1 / 57

Data & Network Security

Data & Network Security. Mrs. Iqra Shahid Lecturer Department of Computer Science iqrasatar@gmail.com. Instructor. MS Computer Science from UOL (Sargodha Campus). BS Computer Science from UET Lahore. Have 3 research papers published. Pre-coding Techniques (OFDMA)

glenncampbell
Download Presentation

Data & Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data & Network Security Mrs. Iqra Shahid Lecturer Department of Computer Science iqrasatar@gmail.com

  2. Instructor • MS Computer Science from UOL (Sargodha Campus). • BS Computer Science from UET Lahore. • Have 3 research papers published. • Pre-coding Techniques (OFDMA) • Distributed Denial of Service (Network Security) • Multi-Level Queue and Real time Scheduling (Operating System)

  3. Students Introduction

  4. Introduction to Course

  5. Teaching Procedure • Lectures • Discussion • Assignments • Surprise Quizzes • Midterm • Presentation • Final Exam

  6. Marks Distribution • Class Participation 05% • Assignments 05% • Surprise Quizzes 10% • Midterm 30% • Presentation 10% • Final Exam 40%

  7. Prerequisites • Data Communication & Networks • Computer Networks

  8. Textbook • Cryptography and Network Security, William Stallings, 5th Edition, Pearson Education, 2011 • Cryptography & Network Security, Behrouz A. Frouzen • Security in Computing, Charles P. Pfleeger, Fourth Edition, Pearson Education, 2011. • Online readings

  9. Objectives of the lecture • To define Security • To define three security goals • To define security attacks that threaten security goals • To define security services and how they are related to the three security goals • To define security mechanisms to provide security services • To introduce two techniques, cryptography an steganography, to implement security mechanisms.

  10. Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War, Sun Tzu

  11. Background • Information Security requirements have changed in recent times. • Traditionally provided by physical and administrative mechanisms. • Computer use requires automated tools to protect files and other stored information. • Use of networks and communications links requires measures to protect data during transmission.

  12. Computer Security • The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).[NIST 1995]

  13. Definitions • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers. • Network Security - measures to protect data during their transmission. • Internet Security - measures to protect data during their transmission over a collection of interconnected networks.

  14. Aim of Course • Our focus is on Data & Network Security • Which consists of measures to prevent, detect, deter and correct security violations that involve the transmission & storage of information.

  15. Security Trends

  16. Security Goals • This section defines three security goals. • Confidentiality • Integrity • Availability

  17. Confidentiality • Confidentiality is probably the most common aspect of information security. • We need to protect our confidential information. • An organization needs to guard against those malicious actions that endanger the confidentiality of its information.

  18. Integrity • Information needs to be changed constantly. • Integrity means that changes need to be done only by authorized entities and through authorized mechanisms.

  19. Availability • The information created and stored by an organization needs to be available to authorized entities. • Information needs to be constantly changed, which means it must be accessible to authorized entities.

  20. Examples of Security Requirements • Confidentiality – student grades • integrity – patient information • Availability – authentication service

  21. Levels Of Impact • 3 levels of impact from a security breach • Low • Moderate • High

  22. OSI Security Architecture • ITU-T X.800 “Security Architecture for OSI” • Defines a systematic way of defining and providing security requirements. • For us it provides a useful, if abstract, overview of concepts we will study.

  23. Aspects of Security • Consider 3 aspects of information security: • Security Attack • Security Mechanism • Security Service

  24. Security Attack • Any action that compromises the security of information owned by an organization. • Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems. • Often threat & attack used to mean same thing.

  25. Security Attack • The three goals of security - confidentiality, integrity, and availability can be threatened by security attacks. • Attacks Threatening Confidentiality • AttacksThreateningIntegrity • Attacks Threatening Availability • Passive versus Active Attacks

  26. Taxonomy of Attacks

  27. Attacks Threading Confidentiality Snooping refers to unauthorized access to or interception of data. Traffic analysis refers to obtaining some other type of information by monitoring online traffic.

