Scribd
Upload
15 views24 pages

CH 01

Uploaded by

naseriikramudin63
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
15 views24 pages

CH 01

Uploaded by

naseriikramudin63
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 24

Chapter 1

Introduction

1.1
Chapter 1
Objectives
 To define three security goals
 To define security attacks that threaten security
goals
 To define security services and how they are
related to the three security goals
 To define security mechanisms to provide security
services
 To introduce two techniques, cryptography and
steganography, to implement security mechanisms.
1.2
1-1 SECURITY GOALS

This section defines three security goals.

Topics discussed in this section:


1.1.1 Confidentiality
1.1.2 Integrity
1.1.3 Availability

1.3
1.1 Continued
Figure 1.1 Taxonomy of security goals

1.4
1.1.1 Confidentiality

• Confidentiality is probably the most common


aspect of information security.

• We need to protect our confidential


information.

• An organization needs to guard against those


malicious actions that endanger the
confidentiality of its information.

1.5
1.1.2 Integrity

• Information needs to be changed constantly.

• Integrity means that changes need to be done only


by authorized entities and through authorized
mechanisms.

1.6
1.1.3 Availability

• The information created and stored by an


organization needs to be available to authorized
entities.

• Information needs to be constantly changed,


which means it must be accessible to authorized
entities.

1.7
Threat, vulnerability, and Risk

• A threat is anything that has the potential to damage


a system.
• A vulnerability is an existing weakness in a system,
which can be exploited.
• A risk is the probability of a threat.

1.8
1-2 ATTACKS

Any action that compromises the security of information owned by an organization.

The three goals of securityconfidentiality, integrity,


and availabilitycan be threatened by security
attacks.
Topics discussed in this section:
1.2.1 Attacks Threatening Confidentiality
1.2.2 Attacks Threatening Integrity
1.2.3 Attacks Threatening Availability
1.2.4 Passive versus Active Attacks
1.9
1.2 Continued

Figure 1.2 Taxonomy of attacks with relation to security goals

1.10
1.2.1 Attacks Threatening Confidentiality

Snooping refers to unauthorized access to or interception


of data.

Traffic analysis refers to obtaining some other type of


information by monitoring online traffic.

1.11
1.2.2 Attacks Threatening Integrity

Modification means that the attacker intercepts the


message and changes it.

Masquerading or spoofing happens when the attacker


impersonates somebody else.

Replaying means the attacker obtains a copy


of a message sent by a user and later tries to replay it.

Repudiation means that sender of the message might later


deny that she has sent the message; the receiver of the
message might later deny that he has received the message.

1.12
1.2.3 Attacks Threatening Availability

Denial of service (DoS) is a very common attack. It may


slow down or totally interrupt the service of a system.

1.13
1.2.4 Passive Versus Active Attacks

Table 1.1 Categorization of passive and active attacks

1.14
1-3 SERVICES AND MECHANISMS

ITU-T provides some security services and some


mechanisms to implement those services. Security
services and mechanisms are closely related because a
mechanism or combination of mechanisms are used to
provide a service..

Topics discussed in this section:


1.3.1 Security Services
1.3.2 Security Mechanism
1.3.3 Relation between Services and Mechanisms

1.15
1.3.1 Security Services
Figure 1.3 Security services

1.16
1.3.2 Security Mechanism
Figure 1.4 Security mechanisms

1.17
1.3.3 Relation between Services and Mechanisms

Table 1.2 Relation between security services and mechanisms

1.18
1.19
1-4 TECHNIQUES

Mechanisms discussed in the previous sections are


only theoretical recipes to implement security. The
actual implementation of security goals needs some
techniques. Two techniques are prevalent today:
cryptography and steganography.

Topics discussed in this section:


1.4.1 Cryptography
1.4.2 Steganography

1.20
1.4.1 Cryptography

Cryptography, a word with Greek origins, means “secret


writing.” However, we use the term to refer to the science
and art of transforming messages to make them secure and
immune to attacks.

1.21
1.4.2 Steganography

The word steganography, with origin in Greek, means


“covered writing,” in contrast with cryptography, which
means “secret writing.”

Example: covering data with text

1.22
1.4.2 Continued

Example: using dictionary

Example: covering data under color image

1.23
1-5 THE REST OF THE BOOK

The rest of this book is divided into four parts.


Part One: Symmetric-Key Enciphermen

Part Two: Asymmetric-Key Encipherment

Part Three: Integrity, Authentication, and Key Management

Part Four: Network Security

1.24

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy