Scribd
Upload
3K views42 pages

Cryptography and Network Security: Seventh Edition by William Stallings

Uploaded by

mauth aza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
3K views42 pages

Cryptography and Network Security: Seventh Edition by William Stallings

Uploaded by

mauth aza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 42

Cryptography

and Network
Security
Seventh Edition
by William Stallings

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Chapter 1
Computer and Network Security
Concepts

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Cryptographic algorithms and protocols
can be grouped into four main areas:

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


The field of network and
Internet security consists of:

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Computer Security
The NIST Computer Security Handbook defines the
term computer security as:

“the protection afforded to an automated


information system in order to attain the
applicable objectives of preserving the integrity,
availability and confidentiality of information
system resources” (includes hardware, software,
firmware, information/ data, and
telecommunications)
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Computer Security Objectives

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Breach of Security
Levels of Impact

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Computer Security Challenges
• Security is not simple • Security mechanisms typically
involve more than a particular
• Potential attacks on the
algorithm or protocol
security features need to be
considered • Security is essentially a battle
of wits between a
• Procedures used to provide
perpetrator and the designer
particular services are often
counter-intuitive • Little benefit from security
• It is necessary to decide investment is perceived until
a security failure occurs
where to use the various
security mechanisms • Strong security is often
• Requires constant monitoring viewed as an impediment to
efficient and user-friendly
• Is too often an afterthought operation
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
OSI Security Architecture
• Security attack
• Any action that compromises the security of information
owned by an organization

• Security mechanism
• A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security attack

• Security service
• A processing or communication service that enhances the
security of the data processing systems and the information
transfers of an organization
• Intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Table 1.1
Threats and Attacks (RFC 4949)

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Security Attacks
•A means of classifying security
attacks, used both in X.800 and
RFC 4949, is in terms of passive
attacks and active attacks

•A passive attack attempts to


learn or make use of
information from the system
but does not affect system
resources

•An active attack attempts to


alter system resources or affect
their operation

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Passive Attacks

• Are in the nature of


eavesdropping on, or
monitoring of, transmissions

• Goal of the opponent is to • Two types of passive


obtain information that is
being transmitted
attacks are:
• The release of message
contents
• Traffic analysis

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Active Attacks
• Involve some modification of the
data stream or the creation of a
false stream

• Difficult to prevent because of


the wide variety of potential
physical, software, and network
vulnerabilities

• Goal is to detect attacks and to


recover from any disruption or
delays caused by them

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Security Services

• Defined by X.800 as:


• A service provided by a protocol layer of
communicating open systems and that ensures
adequate security of the systems or of data transfers

• Defined by RFC 4949 as:


• A processing or communication service provided by a
system to give a specific kind of protection to system
resources

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Table 1.2

Security
Services
(X.800)

(This table is found on


page 12 in textbook)
© 2017 Pearson Education, Inc., Hoboken, NJ
All rights reserved.
Authentication
• Concerned with assuring that a communication is
authentic
• In the case of a single message, assures the recipient
that the message is from the source that it claims to be
from
• In the case of ongoing interaction, assures the two
entities are authentic and that the connection is not
interfered with in such a way that a third party can
masquerade as one of the two legitimate parties

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Access Control
• The ability to limit and control the access to
host systems and applications via
communications links
• To achieve this, each entity trying to gain
access must first be indentified, or
authenticated, so that access rights can be
tailored to the individual

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Data Confidentiality
• The protection of transmitted data from passive
attacks
• Broadest service protects all user data transmitted
between two users over a period of time
• Narrower forms of service includes the protection of a
single message or even specific fields within a message

• The protection of traffic flow from analysis


• This requires that an attacker not be able to observe the
source and destination, frequency, length, or other
characteristics of the traffic on a communications facility

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Data Integrity

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Nonrepudiation
• Prevents either sender or receiver from
denying a transmitted message
• When a message is sent, the receiver can
prove that the alleged sender in fact sent the
message
• When a message is received, the sender can
prove that the alleged receiver in fact received
the message

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Availability Service

• Protects a system to ensure its availability

• This service addresses the security concerns


raised by denial-of-service attacks
• It depends on proper management and
control of system resources and thus depends
on access control service and other security
services

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Security Mechanisms (X.800)

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Table 1.3

Security
Mechanisms
(X.800)

(This table is found on


pages 14-15 in textbook)

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Fundamental Security
Design Principles
• Least common
• Economy of
mechanism
mechanism
• Fail-safe defaults • Psychological
acceptability
• Complete meditation
• Isolation
• Open design
• Encapsulation
• Separation of privilege
• Modularity
• Least privilege
• Layering
• Least astonishment

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Fundamental Security Design Principles

Economy of mechanism Fail-safe defaults


• Means that the design of security • Means that access decisions
measures embodied in both should be based on permission
hardware and software should be rather than exclusion
as simple and small as possible
• The default situation is lack of
• Relatively simple, small design is access, and the protection
easier to test and verify scheme identifies conditions
thoroughly under which access is permitted
• With a complex design, there are • Most file access systems and
many more opportunities for an virtually all protected services on
adversary to discover subtle client/server use fail-safe defaults
weaknesses to exploit that may
be difficult to spot ahead of time

