DATA SECURITY 1

DR MARWA AL ENANY
THE CONCEPT OF SECURITY

• Security is “the quality or state of being secure to be free from danger.”

• In other words, protection against adversaries from those who would do harm,
intentionally or otherwise is the objective.

• The Committee on National Security Systems (CNSS) defines information

security as the protection of information and its critical elements, including the
systems and hardware that use, store, and transmit that information.
THE CONCEPT OF SECURITY
• A successful organization should have the following multiple layers of
security in place to protect its operations:
• Physical security, to protect physical items, objects, or areas from unauthorized
access and misuse.
• Personnel security, to protect the individual or group of individuals who are
authorized to access the organization and its operations.
• Operations security, to protect the details of a particular operation or series of
activities.
• Communications security, to protect communications media, technology, and
content.
• Network security, to protect networking components, connections, and contents.
• Information security, to protect the confidentiality, integrity and availability of
information assets, whether in storage, processing, or transmission. It is achieved via
the application of policy, education, training and awareness, and technology.
 Areas of information Security

Information security management.

Computer and data security.
Network security.
SECURITY GOALS
The CNSS model of information security evolved from a concept developed by the computer security
industry called the C.I.A. triangle.

It is based on the three characteristics of information(security goals) that give it value to organizations:
• confidentiality .
An organization needs to guard against those malicious actions that endanger the confidentiality of its
information. When we send a piece of information to be stored in a remote computer or when we retrieve a
piece of information from a remote computer, we need to conceal it during transmission.

• Integrity.
Information needs to be changed constantly. In a bank, when a customer deposits or with draws money, the
balance of her account needs to be changed. Integrity means that changes need to be done only by
authorized entities and through authorized mechanisms.
• Availability.
The information created and stored by an organization needs to be available to authorized entities.
Information needs to be constantly changed.
KEY INFORMATION SECURITY CONCEPTS

• Access: Authorized users have legal access to a system, whereas hackers

have illegal access to a system. Access controls regulate this ability.
• Asset: The organizational resource that is being protected. An asset can
be logical, such as a Web site, information, or data; or an asset can be
physical, such as a person, computer system, or other tangible object.
• Attack: An intentional or unintentional act that can cause damage to or
otherwise compromise information and/or the systems that support it.
Attacks can be active or passive, intentional or unintentional, and direct
or indirect.
• Control, safeguard, or countermeasure: Security mechanisms,
policies, or procedures that can successfully counter attacks, reduce risk,
resolve vulnerabilities, and otherwise improve the security within an
organization.
KEY INFORMATION SECURITY CONCEPTS
• Exposure: A condition or state of being exposed. In information
security, exposure exists when a vulnerability known to an attacker is
present.
• Loss: When an organization’s information is stolen, it has suffered a
loss.
• Protection profile or security posture: The entire set of controls and
safeguards that the organization implements to protect the asset. The
terms are sometimes used interchangeably with the term security
program.
• Risk: The probability that something unwanted will happen.
• Subjects and objects: A computer can be either the subject of an
attack, an agent entity used to conduct the attack, or the object of an
attack, or the target entity.
KEY INFORMATION SECURITY CONCEPTS

• Exploit: A technique used to compromise a system. This term can be a verb or a

noun. Exploits make use of existing software tools or custom-made software
components.

• Threat: A category of objects, persons, or other entities that presents a danger to an

asset.

• Threat agent: The specific instance or a component of a threat. For example, all
hackers in the world present a collective threat.

• Vulnerability: A weaknesses or fault in a system or protection mechanism that

opens it to attack or damage. Some examples of vulnerabilities are a flaw in a
software package, an unprotected system port, and an unlocked door.
 SECURITY ATTACKS

• The unauthorized or illegal actions that are taken against the government, corporate, or
private IT assets in order to: destroy, modify, or steal the sensitive data.

• They are further classified into active and passive attacks, in which the
attacker gets unlawful access to the system's resources.

