Scribd
Upload
2K views30 pages

Cryptography and Network Security: Sixth Edition by William Stallings

Computer security concepts include confidentiality, integrity, and availability. The document discusses authentication, access control, data confidentiality, data integrity, and nonrepudiation as key security services. It also covers the OSI security architecture and different types of security attacks like passive attacks which obtain information and active attacks which modify data.

Uploaded by

Vo Minh Khanh (K14 HCM)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
2K views30 pages

Cryptography and Network Security: Sixth Edition by William Stallings

Computer security concepts include confidentiality, integrity, and availability. The document discusses authentication, access control, data confidentiality, data integrity, and nonrepudiation as key security services. It also covers the OSI security architecture and different types of security attacks like passive attacks which obtain information and active attacks which modify data.

Uploaded by

Vo Minh Khanh (K14 HCM)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 30

Cryptography

and Network
Security
Sixth Edition
by William Stallings
Chapter 1
Overview
“The combination of space, time, and strength
that must be considered as the basic elements
of this theory of defense makes this a fairly
complicated matter. Consequently, it is not easy
to find a fixed point of departure.”
— On War,
Carl Von Clausewitz
Cryptographic algorithms and protocols
can be grouped into four main areas:
The field of network and
Internet security consists of:
Computer Security
• The NIST Computer Security Handbook defines the
term computer security as:

“the protection afforded to an automated


information system in order to attain the
applicable objectives of preserving the integrity,
availability and confidentiality of information
system resources” (includes hardware, software,
firmware, information/ data, and
telecommunications)
Computer Security Objectives
CIA Triad
Possible additional concepts:
Breach of Security
Levels of Impact
Computer Security Challenges
• Security is not simple • Security mechanisms typically
involve more than a particular
• Potential attacks on the
algorithm or protocol
security features need to be
considered • Security is essentially a battle
of wits between a
• Procedures used to provide
perpetrator and the designer
particular services are often
counter-intuitive • Little benefit from security
• It is necessary to decide investment is perceived until
a security failure occurs
where to use the various
security mechanisms • Strong security is often
• Requires constant monitoring viewed as an impediment to
efficient and user-friendly
• Is too often an afterthought operation
OSI Security Architecture
• Security attack
• Any action that compromises the security of information
owned by an organization

• Security mechanism
• A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security attack

• Security service
• A processing or communication service that enhances the
security of the data processing systems and the information
transfers of an organization
• Intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service
Table 1.1
Threats and Attacks (RFC 4949)
Security Attacks
•A means of classifying security
attacks, used both in X.800 and
RFC 4949, is in terms of passive
attacks and active attacks

•A passive attack attempts to


learn or make use of
information from the system
but does not affect system
resources

•An active attack attempts to


alter system resources or affect
their operation
Passive Attacks

• Are in the nature of


eavesdropping on, or
monitoring of, transmissions

• Goal of the opponent is to • Two types of passive


obtain information that is
being transmitted
attacks are:
• The release of message
contents
• Traffic analysis
Active Attacks
• Involve some modification of the
data stream or the creation of a
false stream

• Difficult to prevent because of


the wide variety of potential
physical, software, and network
vulnerabilities

• Goal is to detect attacks and to


recover from any disruption or
delays caused by them
Security Services

• Defined by X.800 as:


• A service provided by a protocol layer of
communicating open systems and that ensures
adequate security of the systems or of data transfers

• Defined by RFC 4949 as:


• A processing or communication service provided by a
system to give a specific kind of protection to system
resources
X.800 Service Categories

• Authentication

• Access control

• Data confidentiality

• Data integrity

• Nonrepudiation
Authentication
• Concerned with assuring that a communication is
authentic
• In the case of a single message, assures the recipient
that the message is from the source that it claims to be
from
• In the case of ongoing interaction, assures the two
entities are authentic and that the connection is not
interfered with in such a way that a third party can
masquerade as one of the two legitimate parties
Access Control
• The ability to limit and control the access to
host systems and applications via
communications links
• To achieve this, each entity trying to gain
access must first be indentified, or
authenticated, so that access rights can be
tailored to the individual
Data Confidentiality
• The protection of transmitted data from passive
attacks
• Broadest service protects all user data transmitted
between two users over a period of time
• Narrower forms of service includes the protection of a
single message or even specific fields within a message

• The protection of traffic flow from analysis


• This requires that an attacker not be able to observe the
source and destination, frequency, length, or other
characteristics of the traffic on a communications facility
Data Integrity
Nonrepudiation
• Prevents either sender or receiver from
denying a transmitted message
• When a message is sent, the receiver can
prove that the alleged sender in fact sent the
message
• When a message is received, the sender can
prove that the alleged receiver in fact received
the message
Table 1.2

Security
Services
(X.800)

(This table is found on


page 18 in textbook)
Security Mechanisms (X.800)
Table 1.3

Security
Mechanisms
(X.800)

(This table is found on


pages 20-21 in textbook)
Model for Network Security
Network Access Security
Model
Unwanted Access
• Placement in a computer system of logic that
exploits vulnerabilities in the system and that can
affect application programs as well as utility
programs such as editors and compilers
• Programs can present two kinds of threats:
• Information access threats
• Intercept or modify data on behalf of users who
should not have access to that data
• Service threats
• Exploit service flaws in computers to inhibit
use by legitimate users
Summary
• Computer security • Security services
concepts • Authentication
• Definition • Access control
• Examples • Data confidentiality
• Challenges • Data integrity
• Nonrepudiation
• The OSI security
• Availability service
architecture
• Security mechanisms
• Security attacks
• Passive attacks
• Active attacks

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy