Cryptography and Network Security: Sixth Edition by William Stallings
Cryptography and Network Security: Sixth Edition by William Stallings
Network Security
Sixth Edition
by William Stallings
Chapter 1
Overview
The combination of space, time, and strength
that must be considered as the basic elements
of this theory of defense makes this a fairly
complicated matter. Consequently, it is not easy
to find a fixed point of departure.
On War,
Carl Von Clausewitz
Cryptographic algorithms and protocols
can be grouped into four main areas:
Symmetric encryption
Asymmetric encryption
Used to conceal small blocks of data, such as encryption keys and hash
function values, which are used in digital signatures
Authentication protocols
measures to deter,
prevent, detect, and
correct security
violations that involve
the transmission of
information
Computer Security
Integrity
Data integrity
Assures that information and programs are changed only in a specified and
authorized manner
System integrity
Assures that a system performs its intended function in an unimpaired manner,
free from deliberate or inadvertent unauthorized manipulation of the system
Availability
Assures that systems work promptly and service is not denied to authorized
users
CIA Triad
Possible additional concepts:
Authenticity Accountability
Verifying that users The security goal that
are who they say they generates the
are and that each requirement for
input arriving at the actions of an entity to
system came from a be traced uniquely to
trusted source that entity
Breach of Security
Levels of Impact
The loss could be expected to have a severe or
High catastrophic adverse effect on organizational
operations, organizational assets, or individuals
Security mechanism
A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security
attack
Security service
A processing or communication service that enhances the
security of the data processing systems and the information
transfers of an organization
Intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service
Table 1.1
Threats and Attacks (RFC 4949)
Security Attacks
A means of classifying security
attacks, used both in X.800 and
RFC 4949, is in terms of passive
attacks and active attacks
Authentication
Access control
Data confidentiality
Data integrity
Nonrepudiation
Authentication
Concerned with assuring that a communication is
authentic
In the case of a single message, assures the recipient
that the message is from the source that it claims to
be from
In the case of ongoing interaction, assures the two
entities are authentic and that the connection is not
interfered with in such a way that a third party can
masquerade as one of the two legitimate parties
Security
Services
(X.800)
Security
Mechanisms
(X.800)