Chapter Two Number Theory and Cryptography: Computer Networks and Information Security (SE3052)
Chapter Two Number Theory and Cryptography: Computer Networks and Information Security (SE3052)
Chapter Two Number Theory and Cryptography: Computer Networks and Information Security (SE3052)
Attacks
4
A security service makes use of one or more security mechanisms.
Security Attacks
Is an assault on system security- an intelligent act that is a deliberate
attempt to evade security services and violate the security policy of a
system.
Information Information
source destination
a) Normal flow
b) Interruption
c) Interception
d) Modification e) Fabrication
5
Contd.
Interruption
Interception
Fabrication
opponent.
11
Contd.
12
Contd.
false stream.
13
Active Attack Types
B. Replay:- involves the passive capture of a data unit and its subsequent
authorized effect.
14 of communications facilities.
Contd.
15
Security Services
other controls that are implemented to help reduce the risk associated
with threat.
individual packets.
resource, under what conditions access can occur and what those
accessing the resources are allowed to do.
A valid digital signature gives a recipient reason to believe that the message
was created by a known sender, and that it was not altered in transit.
to resources.
21
Contd.
25
Access Control
Protection of information resources or services from access or use by unauthorized
entities (organizations, people, machines, processes).
Privileges – rights to access or use resources or services
Principles – entities own access control privileges
Subjects – entities exercise access control privileges
Objects / Targets – resources or services accessed/used by subjects
Delegation – transfer of access control privileges among principals
Authorization – transfer of access control privileges from principals to subjects
Non-Repudiation of Reception
Time Stamp
Digital Signature
27
Audit
28
Service vs. Layer Mapping
29
Chapter Two
Number Theory and Cryptography
31
A Model for Network Security
32
Design Issues in the Model
purpose.
2. Host hardening
Firewalls, Packet filtering
Routing protocols
Attacker
Dropped
Packet
Hardened
Server Internal
Log File Corporate
Network
35
Intrusion Detection System
1.
4. Alarm Intrusion Suspicious
Detection Packet
System
Network
Administrator 2. Suspicious
Packet Passed Internet
Attacker
3. Log
Packet
Hardened
Server
Log File Corporate Network
36
Encryption for Confidentiality
Encrypted
Message
“100100110001”
Client PC Server
Bob Alice
“100100110001”
37
Impersonation and Authentication
I’m Bob
Prove it!
Client PC Attacker (Authenticate Yourself)
Server
Bob (Eve) Alice
38
Secure Dialog System
Secure Dialog
Client PC
Automatically Handles Server
Bob
Negation of Security Options Alice
Authentication
Encryption
Integrity
Attacker cannot
read messages, alter
messages, or impersonate
39
Hardening Host Computers
1. The Problem
Computers installed out of the box have known vulnerabilities
Not just Windows computers
Hackers can take them over easily
They must be hardened—a complex process that involves many actions
2. Elements of Hardening
Physical security
Secure installation and configuration
Fix known vulnerabilities
Turn off unnecessary services (applications)
Harden all remaining applications
Manage users and groups
Manage access permissions
For individual files and directories, assign access permissions specific users and
groups
Back up the server regularly
40
Advanced protections