Chapter 1

An Overview

1
Outline
• Computer Security Concepts
• The OSI Security Architecture
• Security Attacks
• Security Services
• Security Mechanism
• A model for Network Security

2
Tasks involved in sending Message

3
 Need for Cryptography
• To securely transfer the message from
Sender to Receiver
• To hide the actual message from Interceptor
• To offer strongest methods to resist against
Crypt Analysis attacks

4
Computer Security Concepts

5
 According to NIST……

• Confidentiality: Preserving authorized

restrictions on information access and disclosure.
• Integrity: Guarding against improper
information modification or destruction.
• Availability: Ensuring timely and reliable access
to and use of information.
6
 CIA Triad
• Confidentiality:
– Data Confidentiality: Assures that private on
confidential information is not made available or
disclosed to unauthorized individuals
– Privacy: Assures that individual controls what
information related to them.
• Integrity
– Data Integrity: Assures that information and programs
are changed in specified manner.
– System Integrity: Assures that system performs its
intended function.
• Availability: Assures that system works promptly and7
service is not denied.
OSI Security Architecture

8
Threats and Attacks (RFC 2828)

9
 X.800, Security Architecture for OSI

• Security Attack: Any action that compromises the

security of information.
• Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a
security attack.
• Security Service: A service that enhances the
security of data processing systems and information
transfers. A security service makes use of one or
more security mechanisms.

10
Security Attacks

11
 Security Attack
• any action that compromises the security of
information owned by an organization
• information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
• have a wide range of attacks
• can focus of generic types of attacks

12
Security Attacks

13
 Security Attacks
• Interruption: This is an attack on
availability
• Interception: This is an attack on
confidentiality
• Modification: This is an attack on
integrity
• Fabrication: This is an attack on
authenticity
14
 Classify Security Attacks as
• passive attacks - eavesdropping on, or
monitoring of, transmissions to:
– obtain message contents, or
– monitor traffic flows
• active attacks – modification of data
stream to:
– masquerade of one entity as some other
– replay previous messages
– modify messages in transit
– denial of service
15
16
Security Services

17
 Security Service
– is something that enhances the security of the
data processing systems and the information
transfers of an organization.

– intended to counter security attacks.

– make use of one or more security mechanisms

to provide the service.

18
 Security Services
• Authentication - assurance that the
communicating entity is the one claimed
• Access Control - prevention of the
unauthorized use of a resource
• Data Confidentiality –protection of data from
unauthorized disclosure
• Data Integrity - assurance that data received is
as sent by an authorized entity
• Non-Repudiation - protection against denial by
one of the parties in a communication
• Availability - Protects a System to ensure its
availability 19
Security Mechanism

20
 Security Mechanism
• a mechanism that is designed to detect,
prevent, or recover from a security attack
• no single mechanism that will support all
functions required
• however one particular element underlies
many of the security mechanisms in use:
cryptographic techniques
• hence our focus on this area
21
 Security Mechanism
• specific security mechanisms (Page 23):

– encipherment, digital signatures, access

controls, authentication exchange, traffic
padding, routing control etc..

22
 Relationship between
Security Service - Mechanisms

23
Model for Network Security

24
Network Security Model

25
 Model for Network Security
• using this model requires us to:
– design a suitable algorithm for the security
transformation
– generate the secret information (keys) used by
the algorithm
– develop methods to distribute and share the
secret information
– specify a protocol enabling the principals to use
the transformation and secret information for a
security service
26
Network Access Security Model

27
Model for Network Access Security

• using this model requires us to:

– select appropriate gatekeeper functions to
identify users

– implement security controls to ensure only

authorised users access designated information
or resources

28