Cryptography and Network Security�Chapter 1
Fifth Edition
of William Stallings
�Security: is ensuring the (Secrecy) confidentiality, data integrity and availability of components of computing system.�
Cryptographic algorithms and protocols can be grouped into four main areas:
Definitions
The field of network and �Internet security consists of:�
Computer Security
Key Security Concepts
Levels of Impact
Goals of computer security
• To protect computer assets from:
– Human errors, natural disasters, physical and electronic maliciousness.
• Confidentiality, Integrity, Availability
Confidentiality� ( Secrecy, Privacy).
(Ensuring that the system is only accessible by authorized parties.)
Integrity
Availability
• Assures that systems work promptly and service is not denied to authorized users
denied access to information and resources
• Ensuring that the computer works when it
is supposed to work and that it works the
way it should.
(access to computing resources without difficulties.)
.
Other goals
– Prevents either sender or receiver from denying a transmitted message.
--- when a msg is sent, the receiver can prove that the sender is sent that message.
– Ensuring that resources are not used by
unauthorized parties or in unauthorized ways.
– Examples:
Kinds of Security breaches�
Unauthorized disclosure of data ,modification of data or Denial legitimate access to computing.
• Attack: an assault on system security, a deliberate attempt to evade security services.
NOTE: Violate the security policy of a system.
(Attempt to exploit a vulnerability.).
�Threat��
Network Security
Network Security
Normal Flow:
Network Security
Cut wire lines,
Jam wireless signals,
Drop packets,
Wiring, eavesdrop
3. Modification: unauthorized changing of data or tempering with services, such as alteration of data, modification of messages, etc.
intercept
Replaced info
4. Fabrication: additional data or activities are generated that would normally no exist, such as adding a password to a system, replaying previously send messages, etc.
Also called impersonation
Security Trends
OSI Security Architecture� . OSI : Open System Interconnection� . ITU : International Telecommunication Union
Aspects of Security
Security Attack
Passive Attacks�A passive attack attempts to learn or make use of information from the system but does not affect system resources�
Passive Attacks
Active Attacks�An active attack attempts to alter system resources or affect their operation
Active Attacks
Security Service
Security Services
“a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers”
“a processing or communication service provided by a system to give a specific kind of protection to system resources”
Security Services (X.800)
There are two specific authentication services defined in X.800:
Security Services (X.800)
Security Mechanism
Security Mechanisms (X.800)
Model for Network Security
Model for Network Security
Model for Network Access Security
Model for Network Access Security
Summary