0% found this document useful (0 votes)
54 views42 pages

Ch01 Crypto7e

Uploaded by

zzk9014
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
54 views42 pages

Ch01 Crypto7e

Uploaded by

zzk9014
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 42

Seventh Edition, Global Edition

by William Stallings
Chapter 1
Computer and Network Security
Concepts

© 2017 Pearson Education, Ltd., All rights reserved.


Cryptographic algorithms and
protocols can be grouped into four
main areas:
Symmetric encryption

• Used to conceal the contents of blocks or streams of data of


any size, including messages, files, encryption keys, and
passwords
Asymmetric encryption

• Used to conceal small blocks of data, such as encryption


keys and hash function values, which are used in digital
signatures
Data integrity algorithms

• Used to protect blocks of data, such as messages, from


alteration
Authentication protocols

• Schemes based on the use of cryptographic algorithms


designed to authenticate the identity of entities

© 2017 Pearson Education, Ltd., All rights reserved.


The field of network and
Internet security consists of:

measures to deter,
prevent, detect,
and correct security
violations that
involve the
transmission of
information
© 2017 Pearson Education, Ltd., All rights reserved.
Computer Security
The NIST Computer Security Handbook
defines the term computer security as:

“the protection afforded to an


automated information system in order
to attain the applicable objectives of
preserving the integrity, availability and
confidentiality of information system
resources” (includes hardware,
software, firmware, information/ data,
and telecommunications)
© 2017 Pearson Education, Ltd., All rights reserved.
Computer Security
Objectives
Confidentiality
• Data confidentiality
• Assures that private or confidential information is not made available
or disclosed to unauthorized individuals
• Privacy
• Assures that individuals control or influence what information related
to them may be collected and stored and by whom and to whom that
information may be disclosed

Integrity
• Data integrity
• Assures that information and programs are changed only in a
specified and authorized manner
• System integrity
• Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system
Availability
• Assures that systems work promptly and service is not denied
to authorized users
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Breach of Security
Levels of Impact
• The loss could be expected to have a severe
or catastrophic adverse effect on
organizational operations, organizational
High assets, or individuals

• The loss could be expected to have

Moderat a serious adverse effect on


organizational operations,
organizational assets, or individuals
e
• The loss could be expected
to have a limited adverse
effect on organizational

Low operations, organizational


assets, or individuals

© 2017 Pearson Education, Ltd., All rights reserved.


Computer Security
Challenges
• Security is not simple • Security mechanisms
typically involve more than
• Potential attacks on the a particular algorithm or
security features need to protocol
be considered
• Security is essentially a
• Procedures used to battle of wits between a
provide particular services perpetrator and the
are often counter-intuitive designer

• It is necessary to decide • Little benefit from security


where to use the various investment is perceived
security mechanisms until a security failure
occurs
• Requires constant
• Strong security is often
monitoring
viewed as an impediment
• Is too often an to efficient and user-friendly
afterthought
© 2017 Pearson Education, Ltd., All rights reserved.
operation
OSI Security
Architecture
• Security attack
• Any action that compromises the security of information
owned by an organization

• Security mechanism
• A process (or a device incorporating such a process) that
is designed to detect, prevent, or recover from a security
attack

• Security service
• A processing or communication service that enhances
the security of the data processing systems and the
information transfers of an organization
• Intended to counter security attacks, and they make use
of one or more security mechanisms to provide the
service
© 2017 Pearson Education, Ltd., All rights reserved.
Table 1.1
Threats and Attacks (RFC
4949)

© 2017 Pearson Education, Ltd., All rights reserved.


Security
Attacks
•A means of classifying
security attacks, used
both in X.800 and RFC
4949, is in terms of
passive attacks and active
attacks

•A passive attack
attempts to learn or make
use of information from
the system but does not
affect system resources

•An active attack attempts


to alter system resources
or affect their operation
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Passive
Attacks

• Are in the nature of


eavesdropping on, or
monitoring of,
transmissions
• Two types of passive
• Goal of the opponent attacks are:
is to obtain information
that is being • The release of
transmitted message contents
• Traffic analysis

© 2017 Pearson Education, Ltd., All rights reserved.


