1 / 18

Security

Security. Risanuri Hidayat. Security Requirements. Confidentiality Protection from disclosure to unauthorised persons Integrity Maintaining data consistency Authentication Assurance of identity of person or originator of data Non-repudiation

teneil
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Risanuri Hidayat security

  2. Security Requirements • Confidentiality • Protection from disclosure to unauthorised persons • Integrity • Maintaining data consistency • Authentication • Assurance of identity of person or originator of data • Non-repudiation • Originator of communications can’t deny it later • Availability • Legitimate users have access when they need it • Access control • Unauthorised users are kept out security

  3. Security Requirements • These are often combined • User authentication used for access control purposes • Non-repudiation combined with authentication security

  4. Security Threats • Information disclosure/information leakage • Integrity violation • Masquerading • Denial of service • Illegitimate use • Generic threat: Backdoors, trojan horses, insider attacks • Most Internet security problems are access control orauthentication ones • Denial of service is also popular, but mostly an annoyance security

  5. pasive active Attack Types • Passive attack can only observe communications or data • Active attack can actively modify communications or data • Often difficult to perform, but very powerful • Mail forgery/modification • TCP/IP spoofing/session hijacking security

  6. Security Services • From the OSI definition: • Access control: Protects against unauthorised use • Authentication: Provides assurance of someone's identity • Confidentiality: Protects against disclosure to unauthorisedidentities • Integrity: Protects from unauthorised data alteration • Non-repudiation: Protects against originator ofcommunications later denying it security

  7. Security Mechanisms • Three basic building blocks are used: • Encryption is used to provide confidentiality, can provideauthentication and integrity protection • Digital signatures are used to provide authentication, integrityprotection, and non-repudiation • Checksums/hash algorithms are used to provide integrityprotection, can provide authentication • One or more security mechanisms are combined to providea security service security

  8. Services, Mechanisms, Algorithms • A typical security protocol provides one or more services • Services are built from mechanisms • Mechanisms are implemented using algorithms security

  9. Insecure channel Hallo Sayang Hallo Sayang Hallo Sayang Hallo Sayang Secure channel Conventional Encryption • Uses a shared key • Problem of communicating a large message in secretreduced to communicating a small key in secret security

  10. Hallo Sayang Hallo Sayang Public key Private key Hallo Sayang Hallo Sayang Public-key Encryption • Uses matched public/private key pairs • Anyone can encrypt with the public key, only one personcan decrypt with the private key security

  11. Insecure channel Hallo Sayang Hallo Sayang Hallo Sayang Hallo Sayang Key Agreement Key Agreement • Allows two parties to agree on a shared key • Provides part of the required secure channel for exchanginga conventional encryption key security

  12. Hallo Sayang Hash Hash Functions • Creates a unique “fingerprint” for a message • Anyone can alter the data and calculate a new hash value • Hash has to be protected in some way security

  13. Hash MAC’s Hallo Sayang • Message Authentication Code, adds a password/key to ahash • Only the password holder(s) can generate the MAC + Password/key security

  14. Hash Hallo Sayang Hallo Sayang private Digital Signatures • Combines a hash with a digital signature algorithm security

  15. Hash Hallo Sayang = ? public Digital Signatures • Signature checking: security

  16. Hallo Sayang Hallo Sayang Hallo Sayang session public Encrypted session key MessageEncryption • Combines conventional and public-key encryption security

  17. Hallo Sayang Hallo Sayang Hallo Sayang session Encrypted session key private MessageEncryption • Public-key encryption provides a secure channel toexchange conventional encryption keys security

  18. E-commerce protocols Applications Applications S/MIME, PGP Email Email Higher level protocol Higher level protocol SSL,TLS, SSH Kerberos IPSEC TCP/IP TCP/IP Hardware link encryption Data-link Data-link Physical Physical Internet Security Protocol Layers • The further down you go, the more transparent it is • The further up you go, the easier it is to deploy security

More Related