Chapter 0 – Reader’s Guide Cryptography and Network Security The art of war teaches us to rely not on the Overview & Chapter 1 likelihood of the enemy's not coming, but on our own readiness to receive him; not on the ; chance of his not attacking, but rather on the Fifth Edition fact that we have made our position by William Stallings unassailable. — The Art of War, Sun Tzu Lecture slides by Lawrie Brown Roadmap Standards Organizations • Cryptographic algorithms • National Institute of Standards & Technology (NIST) – symmetric ciphers – asymmetric encryption • Internet Society (ISOC) – hash functions hash functions • International Telecommunication Union I i l l i i U i • Mutual Trust Telecommunication Standardization Sector (ITU ‐ T) • Network Security • International Organization for Standardization • Computer Security (ISO) Chapter 1 – Introduction Computer Security • the protection afforded to an automated • The combination of space, time, and strength information system in order to attain the that must be considered as the basic elements applicable objectives of preserving the of this theory of defense makes this a fairly of this theory of defense makes this a fairly integrity availability and confidentiality of integrity, availability and confidentiality of complicated matter. Consequently, it is not information system resources (includes easy to find a fixed point of departure.. hardware, software, firmware, information/data, and telecommunications) — On War, Carl Von Clausewitz 1
Key Security Concepts Levels of Impact • can define 3 levels of impact from a security breach – Low – Moderate Moderate – High Examples of Security Requirements Computer Security Challenges not simple not simple 1. 1. • confidentiality – student grades must consider potential attacks must consider potential attacks 2. 2. • integrity – patient information procedures used counter procedures used counter- -intuitive intuitive 3. 3. • availability – authentication service involve algorithms and secret info involve algorithms and secret info 4. 4. must decide where to deploy mechanisms must decide where to deploy mechanisms 5. 5. battle of wits between attacker / admin battle of wits between attacker / admin 6. 6. not perceived on benefit until fails not perceived on benefit until fails 7. 7. requires regular monitoring requires regular monitoring 8. 8. too often an after too often an after- -thought thought 9. 9. 10. regarded as impediment to using system regarded as impediment to using system 10. OSI Security Architecture Aspects of Security • consider 3 aspects of information security: • ITU ‐ T X.800 “Security Architecture for OSI” – security attack • defines a systematic way of defining and – security mechanism providing security requirements – security service security service • for us it provides a useful, if abstract, overview • note terms of concepts we will study – threat – a potential for violation of security – attack – an assault on system security, a deliberate attempt to evade security services 2
Passive Attacks Active Attacks Security Service Security Services • X.800: – enhance security of data processing systems and information transfers of an organization “a service provided by a protocol layer of communicating open systems, which ensures – intended to counter security attacks adequate security of the systems or of data – using one or more security mechanisms using one or more security mechanisms transfers” – often replicates functions normally associated with physical documents • RFC 2828: • which, for example, have signatures, dates; need “a processing or communication service provided by protection from disclosure, tampering, or destruction; a system to give a specific kind of protection to be notarized or witnessed; be recorded or licensed system resources” Security Services (X.800) Security Mechanism • Authentication ‐ assurance that communicating • feature designed to detect, prevent, or entity is the one claimed recover from a security attack – have both peer ‐ entity & data origin authentication • Access Control ‐ prevention of the unauthorized use • no single mechanism that will support all of a resource services required q • Data Confidentiality protection of data from • Data Confidentiality –protection of data from unauthorized disclosure • however one particular element underlies • Data Integrity ‐ assurance that data received is as many of the security mechanisms in use: sent by an authorized entity – cryptographic techniques • Non ‐ Repudiation ‐ protection against denial by one • hence our focus on this topic of the parties in a communication • Availability – resource accessible/usable 3
Security Mechanisms (X.800) Model for Network Security • specific security mechanisms: – encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization • pervasive security mechanisms: – trusted functionality, security labels, event detection, security audit trails, security recovery Model for Network Security Model for Network Access Security • using this model requires us to: 1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information 4. specify a protocol enabling the principals to use the transformation and secret information for a security service Summary Model for Network Access Security • using this model requires us to: • topic roadmap & standards organizations 1. select appropriate gatekeeper functions to • security concepts: identify users – confidentiality, integrity, availability 2. implement security controls to ensure only authorised users access designated information • X.800 security architecture or resources • security attacks, services, mechanisms • models for network (access) security 4
Recommend
More recommend