Active Attacks
• Involve some modification
of the data stream or the
creation of a false stream
Masqu •Takes place when one entity
pretends to be a different entity
•Usually includes one of the
erade other forms of active attack

• Difficult to prevent because


of the wide variety of
potential physical, Repla •Involves the passive capture of
a data unit and its subsequent
software, and network retransmission to produce an

vulnerabilities y unauthorized effect

• Goal is to detect attacks Modificati •Some portion of a legitimate


and to recover from any message is altered, or messages
on of are delayed or reordered to
disruption or delays caused
messages produce an unauthorized effect
by them

Denial of •Prevents or inhibits the


normal use or management
service of communications facilities

© 2017 Pearson Education, Ltd., All rights reserved.


Security Services

• Defined by X.800 as:


• A service provided by a protocol layer of
communicating open systems and that
ensures adequate security of the systems or
of data transfers

• Defined by RFC 4949 as:


• A processing or communication service
provided by a system to give a specific kind
of protection to system resources
© 2017 Pearson Education, Ltd., All rights reserved.
Table 1.2

Security
Services
(X.800)

(This table is found on


page 12 in textbook)
© 2017 Pearson Education, Ltd., All rights reserved.
Authentication
• Concerned with assuring that a communication is
authentic
• In the case of a single message, assures the
recipient that the message is from the source that
it claims to be from
• In the case of ongoing interaction, assures the two
entities are authentic and that the connection is
not interfered with in such a way that a third party
can masquerade as one of the two legitimate
parties
Two specific authentication
services are defined in
X.800:
•Peer entity authentication
© 2017 Pearson Education, Ltd., All rights reserved.
Access Control

• The ability to limit and control the


access to host systems and
applications via communications links

• To achieve this, each entity trying to


gain access must first be indentified,
or authenticated, so that access rights
can be tailored to the individual

© 2017 Pearson Education, Ltd., All rights reserved.


Data Confidentiality
• The protection of transmitted data from passive
attacks
• Broadest service protects all user data transmitted
between two users over a period of time
• Narrower forms of service includes the protection
of a single message or even specific fields within a
message

• The protection of traffic flow from analysis


• This requires that an attacker not be able to
observe the source and destination, frequency,
length, or other characteristics of the traffic on a
communications facility
© 2017 Pearson Education, Ltd., All rights reserved.
Data Integrity

C
A
a
c
n
o
n
n
e
a
c
ti
p
o
n
pl
e
s
sl
y
ni
t
e
gt
orit
y
s
a
e
vr
i
s
c
e
,tr
o
e
n
e
a
m
h t
a
dt
o
e
alf
s
m
w
eit
h
si
s
n
d
ai
v
gi
d
e
u
a
sl
m
e,
s
a
s
a
g
e
s
w i
it
n
h
o
g
u
t
erl
e
g
ar
d
m t
e
o
s
a
n
s
y
al
a
gr
g
e
cr,
o
ot
n
er
x
st,
g
e
n
el
r
el
a
c
y
pt
r
e
o
v
di
d
e
s
f
pri
o
et
e
cl
ti
d
o
n
s
a
g
a
w
n i
sit
t
h
m
e
si
s
n
a
g
e
a
m
o
d
if
m i
c
e
a
ti
s
o
n
s
o
a
n
l
g
y
e

© 2017 Pearson Education, Ltd., All rights reserved.


Nonrepudiation
• Prevents either sender or receiver from
denying a transmitted message

• When a message is sent, the receiver


can prove that the alleged sender in
fact sent the message
• When a message is received, the
sender can prove that the alleged
receiver in fact received the message

© 2017 Pearson Education, Ltd., All rights reserved.