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Fundamental Security Design Principles

Complete mediation Open design


• Means that every access must be
checked against the access control • Means that the design of a security
mechanism mechanism should be open rather
than secret
• Systems should not rely on access
decisions retrieved from a cache • Although encryption keys must be
• To fully implement this, every time a secret, encryption algorithms
user reads a field or record in a file, should be open to public scrutiny
or a data item in a database, the
system must exercise access • Is the philosophy behind the NIST
control program of standardizing
encryption and hash algorithms
• This resource-intensive approach is
rarely used

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Fundamental Security Design
Principles
Separation of privilege Least privilege
• Defined as a practice in which • Means that every process and
multiple privilege attributes every user of the system should
are required to achieve access operate using the least set of
privileges necessary to perform
to a restricted resource
the task
• Multifactor user • An example of the use of this
authentication is an example principle is role-based access
which requires the use of control; the system security policy
multiple techniques, such as a can identify and define the
password and a smart card, to various roles of users or processes
authorize a user and each role is assigned only
those permissions needed to
perform its functions

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Fundamental Security Design
Principles
Least common Psychological
mechanism acceptability
• Means that the design should • Implies that the security mechanisms
minimize the functions shared should not interfere unduly with the
by different users, providing work of users, while at the same
mutual security time meeting the needs of those
who authorize access
• This principle helps reduce the
• Where possible, security
number of unintended mechanisms should be transparent
communication paths and to the users of the system or, at
reduces the amount of most, introduce minimal obstruction
hardware and software on
which all users depend, thus • In addition to not being intrusive or
making it easier to verify if there burdensome, security procedures
are any undesirable security must reflect the user’s mental model
implications of protection

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Fundamental Security Design
Principles
Isolation Encapsulation
• Applies in three contexts: • Can be viewed as a specific
• Public access systems should be form of isolation based on
isolated from critical resources object-oriented functionality
to prevent disclosure or
tampering • Protection is provided by
• Processes and files of individual encapsulating a collection of
users should be isolated from procedures and data objects in
one another except where it is a domain of its own so that the
explicitly desired internal structure of a data
• Security mechanisms should be object is accessible only to the
procedures of the protected
isolated in the sense of
preventing access to those subsystem, and the procedures
mechanisms may be called only at
designated domain entry points
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Fundamental Security Design
Principles
Modularity Layering
• Refers both to the • Refers to the use of multiple,
development of security overlapping protection
functions as separate, approaches addressing the
people, technology, and
protected modules and
operational aspects of
to the use of a modular information systems
architecture for
mechanism design and • The failure or circumvention
implementation of any individual protection
approach will not leave the
system unprotected

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Fundamental Security Design
Principles
Least astonishment
• Means that a program or user interface should always
respond in the way that is least likely to astonish the
user

• The mechanism for authorization should be


transparent enough to a user that the user has a good
intuitive understanding of how the security goals map
to the provided security mechanism

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Attack Surfaces
• An attack surface consists of the reachable and exploitable
vulnerabilities in a system
• Examples:
• Open ports on outward facing Web and other servers, and code
listening on those ports
• Services available on the inside of a firewall
• Code that processes incoming data, email, XML, office
documents, and industry-specific custom data exchange formats
• Interfaces, SQL, and Web forms
• An employee with access to sensitive information vulnerable to
a social engineering attack

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Attack Surface Categories
• Network attack surface
• Refers to vulnerabilities over an enterprise
network, wide-area network, or the Internet

• Software attack surface


• Refers to vulnerabilities in application, utility, or
operating system code

• Human attack surface


• Refers to vulnerabilities created by personnel or
outsiders
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Attack Tree
• A branching, hierarchical data structure that represents a
set of potential techniques for exploiting security
vulnerabilities
• The security incident that is the goal of the attack is
represented as the root node of the tree, and the ways
that an attacker could reach that goal are represented as
branches and subnodes of the tree
• The final nodes on the paths outward from the root, (leaf
nodes), represent different ways to initiate an attack
• The motivation for the use of attack trees is to effectively
exploit the information available on attack patterns
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Model for Network Security

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Network Access Security
Model

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Unwanted Access
• Placement in a computer system of logic that
exploits vulnerabilities in the system and that can
affect application programs as well as utility
programs such as editors and compilers
• Programs can present two kinds of threats:
• Information access threats
• Intercept or modify data on behalf of users who
should not have access to that data
• Service threats
• Exploit service flaws in computers to inhibit
use by legitimate users
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Standards

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.


Summary
• Computer security concepts • Security services
• Definition • Authentication
• Examples • Access control
• Challenges • Data confidentiality
• Data integrity
• The OSI security
• Nonrepudiation
architecture
• Availability service
• Security attacks
• Passive attacks
• Security mechanisms
• Active attacks • Fundamental security
• Attack surfaces and attack design principles
trees • Network security model
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
• Standards

You might also like