Scribd
Upload
13 views22 pages

Notes 3

Uploaded by

Axe No
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views22 pages

Notes 3

Uploaded by

Axe No
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Chapter 1

Introduction

1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 1
Objectives
❑ To define three security goals
❑ To define security attacks that threaten security
goals
❑ To define security services and how they are
related to the three security goals
❑ To define security mechanisms to provide security
services
❑ To introduce two techniques, cryptography and
steganography, to implement security mechanisms.

2
1-1 SECURITY
GOALS
This section defines three security goals.

Topics discussed in this section:


1.1.1 Confidentiality
1.1.2 Integrity
1.1.3 Security

3
1.1 Continued
Figure 1.1 Taxonomy of security goals

4
1.1.1 Confidentiality

Confidentiality is probably the most common aspect of


information security. We need to protect our confidential
information. An organization needs to guard against those
malicious actions that endanger the confidentiality of its
information.

5
1.1.2 Integrity

Information needs to be changed constantly. Integrity


means that changes need to be done only by authorized
entities and through authorized mechanisms.

6
1.1.3 Availability

The information created and stored by an organization


needs to be available to authorized entities. Information
needs to be constantly changed, which means it must be
accessible to authorized entities.

7
1-2
ATTACKS
The three goals of security⎯confidentiality, integrity,
and availability⎯can be threatened by security
attacks.

Topics discussed in this section:


1.2.1 Attacks Threatening Confidentiality
1.2.2 Attacks Threatening Integrity
1.2.3 Attacks Threatening Availability
1.2.4 Passive versus Active Attacks
8
1.2 Continued

Figure 1.2 Taxonomy of attacks with relation to security goals

9
1.2.1 Attacks Threatening Confidentiality

Snooping refers to unauthorized access to or interception


of data.

Traffic analysis refers to obtaining some other type of


information by monitoring online traffic.

10
1.2.2 Attacks Threatening Integrity

Modification means that the attacker intercepts the


message and changes it.

Masquerading or spoofing happens when the attacker


impersonates somebody else.

Replaying means the attacker obtains a copy


of a message sent by a user and later tries to replay it.

Repudiation means that sender of the message might later


deny that she has sent the message; the receiver of the
message might later deny that he has received the message.

11
1.2.3 Attacks Threatening Availability

Denial of service (DoS) is a very common attack. It may


slow down or totally interrupt the service of a system.

12
1.2.4 Passive Versus Active Attacks

Table 1.1 Categorization of passive and active attacks

13
1-3 SERVICES AND
MECHANISMS
ITU-T provides some security services and some
mechanisms to implement those services. Security
services and mechanisms are closely related because a
mechanism or combination of mechanisms are used to
provide a service..

Topics discussed in this section:


1.3.1 Security Services
1.3.2 Security Mechanism
1.3.3 Relation between Services and Mechanisms

14
1.3.1 Security Services
Figure 1.3 Security services

15
1.3.2 Security Mechanism
Figure 1.4 Security mechanisms

16
1.3.3 Relation between Services and Mechanisms

Table 1.2 Relation between security services and mechanisms

17
1-4
TECHNIQUES

Mechanisms discussed in the previous sections are


only theoretical recipes to implement security. The
actual implementation of security goals needs some
techniques. Two techniques are prevalent today:
cryptography and steganography.

Topics discussed in this section:


1.4.1 Cryptography
1.4.2 Steganography

18
1.4.1 Cryptography

Cryptography, a word with Greek origins, means “secret


writing.” However, we use the term to refer to the science
and art of transforming messages to make them secure and
immune to attacks.

19
1.4.2 Steganography

The word steganography, with origin in Greek, means


“covered writing,” in contrast with cryptography, which
means “secret writing.”

Example: covering data with text

20
1.4.2 Continued

Example: using dictionary

Example: covering data under color image

21
1-5 THE REST OF THE
BOOK
The rest of this book is divided into four parts.
Part One: Symmetric-Key Enciphermen
Part Two: Asymmetric-Key Encipherment
Part Three: Integrity, Authentication, and Key Management
Part Four: Network Security

22

You might also like