Availability Service

• Protects a system to ensure its


availability

• This service addresses the security


concerns raised by denial-of-service
attacks

• It depends on proper management and


control of system resources and thus
depends on access control service and
other security services
© 2017 Pearson Education, Ltd., All rights reserved.
Security Mechanisms
(X.800)
Specific Security Mechanisms
• Encipherment
Pervasive Security Mechanisms
• Digital signatures
• Trusted functionality
• Access controls
• Security labels
• Data integrity
• Event detection
• Authentication exchange
• Security audit trails
• Traffic padding
• Security recovery
• Routing control
• Notarization

© 2017 Pearson Education, Ltd., All rights reserved.


Table 1.3

Security
Mechanisms
(X.800)

(This table is found on


pages 14-15 in
textbook)
© 2017 Pearson Education, Ltd., All rights reserved.
Fundamental
Security Design
Principles
• Economy of • Least common
mechanism mechanism
• Fail-safe defaults • Psychological
acceptability
• Complete
• Isolation
meditation
• Open design • Encapsulation
• Separation of • Modularity
privilege • Layering
• Least privilege • Least astonishment

© 2017 Pearson Education, Ltd., All rights reserved.


Fundamental Security Design
Principles
Economy of
mechanism Fail-safe defaults
• Means that the design of • Means that access decisions
security measures embodied should be based on permission
in both hardware and software rather than exclusion
should be as simple and small
as possible • The default situation is lack of
access, and the protection
• Relatively simple, small scheme identifies conditions
design is easier to test and under which access is
verify thoroughly permitted

• With a complex design, there • Most file access systems and


are many more opportunities virtually all protected services
for an adversary to discover on client/server use fail-safe
subtle weaknesses to exploit defaults
that may be difficult to spot
ahead of time
© 2017 Pearson Education, Ltd., All rights reserved.
Fundamental Security Design
Principles
Complete
mediation Open design
• Means that every access must
be checked against the access • Means that the design of a
control mechanism security mechanism should be
open rather than secret
• Systems should not rely on
access decisions retrieved
from a cache • Although encryption keys
must be secret, encryption
• To fully implement this, every algorithms should be open to
time a user reads a field or public scrutiny
record in a file, or a data item
in a database, the system
• Is the philosophy behind the
must exercise access control
NIST program of standardizing
• This resource-intensive encryption and hash
approach is rarely used algorithms

© 2017 Pearson Education, Ltd., All rights reserved.


Fundamental Security
Design Principles
Separation of
privilege Least privilege
• Defined as a practice in • Means that every process and
which multiple privilege every user of the system
attributes are required to should operate using the
achieve access to a least set of privileges
necessary to perform the task
restricted resource
• An example of the use of this
• Multifactor user principle is role-based access
authentication is an control; the system security
example which requires policy can identify and define
the use of multiple the various roles of users or
techniques, such as a processes and each role is
password and a smart assigned only those
card, to authorize a user permissions needed to
perform its functions

© 2017 Pearson Education, Ltd., All rights reserved.


Fundamental Security
Design Principles
Least common Psychological
mechanism acceptability
• Means that the design • Implies that the security
should minimize the mechanisms should not interfere
functions shared by unduly with the work of users,
different users, providing while at the same time meeting
mutual security the needs of those who authorize
access
• This principle helps reduce • Where possible, security
the number of unintended mechanisms should be
communication paths and transparent to the users of the
reduces the amount of system or, at most, introduce
hardware and software on minimal obstruction
which all users depend, thus
• In addition to not being intrusive
making it easier to verify if or burdensome, security
there are any undesirable procedures must reflect the
security implications user’s mental model of
© 2017 Pearson Education, Ltd., All rights reserved. protection
Fundamental Security
Design Principles
Isolation Encapsulation
• Applies in three contexts: • Can be viewed as a specific
• Public access systems form of isolation based on
should be isolated from object-oriented functionality
critical resources to
• Protection is provided by
prevent disclosure or
encapsulating a collection of
tampering
procedures and data objects
• Processes and files of in a domain of its own so
individual users should be that the internal structure of
isolated from one another a data object is accessible
except where it is explicitly only to the procedures of
desired the protected subsystem,
• Security mechanisms and the procedures may be
should be isolated in the called only at designated
sense of preventing access domain entry points
to those mechanisms
© 2017 Pearson Education, Ltd., All rights reserved.
Fundamental Security
Design Principles
Modularity Layering
• Refers both to the • Refers to the use of
multiple, overlapping
development of
protection approaches
security functions as addressing the people,
separate, protected technology, and
modules and to the operational aspects of
information systems
use of a modular
architecture for • The failure or
mechanism design circumvention of any
and implementation individual protection
approach will not leave the
system unprotected

© 2017 Pearson Education, Ltd., All rights reserved.


