false stream and can be subdivided into four categories: masquerade,
replay, modification of messages, and denial of service.
Security attacks
Active vs passive attacks:
Passive attacks (Figure 1.1) are in the nature of eavesdropping on, or monitoring
of, transmissions. The goal of the opponent is to obtain information that is being
transmitted. Two types of passive attacks are the release of message contents and
traffic analysis.
Security attacks
Security services
RFC 4949 ‘s definition :
a processing or communication service that is
provided by a system to give a specific kind of protection to system resources
AUTHENTICATION
The assurance that the communicating entity is the one that it claims to be.
Peer Entity Authentication - Data-Origin Authentication
ACCESS CONTROL
The prevention of unauthorized use of a resource
DATA CONFIDENTIALITY
The protection of data from unauthorized disclosure.
Connection Confidentiality - Connection Confidentiality - Selective-Field Confidentiality - Traffic-
Flow Confidentiality
DATA INTEGRITY:
The assurance that data receConnection Integrity with Recoveryived are exactly as sent by an
authorized entity
Connection Integrity with Recovery - Connection Integrity without Recovery - Selective-Field
Connection Integrity - Connectionless Integrity - Selective-Field Connectionless Integrity
NONREPUDIATION:
Provides protection against denial by one of the entities involved in a communication
Nonrepudiation, Origin - Nonrepudiation, Destination
Security services
security mechanisms
SPECIFIC SECURITY MECHANISMS
May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services.
- Encipherment:The use of mathematical algorithms to transform data into a form that is not readily
intelligible.
Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient
of the data unit to prove the source and integrity of the data unit and protect against forgery .
-Access Control: A variety of mechanisms that enforce access rights to resources.
Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
-Data Integrity:A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
-Authentication Exchange:A mechanism intended to ensure the identity of an entity by means of
information exchange.
Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
-Routing Control:Enables selection of particular physically secure routes for certain data and allows routing
changes,
Notarization: The use of a trusted third party to assure certain properties of a data exchange.
PERVASIVE SECURITY MECHANISMS
Mechanisms that are not specific to any particular OSI security service or protocol layer
Trusted Functionality:That which is perceived to be correct with respect to some criteria
(e.g., as established by a security policy).
Security Label:The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
Event Detection: Detection of security-relevant events.
Security Audit Trail: Data collected and potentially used to facilitate a security audit, which
is an independent review and examination of system records and activities.
Security Recovery: Deals with requests from mechanisms, such as event
handling and management functions, and takes
recovery actions.
security mechanisms
Network security   chapter 1
A model for Network security
Network security   chapter 1

More Related Content

What's hot

Cryptography and network security
 Cryptography and network security Cryptography and network security
Cryptography and network security
Mahipesh Satija
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
Hossain Md Shakhawat
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functions
Dr.Florence Dayana
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithm
Ruchi Maurya
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
Syed Bahadur Shah
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
veeresh35
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
Mohamed Loey
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash Algorithm
Vishakha Agarwal
 
block ciphers
block ciphersblock ciphers
block ciphers
Asad Ali
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
Krishna Gehlot
 
Cs8792 cns - unit iv
Cs8792   cns - unit ivCs8792   cns - unit iv
Cs8792 cns - unit iv
ArthyR3
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
DarshanPatil82
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
zahid-mian
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
Sunita Kharayat
 
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
CNS - Unit - 2 - Stream Ciphers and Block CiphersCNS - Unit - 2 - Stream Ciphers and Block Ciphers
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
Gyanmanjari Institute Of Technology
 

What's hot (20)

Cryptography and network security
 Cryptography and network security Cryptography and network security
Cryptography and network security
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functions
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithm
 
IP Security
IP SecurityIP Security
IP Security
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash Algorithm
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
Cs8792 cns - unit iv
Cs8792   cns - unit ivCs8792   cns - unit iv
Cs8792 cns - unit iv
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
CNS - Unit - 2 - Stream Ciphers and Block CiphersCNS - Unit - 2 - Stream Ciphers and Block Ciphers
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
 

