0% found this document useful (0 votes)
16 views48 pages

Lec 7, 8

Uploaded by

mohamedshibl30
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
16 views48 pages

Lec 7, 8

Uploaded by

mohamedshibl30
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 48

CHAPTER 1

AN OVERVIEW OF COMPUTER
SECURITY
1. THE BASIC COMPONENTS

A. Confidentiality
Confidentiality is the concealment of information or resources. The need for keeping information secret arises from
the use of computers in sensitive fields such as government and industry.
For example, military and civilian institutions in the government often restrict access to information to those who
need that information.
B. Integrity
Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or
unauthorized change. Integrity includes data integrity (the content of the information) and origin integrity (the source
of the data, often called authentication).
QUIZ

 A newspaper may print information obtained from a leak at the White


House but attribute it is to the wrong source. The information is printed as
received but its source is incorrect (corrupting origin integrity)
This type of security is under the component of
1. Confidentiality (Spoofing ‫)احتيال‬
2. Integrity
1-THE BASIC COMPONENTS

 Integrity mechanisms fall into two classes: prevention mechanisms and


detection mechanisms.
 Prevention mechanisms seek to maintain the integrity of the data by
blocking any unauthorized attempts to change the data or any attempts to
change the data in unauthorized ways.
 Detection mechanisms do not try to prevent violations of integrity; they
simply report that the data’s integrity is no longer trustworthy
1-THE BASIC COMPONENTS

C. Availability
Availability refers to the ability to use the information or resource desired. Availability is
an important aspect of reliability as well as of system design because an unavailable
system is at least as bad as no system at all.
Attempts to block availability, called denial of service attacks, can be the most difficult
to detect, because the analyst must determine if the unusual access patterns are
attributable to deliberate manipulation of resources or of environment.
2- THREATS
A threat is a potential violation of security. The violation need not actually occur for
there to be a threat. The fact that the violation might occur means that those actions that
could cause it to occur must be guarded against (or prepared for). Those actions are
called attacks. Those who execute such actions, or cause them to be executed, are called
attackers.
Threats may be divided into four broad classes:
 Disclosure, or unauthorized access to information ( EX:- Snooping)
 Deception, or acceptance of false data
 Disruption, or interruption or prevention of correct operation;
 Usurpation, or unauthorized control of some part of a system
Vulnerability + Threat = Risk
2- THREATS
 Snooping, the unauthorized interception of information, is a form of disclosure.
 Modification or alteration, an unauthorized change of information, covers three classes of
threats
 Spoofing, an impersonation of one entity by another, is a form of both deception and
usurpation
 Repudiation of origin, a false denial that an entity sent (or created) something, is a form of
deception
 Denial of receipt, , is a form of deception. a false denial that an entity received some
information or message
 Delay, a temporary inhibition of a service, is a form of usurpation
 Denial of service, a long-term inhibition of service, is a form of usurpation
3- POLICY AND MECHANISM

 Definition 1–1. A security policy is a statement of what is, and what is


not, allowed. )‫(السياسات املسموح بها وغير املسموح به‬
 Definition 1–2. A security mechanism is a method, tool, or procedure for
enforcing a security policy.)‫(طريقة تطبيق السياسات‬
3- POLICY AND MECHANISM

A goal of security
 Given a security policy’s specification of “secure” and “nonsecure” actions, these security
mechanisms can prevent the attack, detect the attack, or recover from the attack.
 Prevention means that an attack will fail
 Detection is most useful when an attack cannot be prevented, but it can also indicate the
effectiveness of preventative measures. Detection mechanisms accept that an attack will
occur; the goal is to determine that an attack is under way, or has occurred, and report it.
 Recovery has two forms. The first is to stop an attack and to assess and repair any damage
caused by that attack. As an example, if the attacker deletes a file, one recovery mechanism
would be to restore the file from backup tapes
4. ASSUMPTIONS AND TRUST

 These two assumptions are fundamentally different. The first assumption asserts that
the policy is a correct description of what constitutes a “secure” system. (officer was
authorized to move the money but it is violate the security)
 The second assumption says that the security policy can be enforced by security
mechanisms.
 Let P be the set of all possible states. Let Q be the set of secure states (as specified by
the security policy). Let the security mechanisms restrict the system to some set of
states R (thus, R ⊆ P). Then we have the following definition.
 Definition 1–3. A security mechanism is secure if R ⊆ Q; it is precise if R = Q; and it
is broad if there are states r such that r ∈ R and r ∉ Q.
4. ASSUMPTIONS AND TRUST

Trusting that mechanisms work requires several assumptions.


 1. Each mechanism is designed to implement one or more parts of the security policy.
 2. The union of the mechanisms implements all aspects of the security policy.
 3. The mechanisms are implemented correctly.
 4. The mechanisms are installed and administered correctly.
5- ASSURANCE
 System specification, design, and implementation can provide a basis for determining
“how much” to trust a system. This aspect of trust is called assurance.
 Definition 1–4. A system is said to satisfy a specification if the specification correctly
states how the system will function.
What are the components of assurance?
 A. Specification : A specification is a (formal or informal) statement of the desired
functioning of the system
 B. Design: The design of a system translates the specifications into components that
will implement them. The design is said to satisfy the specifications if, under all
relevant circumstances, the design will not permit the system to violate those
specifications.
QUIZ
 A company is purchasing a new computer for internal use. They need to
trust the system to be invulnerable to attack over the Internet. One of their
(English) specifications would read “The system cannot be attacked over
the Internet. Thus the company A design of the computer system for a
company had no
 A. network interface cards
 B. no modem cards
 C. no network drivers in the kernel.
 D. all
QUIZ

 A company is purchasing a new computer for internal use. They need to


trust the system to be invulnerable to attack over the Internet. One of their
(English) specifications would read “The system cannot be attacked over
the Internet. Thus the company A design of the computer system for a
company had no
 A. network interface cards
 B. no modem cards
 C. no network drivers in the kernel.
 D. all
5- ASSURANCE

 C. Implementation Given a design, the implementation creates a system that


satisfies that design.
 Definition 1–5. A program is correct if its implementation performs as specified.
6- OPERATIONAL ISSUES

 Any useful policy and mechanism must balance the benefits of the protection against
the cost of designing, implementing, and using the mechanism. The issues include
 A. Cost-Benefit Analysis. If the data or resources cost less, or are of less value, than
their protection, adding security mechanisms and procedures is not cost-effective
because the data or resources can be reconstructed more cheaply than the protections
themselves. Unfortunately, this is rarely the case.
 C. Risk Analysis
SECURITY POLICES

Consider a computer system to be a finite-state automaton with a set of transition


functions that change state. Then:
 Definition 2–1. A security policy is a statement that partitions the states of the
system into a set of authorized, or secure, states and a set of unauthorized, or
non-secure, states.
 Definition 2–2. A secure system is a system that starts in an authorized state and
cannot enter an unauthorized state.
CHAPTER TWO : SECURITY POLICES
SECURITY POLICES DEFINITIONS

 Consider the finite-state machine in the figure. It consists of four states and five transitions.

 The security policy partitions the states into a set of authorized states A This system is not secure,
because regardless of which authorized state it starts in, it can enter an unauthorized state.
However, if the edge from s1 to s3 were not present, the system would be secure, because it could
not enter an unauthorized state from an authorized state.= { s1, s2 } and a set of unauthorized
states UA = { s3, s4 }.
QUIZ

In the figure, suppose that edge t3 went from s1 to s4. Would


the resulting system be secure?
If the edge went from s1 to s4, then the system would be insecure
because s4 is considered part of the unauthorized states, (UA = {s3,
s4}). If the edge from s1 to s4 were to exist, then the system would
enter an unauthorized state from an authorized state.
SECURITY POLICES DEFINITIONS

 1- Definition 2–5. Let X be a set of entities and let I be some information or a resource. Then I has the property of
integrity with respect to X if all members of X trust I.
 Definition 2–6. Let X be a set of entities and let I be a resource. Then I has the property of availability with respect
to X if all members of X can access I.
2.2 TYPES OF SECURITY POLICIES

 A military security policy (also called a governmental security policy) is a security


policy developed primarily to provide confidentiality.
 A commercial security policy is a security policy developed primarily to provide
integrity
 A confidentiality policy is a security policy dealing only with
confidentiality.
 An integrity policy is a security policy dealing only with
integrity.
2.4 TYPES OF ACCESS CONTROL

 There are two types of access control:


 1- The first type is based on user identity and is the most
widely known:
 →If an individual user can set an access control mechanism
to allow or deny access to an object, that mechanism is a
discretionary access control (DAC), also called an identity-
based access control (IBAC).
2.4 TYPES OF ACCESS CONTROL

 The second type of access control is based on fiat (order


command), and identity is irrelevant:

1- When a system mechanism controls access to an object and an


individual user cannot alter that access, the control is a mandatory
access control (MAC), occasionally called a rule-based access
control.
 The second type of access control is based on fiat (order
command), and identity is irrelevant:

2- An originator controlled access control (ORCON or


ORGCON) bases access on the creator of an object (or the
information it contains).
QUIZ

 The law allows a court (‫)محكمه‬to access driving records without the
owners’ permission. This is type of access control is -------------
 1- mandatory access control (MAC)
 2- discretionary access control (DAC),
 3-identity-based access control (IBAC)
QUIZ
 Classify each of the following as an example of a mandatory, discretionary, or
originator controlled policy, or a combination thereof. Justify your answers.
 1. The file access control mechanisms of the UNIX operating system discretionary
access control
 Ans: Since users can assign and modify permissions that they possess, access
control is discretionary.
 2. A system in which no memorandum can be distributed without the author's
consent .
 Ans: originator access control This would be originator access control. This is
because if I am the author of the memorandum I am the one who can say my
information can be distributed, no one else can.
EXERCISES

