0% found this document useful (0 votes)
90 views30 pages

Cryptography and Network Security: Sixth Edition by William Stallings

This document summarizes Chapter 1 of the textbook "Cryptography and Network Security" by William Stallings. It discusses the four main areas of cryptographic algorithms: symmetric encryption, asymmetric encryption, data integrity algorithms, and authentication protocols. It also defines key concepts in computer security like confidentiality, integrity, and availability. Security attacks are classified as either passive or active. Common security services defined are authentication, access control, data confidentiality, data integrity, and nonrepudiation.

Uploaded by

Aziz Maqtri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
90 views30 pages

Cryptography and Network Security: Sixth Edition by William Stallings

This document summarizes Chapter 1 of the textbook "Cryptography and Network Security" by William Stallings. It discusses the four main areas of cryptographic algorithms: symmetric encryption, asymmetric encryption, data integrity algorithms, and authentication protocols. It also defines key concepts in computer security like confidentiality, integrity, and availability. Security attacks are classified as either passive or active. Common security services defined are authentication, access control, data confidentiality, data integrity, and nonrepudiation.

Uploaded by

Aziz Maqtri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Cryptography and

Network Security
Sixth Edition
by William Stallings
Chapter 1
Overview
The combination of space, time, and strength
that must be considered as the basic elements
of this theory of defense makes this a fairly
complicated matter. Consequently, it is not easy
to find a fixed point of departure.
On War,
Carl Von Clausewitz
Cryptographic algorithms and protocols
can be grouped into four main areas:

Symmetric encryption

Used to conceal the contents of blocks or streams of data of any size,


including messages, files, encryption keys, and passwords

Asymmetric encryption

Used to conceal small blocks of data, such as encryption keys and hash
function values, which are used in digital signatures

Data integrity algorithms

Used to protect blocks of data, such as messages, from alteration

Authentication protocols

Schemes based on the use of cryptographic algorithms designed to


authenticate the identity of entities
The field of network and
Internet security consists of:

measures to deter,
prevent, detect, and
correct security
violations that involve
the transmission of
information
Computer Security

The NIST Computer Security Handbook defines the


term computer security as:

the protection afforded to an automated


information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality of
information system resources (includes
hardware, software, firmware, information/
data, and telecommunications)
Computer Security Objectives
Confidentiality
Data confidentiality
Assures that private or confidential information is not made available or disclosed
to unauthorized individuals
Privacy
Assures that individuals control or influence what information related to them may
be collected and stored and by whom and to whom that information may be
disclosed

Integrity
Data integrity
Assures that information and programs are changed only in a specified and
authorized manner
System integrity
Assures that a system performs its intended function in an unimpaired manner,
free from deliberate or inadvertent unauthorized manipulation of the system

Availability
Assures that systems work promptly and service is not denied to authorized
users
CIA Triad
Possible additional concepts:

Authenticity Accountability
Verifying that users The security goal that
are who they say they generates the
are and that each requirement for
input arriving at the actions of an entity to
system came from a be traced uniquely to
trusted source that entity
Breach of Security
Levels of Impact
The loss could be expected to have a severe or
High catastrophic adverse effect on organizational
operations, organizational assets, or individuals

The loss could be expected to have a

Moderate serious adverse effect on


organizational operations,
organizational assets, or individuals

The loss could be expected


to have a limited adverse

Low effect on organizational


operations, organizational
assets, or individuals
Computer Security Challenges
Security is not simple Security mechanisms typically
involve more than a
Potential attacks on the particular algorithm or
security features need to be protocol
considered
Security is essentially a battle
Procedures used to provide of wits between a
particular services are often perpetrator and the designer
counter-intuitive
Little benefit from security
It is necessary to decide investment is perceived until
where to use the various a security failure occurs
security mechanisms
Strong security is often
Requires constant monitoring viewed as an impediment to
efficient and user-friendly
Is too often an afterthought operation
OSI Security Architecture
Security attack
Any action that compromises the security of information
owned by an organization

Security mechanism
A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security
attack