Similar to Network security chapter 1

ch01-4.ppt
ch01-4.pptch01-4.ppt
ch01-4.ppt
faizalkhan673954
 
Nw sec
Nw secNw sec
Nw sec
shivz3
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
AparnaSunil24
 
CH01.ppt
CH01.pptCH01.ppt
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdf
MohammedElkayesh
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptx
RavikumarVadana
 
Ch01
Ch01Ch01
cns unit 1.pptx
cns unit 1.pptxcns unit 1.pptx
cns unit 1.pptx
Saranya Natarajan
 
Ch01
Ch01Ch01
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
ssuser4198c4
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
vishnukp34
 
Cryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.pptCryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.ppt
shanthishyam
 
osi-security-architectureppt.pptx
osi-security-architectureppt.pptxosi-security-architectureppt.pptx
osi-security-architectureppt.pptx
kumarkaushal17
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptx
Arumugam90
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
Unit 1.ppt
Unit 1.pptUnit 1.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
tahirnaquash2
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptx
ssuseref9c81
 

Similar to Network security chapter 1 (20)

ch01-4.ppt
ch01-4.pptch01-4.ppt
ch01-4.ppt
 
Nw sec
Nw secNw sec
Nw sec
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
 
CH01.ppt
CH01.pptCH01.ppt
CH01.ppt
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdf
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptx
 
Ch01
Ch01Ch01
Ch01
 
cns unit 1.pptx
cns unit 1.pptxcns unit 1.pptx
cns unit 1.pptx
 
Ch01
Ch01Ch01
Ch01
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Cryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.pptCryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.ppt
 
osi-security-architectureppt.pptx
osi-security-architectureppt.pptxosi-security-architectureppt.pptx
osi-security-architectureppt.pptx
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptx
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 
Unit 1.ppt
Unit 1.pptUnit 1.ppt
Unit 1.ppt
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptx
 

Recently uploaded

Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
Alison B. Lowndes
 
Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024
Michael Price
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
DianaGray10
 
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
AimanAthambawa1
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
Stephanie Beckett
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
FIDO Alliance
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
The History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal EmbeddingsThe History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal Embeddings
Zilliz
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
bellared2
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
DianaGray10
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptxMAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
janagijoythi
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
David Wilson
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
Bhajan Mehta
 
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Zilliz
 
Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024
siddu769252
 

Recently uploaded (20)

Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
 
Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
 
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
 
The History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal EmbeddingsThe History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal Embeddings
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptxMAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
 
