Information Security Tanachat Arayachutinan

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Computer and Network Security Risanuri Hidayat, Ir., M.Sc.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Intro to Cryptography Lesson Introduction
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Network Security Celia Li Computer Science and Engineering York University.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Security Protecting information data confidentiality
Security Issues in Information Technology
The Secure Sockets Layer (SSL) Protocol
Securing Information Systems
Computer Security Revision Week
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Security Using Armstrong Numbers and Authentication using Colors
Basics of Cryptography
Security Outline Encryption Algorithms Authentication Protocols
Crypto in information security
USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY
Cryptography Why Cryptography Symmetric Encryption
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
Secure Sockets Layer (SSL)
Cryptographic Hash Function
Security.
Chapter 8 Network Security.
Cryptography and Security Technologies
Encryption
Cryptography.
PART VII Security.
Introduction to Symmetric-key and Public-key Cryptography
Security.
Chapter 8 Information Security.
The Secure Sockets Layer (SSL) Protocol
Faculty of Science IT Department By Raz Dara MA.
Security.
Lecture 10: Network Security.
ONLINE SECURE DATA SERVICE
DISSERTATION ON CRYPTOGRAPHY.
Computer Security By: Muhammed Anwar.
Basic of Modern Cryptography
Operating System Concepts
Module 4 System and Application Security
Network Security Mark Creighton GBA 576 6/4/2019.
Instructor Materials Chapter 5: Ensuring Integrity
10/7/2019 Created by Omeed Mustafa 1 st Semester M.Sc (Computer Science department) Cyber-Security.
Presentation transcript:

Information Security Tanachat Arayachutinan

Outline Background and Introduction Types of Cybersecurity Attacks Physical security Logical security

Introduction - The Internet has given firms access to customers and other business partners. - It also given criminals access to corporations and individuals. - In recent years, we can say that the number of cyber attacks has grown rapidly

Introduction (cont.)

What is Data Security? The protection of information and its critical elements Protecting data from unauthorized access and data corruption through out its lifecycle. Using various methods to make sure that data is kept confidential and safe as well as preventing the loss or corruption of data.

Security Goals Three widely accepted elements or areas of focus - Confidentiality - Integrity - Availability

Security Goals - Confidentiality Confidentiality is the ability to hide information from those people unauthorized to view it -people cannot read sensitive information

Security Goals - Integrity Integrity is about information stored in a database being consistent and un-modified. -Ensures that it is edited by only authorized persons

Security Goals - Availability Availability is important to ensure that the information concerned is readily accessible to the authorized viewer at all times. -Data and information systems are available when required.

Types of Cyber security Attacks

Type of Attack Malicious code: includes execution of viruses, worms, Trojan horses, and active Web scripts with which to destroy or steal information

Type of Attack Back door: gaining access to system or network using known discovered access mechanism Password crack: attempting to reverse calculate a password Brute force: trying every possible combination of options of a password

Type of Attack Denial-of-service (DoS): attacker sends large number of requests to a target. May result in system crash or inability to perform ordinary functions Distributed denial-of-service (DDoS): coordinated stream of requests is launched against target from many locations simultaneously

Prevent of Threats At a minimum, an organization’s security policy should cover the following: Physical security Personal security Operations security Communications security Network security Information security (Logical Security)

Physical security

Physical security - definition Physical security addresses design, implementation, and maintenance to protect physical resources of an organization This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.

Physical security - definition Purpose of Physical Security Deter - intruders Delay - intrusion Detect - activities Assess - situation Respond - situation

Controls for Protecting the Secure Facility Walls, fencing, and gates GuardsDogs Locks and keys Electronic monitoring Alarms and alarm systems Mantraps

Controls for Protecting the Secure Facility Mission impossible We must consider more security option to protect data

Logical Security

Logical Security “The use of mechanisms or software used to protect information against unauthorized access”

Logical Security Cryptography Handshaking Firewall Intrusion detection system Anti Virus software Access levels of data (read, write and execute)

Cryptography - definition cryptography refers to secure information and communication techniques derived from mathema tical concepts and algorithm

Cryptography - definition Plaintext = ordinary readable text E.g. “hello”, ” ”, ”meet at 5” Encryption = using algorithm to protect data Ciphertext = data which has been transformed to hide information content E.g. ”XVYY UVZ“

Types of Cryptographic Functions - Secret key functions - Public key functions - Hash functions

Secret key functions plaintext ciphertextplaintext ciphertext decryption encryption key Using a single key for encryption/decryption. The plaintext and the ciphertext having the same size. Also called symmetric key cryptography

Secret key functions - Caesar cipher The Caesar cipher is one of the earliest known and simplest ciphers. It is a type of substitute cipher in which each letter in the plaintext is 'shifted’ to a certain number of places down the alphabet.

