Module 1

Computer security
The generic term for the collection of tools designed

to protect data and to prevent hackers is known as

Computer Security.

It includes :

 information security

 Network security

 Internet security
Bob message Alice
Bob message Alice

Attacker or
intruder
Threat Attack
 A potential for  An assault on system
violation of security security
 A possible danger that  An intelligent act or
might exploit a deliberate attempt to
vulnerability. evade security
 Eg : no password services and security
security policy.
 Eg: a hacker
destroying files.
 OSI Security Architecture
 OpenSource Interconnection (OSI)
is an international standard for
computer network communications.

 defines a systematic way of defining and

providing security requirements.
 OSI Security Architecture
Focus on 3 aspects of information security:

1. security attack – an action that compromises security

2. security mechanism – a process to detect,prevent & recover

3. security service – a service that implements security policies

1. Security Attacks
Security attacks

Passive attack Active attack

Masquerade

Release of message Traffic analysis

content Replay

Modification

Denial of Service
Passive Attack – Release of messages
Passive Attack: Traffic Analysis
Active Attack: masquerade
Active Attack: Replay
Active Attack: Modification
Active Attack: DoS – Denial of Service
Handling Attacks

Passive attacks – focus on Prevention

Easy to stop
Hard to detect
Activeattacks – focus on Detection and
Recovery
Hard to stop
Easy to detect
2. Security mechanisms
Security mechanism

Specific Pervasive

Digital Trusted
Encipherment Security label
signature functionality

Access Event
Data integrity Security audit
control detection

Authenticatio Traffic Security

n exchange padding recovery

Routing
notarization
control
 Specific security mechanisms
1. Encipherment – Use mathematical algorithm to encrypt data

2. Digital signature – add some extra data to prove the source

3. Access control – to enforce access right to resources

4. Data integrity - to assure the integrity of data received

5. Authentication exchange – to ensure the identity of sender and receiver

6. Traffic padding – to insert some bits into gaps to frustrate traffic analysis

7. Routing control – to select secure routes for data transmission

8. Notarization - to use a trusted third party to assure proper data exchange

 Encipherment
 Reversible  Irreversible
 An algorithm that A hash algorithm
allows data to be and message
encrypted and authentication
decrypted. codes for
encryption only.
 Eg:a confidential
message send from  Eg : a digital
Bob to Alice. signature sent with
the message.
3. Security Services

1. Authentication

2. Access Control
3. Data Confidentiality
4. Data Integrity
5. NonRepudiation

6. Availability
1. Authentication

The assurance that the communicating

entity is the one that it claims to be.

 Peer Entity Authentication

 Provideconfidence in the identity of the entities
connected.

 Data Origin Authentication

 Provides assurance that the source of the received
data is as claimed.
2. Access Control

The prevention of unauthorized use of

resources.
This service can control who can access to a
resource.
3. Data Confidentiality

The protection of data from unauthorized

disclosure.
 Connection confidentiality
 Connectionless confidentiality
 Selective- field confidentiality
 Traffic- flow confidentiality
4. Data Integrity

The assurance that the data received are

exactly as sent by an authorized entity.
 Connection integrity with recovery
 Connection integrity without recovery
 Selective- field connection integrity
 Connectionless integrity
 Selective- field connectionless integrity
5. Nonrepudiation

Prevents either sender or receiver

from denying a transmitted message.

 Nonrepudiation, Origin
 Proof that the message was sent by the specified party

 Nonrepudiation, Destination
 Proof that the message was received by the specified party
6. Availability Service

Protects a system to ensure its availability.

Provides protection against denial of service.
Model for Network security
 Model for Network security
 Explanation :
A message is to be transferred from one party to another.
A logical information channel is established by defining a route
by the use of communication protocols (TCP/IP).
All the techniques for providing security have two components:
1. A security related TRANSFORMATION of the information to be sent
 Eg: encryption of the message

2. Some SECRET information shared by both parties, unknown to the

attacker.
 Eg: encryption key for scrambling and unscrambling the message
 Model for Network security
Which are the 4 basic tasks in designing
a security service ?
1) Design an algorithm

2) Generate the secret information (key)

3)Develop methods for distribution

4)Specify a protocol
Classical Encryption
Techniques
Classical Symmetric Encryption
Techniques
 Substitution techniques
 Caesar cipher
 Mono alphabetic cipher
 Play fair cipher
 Poly alphabetic ciphers
 Vigenere cipher
 Hill cipher
 One-time Pad

 Transposition techniques
 Rail fence technique