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
 
Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024
 

Network security chapter 1

  • 1. cryptography and network security Chapter : 1 Prepared by: Osama Elfar Supervisored by: Dr-Noha Ezzat Portsaid university Faculty of science Math, I.T & computer science dpet
  • 2. Learning Objectives After studying this chapter, you should be able to: -Describe the key security requirements of confidentiality, integrity, and availability. -Discuss the types of security threats and attacks that must be dealt with and give examples of the types of threats and attacks that apply to different categories of computer and network assets. -Summarize the functional requirements for computer security. -Describe the X.800 security architecture for OSI.
  • 3. Cryptographic algorithms and protocols can be grouped into four main areas: • Symmetric encryption: Used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords. • Asymmetric encryption: Used to conceal small blocks of data, such as encryp- tion keys and hash function values, which are used in digital signatures. • Data integrity algorithms: Used to protect blocks of data, such as messages, from alteration. • Authentication protocols: These are schemes based on the use of crypto- graphic algorithms designed to authenticate the identity of entities. Computer security concepts
  • 5. • Confidentiality: This term covers two related concepts: Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. • Integrity: This term covers two related concepts: Data integrity: Assures that information and programs are changed only in a specified and authorized manner. System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. • Availability: Assures that systems work promptly and service is not denied to authorized users. CIA triad Computer security concepts
  • 6. Computer security concepts But we have to add : • Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. • Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudia- tion, deterrence, fault isolation, intrusion detection and prevention, and after- action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
  • 7. Levers of attack impact on organizations Computer security concepts
  • 8. The Challenges of Computer Security: First. Is it really a challenge ?? LulzSec Sony, News International, CIA, FBI, Scotland Yard, and several noteworthy accounts Adrian Lamo Yahoo!, Microsoft, Google, and The New York Times,many US government sectors Mathew Bevan and Richard Pryce US military computers and used it as a means to infiltrate the foreign systems Kevin Mitnick Nokia, Motorola and Pentagon Albert Gonzalez 170 million credit cards and ATM numbers. Computer security concepts
  • 9. The Challenges of Computer Security: 1- Security is not as simple as it might first appear to the novice. But the mechanisms used to meet those requirements can be quite complex, and understanding them may involve rather subtle reasoning. 2- In many cases, successful attacks are designed by looking at the problem in a completely different way, therefore exploiting an unexpected weakness in the mechanism. 3-Because of point 2, the procedures used to provide particular services are often counterintuitive 4-Having designed various security mechanisms, it is necessary to decide where to use them. 5-Security mechanisms typically involve more than a particular algorithm or protocol. They also require that participants be in possession of some secret information (e.g., an encryption key), which raises questions about the creation, distribution, and protection of that secret information. 6-the attacker has is that he or she need only find a single weakness, while the designer must find and eliminate all weaknesses to achieve perfect security. 7-There is a natural tendency on the part of users and system managers 8- Security requires regular, even constant, monitoring 9- Security is still too often an afterthought to be incorporated into a system after the design is complete 10- Many users and even security administrators view strong security as an impedimeant to efficient and user- friendly operation of an information system or use of information. Computer security concepts
  • 10. The OSI Security Architecture The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined briefly as : • Security attack: Any action that compromises the security of information owned by an organization. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. X.800, Security Architecture for OSI
  • 11. Threats and Attacks (RFC 4949) Threat: A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. Attack: An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. Security attacks
  • 12. Active vs passive attacks: Active attacks (Figure 1.1b) involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service. Security attacks
  • 13. Active vs passive attacks: Passive attacks (Figure 1.1) are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis. Security attacks
  • 14. Security services RFC 4949 ‘s definition : a processing or communication service that is provided by a system to give a specific kind of protection to system resources
  • 15. AUTHENTICATION The assurance that the communicating entity is the one that it claims to be. Peer Entity Authentication - Data-Origin Authentication ACCESS CONTROL The prevention of unauthorized use of a resource DATA CONFIDENTIALITY The protection of data from unauthorized disclosure. Connection Confidentiality - Connection Confidentiality - Selective-Field Confidentiality - Traffic- Flow Confidentiality DATA INTEGRITY: The assurance that data receConnection Integrity with Recoveryived are exactly as sent by an authorized entity Connection Integrity with Recovery - Connection Integrity without Recovery - Selective-Field Connection Integrity - Connectionless Integrity - Selective-Field Connectionless Integrity NONREPUDIATION: Provides protection against denial by one of the entities involved in a communication Nonrepudiation, Origin - Nonrepudiation, Destination Security services
  • 16. security mechanisms SPECIFIC SECURITY MECHANISMS May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. - Encipherment:The use of mathematical algorithms to transform data into a form that is not readily intelligible. Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery . -Access Control: A variety of mechanisms that enforce access rights to resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. -Data Integrity:A variety of mechanisms used to assure the integrity of a data unit or stream of data units. -Authentication Exchange:A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. -Routing Control:Enables selection of particular physically secure routes for certain data and allows routing changes, Notarization: The use of a trusted third party to assure certain properties of a data exchange.
  • 17. PERVASIVE SECURITY MECHANISMS Mechanisms that are not specific to any particular OSI security service or protocol layer Trusted Functionality:That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). Security Label:The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Event Detection: Detection of security-relevant events. Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions. security mechanisms
  • 19. A model for Network security