 Classify each of the following as a violation of confidentiality, of


integrity, of availability, or of some combination thereof.
 a. John copies Mary’s homework. [confidentiality]
 b. Paul crashes Linda’s system. [availability, integrity]
 c. Carol changes the amount of Angelo’s check from $100 to $1,000.
[data integrity]
EXERCISES CHAPTER 1
 d. Gina forges (‫ )تزور‬Roger’s signature on a deed. [integrity]

 e. Rhonda registers the domain name “AddisonWesley.com” and refuses to let


the publishing house buy or use that domain name. [availability]
 f. Jonah obtains Peter’s credit card number and has the credit card company
cancel the card and replace it with another card bearing a different account
number. [confidentiality, integrity, availability]
 g. Henry spoofs Julie’s IP address to gain access to her computer.
[source integrity]
CHAPTER 3
CRYPTOGRAPHY
WHAT IS CRYPTOGRAPHY?
 The word cryptography comes from two Greek words meaning “secret writing” and is the art and
science of concealing meaning
 component of cryptography:

 A cryptosystem is a 5-tuple (E, D, M, K, C), where M is the set of plaintexts, K the set of keys, C is the
set of ciphertexts, E: M × K → C is the set of enciphering functions, and D: C × K → M is the set of
deciphering functions.
 D = { Dk | k ∈ K and for all c ∈ C, Dk(c) = (26 + c – k) mod 26 }

 Each Dk simply inverts the corresponding Ek.

 C=M

 because E is clearly a set of onto functions.


WHAT IS CRYPTOGRAPHY?

 The goal of cryptography is to keep enciphered information secret

 Cryptography – cryptography means hidden writing, the practice of using encryption to conceal text

 Cryptanalysis – cryptanalyst studies encryption and encrypted message, with the goal of finding
the hidden meaning of the messages
 Cryptology – includes both cryptography and cryptanalysis
CRYPTOSYSTEMS TYPES

 Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same
key for encryption (encipherment) and decryption (decipherment).
 Public Key Cryptography (Asymmetric cryptosystems)
SYMMETRIC AND
ASYMMETRIC
 There are two basic types of
classical ciphers:
transposition ciphers and
substitution ciphers.
TRANSPOSITION CIPHER

 A transposition cipher rearranges the characters in the plaintext to form the


ciphertext. The letters are not changed.
 The rail fence cipher is an example of transposition cipher

 QUIZ: Encrypt Hello World by using rail fence

Here Key = 2. For encryption we write the message diagonally in zigzag form in a
matrix having total rows = key and total columns = message length. Then read the
matrix row wise horizontally to get encrypted message.
QUIZ

H L O O L
E L W R D
 Key=2
 Plaintext : HELLOWORLD
 Ciphertext: HLOOLELWRD
TMSUVSYHMANEIXAATIRTX
NEW

C P E S U T
O U R E R y
M T -- c I

Plain: Computer security


Cipher: cpesutourerymt ci
QUIZ
Key=3
Original Message: Hello World
Encrypted Message: Horel ollWd
Key=3
Original Message: Hello World study computer security
Encrypted Message: Horel ollWd sytdu cu uyoptrscrtmeei

C U -- U y
O P T R s C R T
M E E I

S y
T D
U
TRANSPOSITION DECIPHER
Table 3.1 Frequency of characters in English

Table 3.2 Frequency of diagrams and trigrams


SUBSTITUTION
CIPHERS

 A substitution
cipher changes
characters in the
plaintext to produce
the ciphertext.
THE CAESAR CIPHER

 EXAMPLE: The Caesar cipher is the widely known cipher in which letters are
shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so
forth, ending with Z becoming C. So the word “HELLO” is enciphered as “KHOOR.”
Informally, this cipher is a cryptosystem with:
 M = { all sequences of Roman letters }
 K = { i | i an integer such that 0 ≤ i ≤ 25 }
 E = { Ek | k ∈ K and for all m ∈ M, Ek(m) = (m + k) mod 26 }
 Representing each letter by its position in the alphabet (with A in position 0),
 “HELLO” is 7 4 11 11 14; if k = 3, the ciphertext is 10 7 14 14 17, or “KHOOR.”
THE CAESAR CIPHER

 M=computer C=eqorwvgt
 Key=3

 PlaintextA=1, B=2, C=3, D=4, E=5, F=6, G=7, H=8, I=9, J=10, K=11, L=12,
M=13, N=14, O=15, P=16, Q=17, R=18, S=19, T=20, U=21, V=22, W=23, X Y Z
 Ciphertext D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

You might also like