Scribd
Upload
152 views13 pages

01 ChF01 Introduction

Uploaded by

Salam Bader
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
152 views13 pages

01 ChF01 Introduction

Uploaded by

Salam Bader
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Chapter 1

Introduction

Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1.1
Security Goals

Confidentiality is probably the most common aspect of information security.


We need to protect our confidential information. An organization needs to
guard against those malicious actions that endanger the confidentiality of its
information.

Information needs to be changed constantly. Integrity means that changes


need to be done only by authorized entities and through authorized
mechanisms.

The information created and stored by an organization needs to be available


to authorized entities. Information needs to be constantly changed, which
means it must be accessible to authorized entities.
1.2
ATTACKS

Taxonomy of attacks with relation to security goals

1.3
Attacks
Attacks Threatening Confidentiality
Snooping refers to unauthorized access to or interception of data.
Traffic analysis refers to obtaining some other type of information by monitoring
online traffic.

Attacks Threatening Integrity


Modification means that the attacker intercepts the message and changes it.
Masquerading (spoofing) happens when the attacker impersonates somebody else.
Replaying means the attacker obtains a copy of a message sent by a user and later
tries to replay it.
Repudiation means that sender of the message might later deny that she has sent
the message; the receiver of the message might later deny that he has received the
message.

Attacks Threatening Availability


Denial of service (DoS) is a very common attack. It may slow down or totally
interrupt the service of a system.
1.4
Passive Versus Active Attacks

Categorization of passive and active attacks

1.5
Security Services
Security Services

The actual implementation of security goals needs


some techniques. One prevalent technique today is
cryptography.

1.6
Cryptography components

The original message is called plaintext. After the message is


transformed by an encryption algorithm, it is called ciphertext. A
decryption algorithm transforms the ciphertext back into the
plaintext.

The sender uses an encryption algorithm and the receiver uses a


decryption algorithm.
Categories of cryptography

We refer to encryption and decryption algorithms as ciphers.


A cipher key is a number (or a set of numbers) that the cipher, as
an algorithm, operates on.

Cryptography algorithms (ciphers) are divided into two groups:


• Symmetric key (Secret key) algorithms
• Asymmetric key (Public-key) algorithms
Symmetric-key cryptography

In symmetric-key cryptography, the encryption algorithm


(sender) and the decryption algorithm (receiver) use the same
key.
Asymmetric-key cryptography

In asymmetric-key (public-key) cryptography, there are two keys. The


private key is kept by (is known only to) the receiver. The public key is
announced to the public. The sender uses the public key to encrypt the
message (plaintext). The private key is used by the receiver to decrypt
the message (ciphertext).
Keys used in cryptography
Sample Private Key
Sample Public Key

You might also like