Security service
A processing or communication service that enhances the
security of the data processing systems and the information
transfers of an organization
Intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service
Table 1.1
Threats and Attacks (RFC 4949)
Security Attacks
A means of classifying security
attacks, used both in X.800 and
RFC 4949, is in terms of passive
attacks and active attacks

A passive attack attempts to


learn or make use of
information from the system
but does not affect system
resources

An active attack attempts to


alter system resources or affect
their operation
Passive Attacks

Are in the nature of


eavesdropping on, or
monitoring of, transmissions

Goal of the opponent is to Two types of passive


obtain information that is
being transmitted
attacks are:
The release of message
contents
Traffic analysis
Active Attacks
Involve some modification of the
data stream or the creation of a Takes place when one entity
pretends to be a different entity
false stream Masquerade Usually includes one of the other
forms of active attack
Difficult to prevent because of
the wide variety of potential
Involves the passive capture of a
physical, software, and network data unit and its subsequent
Replay retransmission to produce an
vulnerabilities
unauthorized effect

Goal is to detect attacks and to


recover from any disruption or Some portion of a legitimate
delays caused by them Modification message is altered, or messages are
of messages delayed or reordered to produce an
unauthorized effect

Denial of Prevents or inhibits the normal use


or management of communications
service facilities
Security Services

Defined by X.800 as:


A service provided by a protocol layer of
communicating open systems and that ensures
adequate security of the systems or of data transfers

Defined by RFC 4949 as:


A processing or communication service provided by a
system to give a specific kind of protection to system
resources
X.800 Service Categories

Authentication

Access control

Data confidentiality

Data integrity

Nonrepudiation
Authentication
Concerned with assuring that a communication is
authentic
In the case of a single message, assures the recipient
that the message is from the source that it claims to
be from
In the case of ongoing interaction, assures the two
entities are authentic and that the connection is not
interfered with in such a way that a third party can
masquerade as one of the two legitimate parties

Two specific authentication services are defined in X.800:

Peer entity authentication


Data origin authentication
Access Control

The ability to limit and control the access to


host systems and applications via
communications links

To achieve this, each entity trying to gain


access must first be indentified, or
authenticated, so that access rights can be
tailored to the individual
Data Confidentiality
The protection of transmitted data from passive
attacks
Broadest service protects all user data transmitted
between two users over a period of time
Narrower forms of service includes the protection of a
single message or even specific fields within a message

The protection of traffic flow from analysis


This requires that an attacker not be able to observe the
source and destination, frequency, length, or other
characteristics of the traffic on a communications facility
Data Integrity

Can apply to a stream of messages, a single


message, or selected fields within a message

Connection-oriented integrity service, one that


deals with a stream of messages, assures that
messages are received as sent with no duplication,
insertion, modification, reordering, or replays

A connectionless integrity service, one that deals


with individual messages without regard to any
larger context, generally provides protection
against message modification only
Nonrepudiation
Prevents either sender or receiver from
denying a transmitted message

When a message is sent, the receiver can


prove that the alleged sender in fact sent the
message

When a message is received, the sender can


prove that the alleged receiver in fact received
the message
Table 1.2

Security
Services
(X.800)

(This table is found on


page 18 in textbook)
Security Mechanisms (X.800)

Specific Security Mechanisms


Encipherment
Digital signatures
Access controls
Data integrity
Pervasive Security Mechanisms
Authentication exchange
Traffic padding Trusted functionality
Routing control Security labels
Notarization Event detection
Security audit trails
Security recovery
Table 1.3

Security
Mechanisms
(X.800)

(This table is found on


pages 20-21 in textbook)
Model for Network Security
Network Access Security
Model
Unwanted Access
Placement in a computer system of logic that
exploits vulnerabilities in the system and that
can affect application programs as well as
utility programs such as editors and compilers
Programs can present two kinds of threats:
Information access threats
Intercept or modify data on behalf of users who
should not have access to that data
Service threats
Exploit service flaws in computers to
inhibit use by legitimate users
Summary
Computer security Security services
concepts Authentication
Definition Access control
Examples Data confidentiality
Challenges Data integrity
Nonrepudiation
The OSI security
Availability service
architecture
Security mechanisms
Security attacks
Passive attacks
Active attacks

You might also like