This chapter presents the following content: Security concepts: confidentiality, integrity, availability; security attacks, services, mechanisms; models for network (access) security; classical encryption techniques; symmetric cipher model.
Trang 1(CSE348)
1
Trang 22
Trang 5Key Security Concepts
5
Trang 6• FIPS PUB 199 provides a useful
characterization of these three objectives in
terms of requirements and the definition of a loss of security in each category
Trang 7• A loss of confidentiality is the unauthorized
disclosure of information
Trang 9• Two of the most commonly mentioned are:
Trang 10CIA Triad
10
• Authenticity: The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or message originator
Trang 12Levels of Impact
• can define 3 levels of impact from a security breach
– Low
– Moderate
– High
12
Trang 14Levels of Impact
• degradation in mission capability to an extent and duration that the organization is able to
Trang 16Levels of Impact
• a significant degradation in mission capability and effectiveness of the functions is
significantly reduced;
• result in significant damage to oganizational assets;
Trang 1717
Trang 21• Student enrollment information may have a
moderate confidentiality rating.
21
Trang 22Confidentiality Example
• While still covered by FERPA, this
information is seen by more people on a daily basis, is less likely to be targeted than grade
Trang 23cause harm to the hospital.
23
Trang 24Integrity Example
• The database needs to be restored to a trusted basis quickly, and it should be possible to trace the error back to the person responsible
• Patient allergy information is an example of an asset with a high requirement for integrity
• Inaccurate information could result in serious harm or death to a patient and expose the
hospital to massive liability
24
Trang 25Availability Example
• The more critical a component or service, the higher is the level of availability required.
• Consider a system that provides authentication services
• An interruption of service results in the
inability for customers to access computing
resources.
• loss of service translates into a large financial loss productivity and potential customer loss
25
Trang 26Computer Security Challenges
1 not simple
2 must consider potential attacks
3 procedures used counter-intuitive
4 involve algorithms and secret info
5 must decide where to deploy mechanisms
6 battle of wits between attacker / admin
7 not perceived on benefit until fails
8 requires regular monitoring
9 too often an after-thought
10 regarded as impediment to using system
26
Trang 28Aspects of Security
• Security attack: Any action that compromises the security of information owned by an
organization.
28
Trang 29Aspects of Security
• Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent, or recover from a security attack.
29
Trang 30Aspects of Security
• Security service: A processing or
communication service that enhances the
security of the data processing systems and the information transfers of an organization.
30
Trang 31Passive Attacks
31
Trang 34Active Attacks
34
Trang 35Active Attacks
35
• Active attacks involve some modification of the data stream or the creation of a false stream
Trang 36• Instead, the goal is to detect active attacks and to recover from any disruption/or delays caused by them.
Trang 37Security Service
– enhance security of data processing systems and information transfers of an organization
– intended to counter security attacks
– using one or more security mechanisms
– often replicates functions normally associated with physical documents
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction;
be notarized or witnessed; be recorded or licensed
37
Trang 40Security Mechanism
• feature designed to detect, prevent, or recover from a security attack
Trang 41Security Mechanisms (X.800)
• specific security mechanisms:
– encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic
Trang 42Model for Network Security
42
Trang 43Model for Network Security
43
Trang 44Model for Network Access Security
44
Trang 45Model for Network Access Security
Trang 46Chapter 2 – Classical Encryption
Techniques
• "I am fairly familiar with all the forms of secret
writings, and am myself the author of a trifling
monograph upon the subject, in which I analyze one hundred and sixty separate ciphers," said Holmes
—The Adventure of the Dancing Men, Sir Arthur
Conan Doyle
46
Trang 47Symmetric Encryption
• or conventional / privatekey / singlekey
• sender and recipient share a common key
• all classical encryption algorithms are privatekey
• was only type prior to invention of publickey
in 1970’s
• and by far most widely used
47
Trang 48Some Basic Terminology
Trang 49Symmetric Cipher Model
49
Trang 50Symmetric Cipher Model
Ingredients of the symmetric cipher model
• plaintext - original message
• encryption algorithm – performs
substitutions/transformations on plaintext
• secret key – control exact
substitutions/transformations used in encryption
algorithm
• ciphertext - scrambled message
• decryption algorithm – inverse of encryption
algorithm
50
Trang 51• two requirements for secure use of symmetric encryption:
Trang 52• Transposition (elements in the plaintext are rearranged)
• Product (involve multiple stages of substitutions and transpositions)
Trang 54Cryptanalytic Attacks
ciphertext only
only know algorithm & ciphertext, is statistical, know or can identify plaintext
Trang 55More Definitions
unconditional security
no matter how much computer power or time is available, the cipher cannot be broken since the