Secret key functions - Caesar cipher Encryption Decryption

Secret key functions - Caesar cipher Encryption & Decryption shifted a certain number of places down the alphabet.

Secret key functions - Caesar cipher Key = N (14) Ciphertext = NGGN P Plain text = A T T A C K X A - Z =

Secret key functions - Caesar cipher It could be easily decrypted if you know the key Easy to decrypt by trying every possible alphabet from A-Z (1-26)

Secret key functions - Vigenère cipher A method of encrypting alphabetic text by using a series of interwoven Caesar ciphers, based on the letters of a keyword. It is a form of polyalphabetic substitution. Improve Caesar ciphers with longer set of key

Secret key functions - Vigenère cipher Encryption Decryption

Secret key functions - Vigenère cipher Plaintext = CALCUL Key = MATHSM Ciphertext = O A E J M X

Secret key functions Well known Symmetric algorithm - Data Encryption Standard DES Brute-forced - Triple Data Encryption Standard DES Unbreakable - Blowfish Unbreakable - Advance Encryption Standard (AES) Unbreakable

Secret key Public key functions Public key functions The encryption key is public, and it is different from the decryption key which is kept secret (private)encryption keydecryption key The decryption key is known only to authorized parties. It’s also call asymmetric encrypted.

Secret key Public key functions RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used for secure data transmission -Handshaking process -Client and Server authentication process

Secret key Public key functions

Secret key Public key functions - RSA STEP 1 p = initial value, q = initial value, n = p x q,  (n) = (p-1)(q-1) p = 41, q = 61, n = 2501  (n) = 2400

Secret key Public key functions - RSA STEP 2 Choose d such that *(gcd) = greatest common divisor and compute By choosing d = 2087 we get e = 23

Secret key Public key functions - RSA STEP 2 Public key (n, e) = (2501,23) Private key (n, d) = (2501,2087)

Secret key Public key functions - RSA Public key (n, e) = (2501,23)

Secret key Public key functions - RSA STEP 4 Message = “ H E L L O” One common conversion process uses the ASCII alphabet:

Secret key Public key functions - RSA STEP 4 Message = “ H E L L O” W =

Secret key Public key functions - RSA Public key (n, e) = (2501,23)

Secret key Public key functions - RSA Public key (n, e) = (2501,23)

Secret key Public key functions - RSA Public key (n, e) = (2501,23) Private key (n, d) = (2501,2087)

Secret key Public key functions - RSA STEP 5 Decryption Message = Public key (n, e) = (2501,23) Private key (n, d) = (2501,2087) Message = “H E L L O”

public key (n, e) = (2501,23) Private key (n,d) = (2501,2087) Message = H E L L O Cipher = 599,024,1733,1733,519 Message = H E L L O

Hash Function -A hash function is any function that can be used to map data functiondata -The size of output is fixed -always maps the same input to the same output. -one-way property it is easy to generate a code given a message, but virtually impossible to generate a message given a code.

Hash Function Integrity check – Hash file/message - Error Detection - Prevent forgery, modification Authentication - Signature: hash data to shorten (for efficiency) then encrypt with public key algorithm

Real world application of cryptography Secret key functions / Symmetric functions - Open SSL - RAR, WinZip, UltraISO - WhatsApp

Real world application of cryptography Secret key functions / Symmetric functions - Open SSL - RAR, WinZip, UltraISO - WhatsApp

Real world application of cryptography Public key functions - Windows certification (RSA) - Digital key exchange

Real world application of cryptography Hash function - Authentication NOT SECURE

Real world application of cryptography Hash function - Authentication Tomorrow1996 MD5 3ab78ee9c03c1a12d1c35a216c06a1ae

Real world application of cryptography Hash function - Authentication SECURE

Hash function - Authentication

Conclusion In recent years, we can say that the number of cyber attacks has grown rapidly Data must be protecting all the time Physical security is as important as logical security Cryptography can protect data confidential and integrity

Reference Randall J. Boyle, “Corporate Computer Security Third Edition” 2013 Dorothy E. Denning “Cryptography and Data Security” 2011 Berkeley College “Data Security Policy” 2018

Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.