Fundamental Security
Design Principles
Least
astonishment
• Means that a program or user interface
should always respond in the way that is
least likely to astonish the user

• The mechanism for authorization should be


transparent enough to a user that the user
has a good intuitive understanding of how
the security goals map to the provided
security mechanism

© 2017 Pearson Education, Ltd., All rights reserved.


Attack Surfaces
• An attack surface consists of the reachable and
exploitable vulnerabilities in a system
• Examples:
• Open ports on outward facing Web and other servers,
and code listening on those ports
• Services available on the inside of a firewall
• Code that processes incoming data, email, XML,
office documents, and industry-specific custom data
exchange formats
• Interfaces, SQL, and Web forms
• An employee with access to sensitive information
vulnerable to a social engineering attack

© 2017 Pearson Education, Ltd., All rights reserved.


Attack Surface Categories
• Network attack surface
• Refers to vulnerabilities over an enterprise
network, wide-area network, or the Internet

• Software attack surface


• Refers to vulnerabilities in application,
utility, or operating system code

• Human attack surface


• Refers to vulnerabilities created by
personnel or outsiders
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Attack Tree
• A branching, hierarchical data structure that
represents a set of potential techniques for
exploiting security vulnerabilities
• The security incident that is the goal of the attack
is represented as the root node of the tree, and the
ways that an attacker could reach that goal are
represented as branches and subnodes of the tree
• The final nodes on the paths outward from the root,
(leaf nodes), represent different ways to initiate an
attack
• The motivation for the use of attack trees is to
effectively exploit the information available on
attack
© 2017 Pearson Education, Ltd.,patterns
All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Model for Network
Security

© 2017 Pearson Education, Ltd., All rights reserved.


Network Access
Security Model

© 2017 Pearson Education, Ltd., All rights reserved.


Unwanted Access
• Placement in a computer system of logic
that exploits vulnerabilities in the system
and that can affect application programs as
well as utility programs such as editors and
compilers
• Programs can present two kinds of threats:
• Information access threats
• Intercept or modify data on behalf of users who
should not have access to that data
• Service threats
• Exploit service flaws in computers to
inhibit use by legitimate users
© 2017 Pearson Education, Ltd., All rights reserved.
Standards
National Institute of Standards and Technology

• NIST is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government use and to the
promotion of U.S. private-sector innovation
• Despite its national scope, NIST Federal Information Processing Standards (FIPS) and Special Publications (SP) have a worldwide impact

Internet Society
• ISOC is a professional membership society with world-wide organizational and individual membership
• Provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible
for Internet infrastructure standards

ITU-T
• The International Telecommunication Union (ITU) is an international organization within the United Nations System in which governments and the private sector coordinate global
telecom networks and services
• The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors of the ITU and whose mission is the development of technical standards covering all fields of
telecommunications

ISO

• The International Organization for Standardization is a world-wide federation of national standards bodies from more than 140 countries
• ISO is a nongovernmental organization that promotes the development of standardization and related activities with a view to facilitating the
international exchange of goods and services and to developing cooperation in the spheres of intellectual, scientific, technological, and economic activity
© 2017 Pearson Education, Ltd., All rights reserved.
Summary
• Computer security • Security services
concepts • Authentication
• Definition • Access control
• Examples • Data confidentiality
• Challenges • Data integrity
• Nonrepudiation
• The OSI security
• Availability service
architecture
• Security mechanisms
• Security attacks
• Passive attacks • Fundamental security
• Active attacks design principles

• Attack surfaces and • Network security


attack trees model
© 2017 Pearson Education, Ltd., All rights reserved.

You might also like