Escolar Documentos
Profissional Documentos
Cultura Documentos
&
INFORMATION SECURITY
secure communication.
Security attacks:
Any action that comprises the security of information wont by an
organization.
Normal Information Flow
SOURCE
DESTINATION
SOURCE
DESTINATION
DESTINATION
INTRUDER
SOURCE
INTRUDER
DESTINATION
INTRUDER
Security attacks(contd.):
There are 2 types of attacks, namely
Passive Attack: It refers to the process of monitoring or wiretapping of the
ongoing transmission. It includes
1. Release of message contents
2. Traffic Analysis
Security Services:
X.800 defines it as: a service provided by a protocol layer of communicating open
Security Mechanisms:
The security mechanisms in x.800 are categorized into 2 types,namely
Specific security mechanisms: The Mechanisms that are executed in a
particular protocol layer. It includes,
1. Encipherment
2. Digital Signatures
3. Access Controls
4. Data Integrity
5. Authentication Exchange
6. Traffic Padding
7. Routing Control
8. Notarization
Security Mechanisms:(contd.)
Pervasive Mechanisms: The Mechanisms that are not specific to any
protocol layer. It includes,
1. Trusted functionality
2. Security Labels
3. Event Detection
4. Security Audit Trails
5. Security Recovery
MS
G
secure
Messag
e
(Secret Information)
Information)
Information
Channel
(Opponent)
Secure
Messag
e
MSG
(Secret
Secure Communications:
Encryption Key
Alice
plaintext
Encrypt
Mallory
Oscar
Decryption Key
ciphertext
Eve
Decrypt
Enemy or
Adversary
Bob
Eves Goals:
1. Read the message
2. Figure out the key Alice is using and read all the messages encrypted with
that key
3. Modify the content of the message in such a way that Bob will think Alice
Attack Methods:
1. Ciphertext only: Alice has only a copy of ciphertext
2. Known Plaintext: Eve has a copy of ciphertext and the corresponding
plaintext and tries the deduce the key.
Cryptographic Algorithms:
Often grouped into two broad categories, symmetric and asymmetric;
decipher
message
Encryption methods can be extremely efficient, requiring minimal
processing
Both sender and receiver must possess encryption key
If either copy of key is compromised, an intermediate can decrypt and read
messages
classified information
decrypt message
If Key A encrypts message, only Key B can decrypt
Highest value when one key serves as private key and the other
Authentication
Ensuring that the origin of a message is correctly identified
Integrity
Ensuring that only authorized parties are able to modify
computer system assets and transmitted information
Non-repudiation
Requires that neither of the authorized parties deny the
aspects of a valid transaction
Advantages& Disadvantages of
Cryptography and Information Security:
Advantages: There will be a perfect security to the secret writing.
computer would deal with quantum bits (qubits) that can simultaneously
represent both 0 and 1 by simultaneously spinning in different directions.
Conclusion:
Information security is increasingly important
Have varying degrees of sensitivity of information
(information)
Cryptography and encryption provide sophisticated approach to security
Many security-related tools use embedded encryption technologies
Encryption converts a message into a form that is unreadable by the
unauthorized
Many tools are available and can be classified as symmetric or asymmetric, each