  28. AttacksThreateningIntegrity Modificationmeans that the attacker intercepts the message and changes it. Masquerading or spoofing happens when the attacker impersonates somebody else. Replaying means the attacker obtains a copy of a message sent by a user and later tries to replay it. Repudiation means that sender of the message might later deny that she has sent the message; the receiver of the message might later deny that he has received the message.

  29. Attacks Threatening Availability Denial of service (DoS) is a very common attack. It may slow down or totally interrupt the service of a system.

  30. Passive Attacks(i) Release of Message Contents

  31. Passive Attacks(ii) Traffic Analysis

  32. Passive Attacks (Cont…) • Passive attacks do not affect system resources • Eavesdropping, monitoring • Two types of passive attacks • Release of message contents • Traffic analysis • Passive attacks are very difficult to detect • Message transmission apparently normal • No alteration of the data • Emphasis on prevention rather than detection • By means of encryption

  33. Active Attacks (i) Masquerade

  34. Active Attacks(ii) Replay

  35. Active Attacks (iii) Modification of Messages

  36. Active Attacks (iv) Denial of Service

  37. Active Attacks (Cont…) • Active attacks try to alter system resources or affect their operation • Modification of data, or creation of false data • Four categories • Masquerade • Replay • Modification of messages • Denial of service: preventing normal use • A specific target or entire network • Difficult to prevent • The goal is to detect and recover

  38. Passive versus Active Attacks

  39. Security Service & Mechanisms • ITU-T provides some security services and some mechanisms to implement those services. Security services and mechanisms are closely related because … • Mechanism or combination of mechanisms are used to provide a service… • Security Services • Security Mechanism • Relation between Services and Mechanisms

  40. Security Service • Enhance security of data processing systems and information transfers of an organization. • Intended to counter security attacks. • Using one or more security mechanisms. • Systematically evaluate and define security requirements.

  41. Security Services • X.800: A service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. • RFC 2828: A processing or communication service provided by a system to give a specific kind of protection to system resources.

  42. Security Services (X.800)

  43. Security Services (X.800) • Authentication - Assurance that the communicating entity is the one claimed. • Access Control - Prevention of the unauthorized use of a resource. • Data Confidentiality – Protection of data from unauthorized disclosure. • Data Integrity - Assurance that data received is as sent by an authorized entity. • Non-Repudiation - Protection against denial by one of the parties in a communication. Sender cannot deny sending of a message that they originated.

  44. Security Mechanism • Feature designed to detect, prevent, or recover from a security attack. • No single mechanism that will support all services required. • However one particular element underlies many of the security mechanisms in use: • Cryptographic techniques

  45. Security Mechanisms (X.800) • Specific security mechanisms: • OSI security services performed on different protocol layer. • Encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization. • Pervasive security mechanisms: • The mechanisms that are not specific to the protocol layer particular. • Trusted functionality, security labels, event detection, security audit trails, security recovery.

  46. Security Mechanisms (X.800)

  47. Specific Security Mechanisms • Encipherment is the use of algorithms mathematics to transform to the data into a form that can not be understood. • Digital Signature is a cryptographic transformation of a data unit that is used to validate the authenticity and integrity of a message. Hashing algorithm is used. • Access Control is a mechanism that ensures access to a resource by a user who have rights. • Data integrity is a mechanism that used to ensure the integrity of a data unit or stream of data units.

  48. Cont…. • Authentication Exchange is a mechanism which aims to ensure the identity of entity for purposes of the exchange of information. • Traffic padding is added to the data bits stream analysis attempts to confuse traffic. • Routing Control receives the selection of a safe route to certain data and allow changes routing especially when security breaches made it known. • Notarization is the use of third party reliably during the process of data exchange.

  49. Relationship between Services & Mechanisms

  50. Security Techniques • Mechanisms discussed in the previous sections are only theoretical recipes to implement security. The actual implementation of security goals needs some techniques. • Two techniques are prevalent today: • Cryptography • Steganography

More Related