• Active attacks: An Active attack attempts to alter system resources or

affect their operations. Active attacks involve some modification of the data
stream or the creation of false statements.
• Passive attacks: A Passive attack attempts to learn or make use of
information from the system but does not affect system resources .
ACTIVE ATTACKS

• Types of active attacks are as follows:

• Masquerade
• Modification of messages
• Repudiation
• Replay
• Denial of Service
ACTIVE ATTACKS

• Masquerade
• when one entity pretends to be a different entity. A Masquerade attack
involves one of the other forms of active attacks . Masquerade assaults may be
performed using the stolen passwords and logins, with the aid of using finding
gaps in programs.
ACTIVE ATTACKS
• Modification of messages
• It means that some portion of a message is altered or that message is delayed or reordered
to produce an unauthorized effect. Modification is an attack on the integrity of the original
data. It basically means that unauthorized parties not only gain access to data but also spoof
the data by triggering denial-of-service attacks, such as altering transmitted data packets or
flooding the network with fake data.
ACTIVE ATTACKS
• Repudiation
• This attack occurs when the network is not completely secured or the login
control has been tampered with. With this attack, the author’s information can
be changed by actions of a malicious user in order to save false data in log
files, up to the general manipulation of data on behalf of others, similar to the
spoofing of e-mail messages.
ACTIVE ATTACKS
• Replay
• It involves the passive capture of a message and its subsequent transmission to
produce an authorized effect. the basic aim of the attacker is to save a copy of
the data originally present on that particular network and later on use this data
for personal uses. Once the data is corrupted or leaked it is insecure and unsafe
for the users.
ACTIVE ATTACKS
• Denial of Service
• It prevents the normal use of communication facilities. This attack may have a
specific target. For example, an entity may suppress all messages directed to a
particular destination. Another form of service denial is the disruption of an
entire network either by disabling the network or by overloading it with
messages so as to degrade performance.
PASSIVE ATTACK
• Types of Passive attacks are as follows:

• The release of message content

• Traffic analysis
PASSIVE ATTACK

• The release of message content

• Telephonic conversation, an electronic mail message, or a transferred file may
contain sensitive or confidential information. We would like to prevent an
opponent from learning the contents of these transmissions.
PASSIVE ATTACK
• Traffic analysis
Suppose that we had a way of masking (encryption) information, so that the attacker even
if captured the message could not extract any information from the message.
The opponent could determine the location and identity of communicating host and could
observe the frequency and length of messages being exchanged. This information might be
useful in guessing the nature of the communication that was taking place.

•
BASIC TERMINOLOGY
• Cryptographic system or
• Plaintext cipher
• The original message • Schemes used for
• Ciphertext encryption
• The coded message • Cryptanalysis
• Enciphering or encryption • Techniques used for
deciphering a message
• Process of converting from plaintext
to ciphertext without any knowledge of
the enciphering details
• Deciphering or decryption
• Cryptology
• Restoring the plaintext from the
ciphertext • Areas of cryptography and
• Cryptography cryptanalysis together
• Study of encryption
 Overview on the Field of Cryptology
the study of
cryptosystems
Cryptology

is the science of using mathematics

to encrypt and decrypt data. Cryptography Cryptanalysis
It involves the study of
cryptographic mechanism with the
intention to break them.
Symmetric-Key Asymmetric-Key
Private-key Public-key

Block Cipher Stream Cipher

Encryption and Decryption
Encryption is the process by which a readable message is converted to an
unreadable form to prevent unauthorized parties from reading it.
Decryption is the process of converting an encrypted message back to its original
(readable) format. In decryption, the system extracts and converts the garbled data
and transforms it to texts and images that are easily understandable not only by the
reader but also by the system.

The original message is called the plaintext message, while the encrypted
message is called the ciphertext message.

key—a word, number, or phrase—to encrypt the plaintext.

CRYPTOSYSTEM MODEL
CRYPTOGRAPHIC SYSTEMS
The type of operations
The number of keys The way in which the
used for transforming
used plaintext is processed
plaintext to ciphertext

Symmetric, single-
key, secret-key,
Substitution Block cipher
conventional
encryption

Asymmetric, two-
Transposition key, or public-key Stream cipher
encryption
• In symmetric encryption, there is only one key, and all
communicating parties use the same (secret) key for both
encryption and decryption.
• In asymmetric, or public key, encryption, there are two keys:
one key is used for encryption, and a different key is used for
decryption. The decryption key is kept private (hence the
"private key" name), while the encryption key is shared
publicly, for anyone to use (hence the "public key" name).