Cryptography and Network Security PDF

Seventh Edition, Global Edition by William Stallings Chapter 1 Computer and Network Security Concepts © 2017 Pearson Education, Ltd., All rights reserved. Background Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms computer use requires automated tools to protect files and other stored information use of networks and communications links requires measures to protect data during transmission Definitions Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers Network Security - measures to protect data during their transmission Internet Security - measures to protect data during their transmission over a collection of interconnected networks Aim of Course our focus is on Internet Security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information Services, Mechanisms, Attacks need systematic way to define requirements consider three aspects of information security: security attack security mechanism security service consider in reverse order Security Service is something that enhances the security of the data processing systems and the information transfers of an organization intended to counter security attacks make use of one or more security mechanisms to provide the service replicate functions normally associated with physical documents eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed Security Mechanism a mechanism that is designed to detect, prevent, or recover from a security attack no single mechanism that will support all functions required however one particular element underlies many of the security mechanisms in use: cryptographic techniques hence our focus on this area Security Attack any action that compromises the security of information owned by an organization information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems have a wide range of attacks can focus of generic types of attacks note: often threat & attack mean same Classify Security Attacks as passive attacks - eavesdropping on, or monitoring of, transmissions to: obtain message contents, or monitor traffic flows Passive attack hard to detect (no alteration of data)  prevent them Passive Attacks Are in the nature of eavesdropping on, or monitoring of, transmissions Goal of the opponent Two types of is to obtain information that is being passive attacks transmitted are: The release of message contents © 2017 Pearson Education, Ltd., All rights reserved. Traffic analysis Active Attacks Involve some modification of the data stream or the creation of a false stream Difficult to prevent because of the wide variety of c potential physical, software, and network vulnerabilities Masquera Goal is to detect attacks and de to recover from any disruption or delays caused by them © 2017 Pearson Education, Ltd., All rights reserved. active attacks – modification of data stream to: masquerade of one entity as some other replay previous messages modify messages in transit denial of service Active attack hard to prevent (sw+network+physical) detect and recover © 2017 Pearson Education, Ltd., All rights reserved. Encryption: It is the process of locking up information using cryptography. Information that has been locked this way is encrypted. That is, the sender converts original information into another form and sends the unintelligible message over the network. It helps us to secure data that we send, receives, and store. © 2017 Pearson Education, Ltd., All rights reserved. It is the procedure of taking ordinary text, such as a text or email, and transforming it into an unreadable type of format known as "cipher text." The ciphertext is converted back to the real form when the recipient accesses the message, which is known as decryption. Data can be text messages saved on our cell phone, logs stored on our fitness watch, and details of banking sent by your online account. © 2017 Pearson Education, Ltd., All rights reserved. Key: A secret like a password used to encrypt and decrypt information. There are a few different types of keys used in cryptography. Steganography: It is actually the science of hiding information from people who would snoop on you. The difference between steganography and encryption is that the would-be snoopers may not be able to tell there’s any hidden information in the first place. Decryption: The process of unlocking the encrypted information using cryptographic techniques. © 2017 Pearson Education, Ltd., All rights reserved. Cryptographic algorithms and protocols can be grouped into four main areas: Symmetric encryption Used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords Asymmetric encryption Used to conceal small blocks of data, such as encryption keys and hash function values, which are used in digital signatures Data integrity algorithms Used to protect blocks of data, such as messages, from alteration Authentication protocols Schemes based on the use of cryptographic algorithms designed to authenticate the identity of entities © 2017 Pearson Education, Ltd., All rights reserved. Symmetric encryption Symmetric encryption encrypts and decrypts the information using a single password. In this encryption technique, the message is encrypted with a key, and the same key is used for decrypting the message. It is called symmetric encryption because the same key is responsible for encrypting or decrypting the data. The single key used in symmetric encryption is used to encrypt plain text into ciphertext, and that same key is used to decrypt that ciphertext back into plain text. © 2017 Pearson Education, Ltd., All rights reserved. Symmetric encryption Data storage, for instance, data at rest such as laptop disk drives, USB that is not moving and stored in one place, is often encrypted using symmetric encryption. © 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved. Asymmetric encryption Asymmetric encryption uses two keys for encryption and decryption. It is based on the technique of public and private keys. A public key, which is interchanged between more than one user. Data is decrypted by a private key, which is not exchanged. Public key – It is just like your bank account number. You can share this with anyone. Private key – It is like your ATM PIN. You should©not share 2017 Pearson this Education, Ltd., Allwith rights anyone. reserved. Asymmetric encryption © 2017 Pearson Education, Ltd., All rights reserved. How public and private key encryption works © 2017 Pearson Education, Ltd., All rights reserved. Public and private keys: an example Bob wants to send Alice an encrypted email. To do this, Bob takes Alice’s public key and encrypts his message to her. Then, when Alice receives the message, she takes the private key that is known only to her in order to decrypt the message from Bob. Although attackers might try to compromise the server and read the message, they will be unable to because they lack the private key to decrypt the message. Only Alice will be able to decrypt the message as she is the only one with the private key. And, when Alice wants to reply, she simply repeats the process, encrypting her message to ©Bob using 2017 Pearson Bob’s Education, public Ltd., All rights key. reserved. Symmetric vs Asymmetric The field of network and Internet security consists of: measures to deter, prevent, detect, and correct security violations that involve the transmission of information © 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved. Computer Security The NIST Computer Security Handbook defines the term computer security as: “the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources” (includes hardware, software, firmware, information/ data, and telecommunications) © 2017 Pearson Education, Ltd., All rights reserved. © 2017 Pearson Education, Ltd., All rights reserved. Computer Security Objectives Confidentiality Data confidentiality Assures that private or confidential information is not made available or disclosed to unauthorized individuals Privacy Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed Integrity Data integrity Assures that information and programs are changed only in a specified and authorized manner System integrity Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Availability Assures that systems work promptly and service is not denied to authorized users © 2017 Pearson Education, Ltd., All rights reserved. Data Integrity Can apply to a stream of messages, a single message, or selected fields within a message Connection-oriented integrity service, one that deals with a stream of messages, assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays A connectionless integrity service, one that deals with individual messages without regard to any larger context, generally provides protection against message modification only © 2017 Pearson Education, Ltd., All rights reserved. Authentication Concerned with assuring that a communication is authentic In the case of a single message, assures the recipient that the message is from the source that it claims to be from In the case of ongoing interaction, assures the two entities are authentic and that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties Two specific authentication services are defined in X.800: Peer entity authentication Data origin authentication © 2017 Pearson Education, Ltd., All rights reserved. Authentication © 2017 Pearson Education, Ltd., All rights reserved. Authentication © 2017 Pearson Education, Ltd., All rights reserved. Nonrepudiation © 2017 Pearson Education, Ltd., All rights reserved. Nonrepudiation Prevents either sender or receiver from denying a transmitted message When a message is sent, the receiver can prove that the alleged sender in fact sent the message When a message is received, the sender can prove that the alleged receiver in fact received the message © 2017 Pearson Education, Ltd., All rights reserved. Access Control The ability to limit and control the access to host systems and applications via communications links To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual © 2017 Pearson Education, Ltd., All rights reserved. Availability Service Protects a system to ensure its availability This service addresses the security concerns raised by denial-of-service attacks It depends on proper management and control of system resources and thus depends on access control service and other security services © 2017 Pearson Education, Ltd., All rights reserved.

Cryptography and Network Security PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue