Information Security 1 Information Security: Lecture no 7 Jeffy Mwakalinga.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security
Public Key Management and X.509 Certificates
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
CSCI 6962: Server-side Design and Programming
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.
Secure Electronic Transaction (SET)
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Types of Electronic Infection
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall.
1 The Elements of Cryptography Chapter 7 Copyright 2003 Prentice-Hall.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Computer Communication & Networks
IS3230 Access Security Unit 9 PKI and Encryption
Lecture 4 - Cryptography
Presentation transcript:

Information Security 1 Information Security: Lecture no 7 Jeffy Mwakalinga

Information Security 2 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

Information Security 3 Information security is defined as methods and technologies as methods and technologies for deterrence (scaring away hackers), protection, detection, response, recovery and extended functionalities Introduction

Information Security 4 Why do we need Information Security m Importance of Information Security Protect data from theft Protect data from theft Prevent loss of productivity Prevent loss of productivity Curb theft of intellectual property Curb theft of intellectual property Ensure compliance with law and avoid legal consequences Ensure compliance with law and avoid legal consequences Privacy Privacy Protect personal identity theft Protect personal identity theft Counter cyberterrorism Counter cyberterrorism

Information Security 5 Why do we need Computer Security?

Information Security 6 Creating Good Passwords m Select a personally interesting topic such as favorite movie. m Develop a password frowm a phrase rather than a single phrase: Gone with the Wind -> GWTW m Encode the password m GWTW. (1)Replace W with 2u: GWTW ->G2uTW. (2) Replace W with 2U. (3) Replace 2 wiyj Spanish ”dos” -> G2uTdosU

Information Security 7 Viruses, Trojans and Worms m A virus is a program that infects another program by putting a copy of itself to the program. When the infected program runs the virus also runs. It attaches itself to files like message.zip, message.exe m A worm is an independent program that makes copies of itselft from one computer to another. The worm moves across networks on its own. m A trojan program takes its name from the Greek legend Trojan Horse. It is a program that hides itself inside another useful program and it performs operations that the user in unaware

Information Security 8 Privacy m Privacy is the right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude and their behavior to others. m Many transactions can link purchase to customers: paying by check, credit card, debit card; purchasing through mail order; buying products that be registered; m Threats to privacy: (1)Government – spying on her citizens (2) busisness –surveillance of employees;and use of business related information (3) private – data mining to sell customers information to the other parties

Information Security 9 Cookies: Found in Directory - C:\Documents and Settings\UserName\Cookies (Explorer) A cookie is a record containing seven fields of information that uniquely identifies a customer’s session on your computer m PREF m ID=40dbd a34:TM= :LM= :S=P4MUPnk7Wbs m ID=40dbd a34:TM= :LM= :S=P4MUPnk7Wbs m google.com/ Distributed by m 1536 m 1536 m m m m m m m m This particular cookie is built and distributed by Google.com. The first line is the name of the cookie, and the second line contains the cookie's value (which, in this case, is actually a set of name-value pairs separated by colons; this is Google.com-specific). The rest of the lines are attributes set by Google.com.

Information Security 10 Fields in the HTTPCookie m Name - The name of the cookie m ID Value -The individual value m Expires -The exact time of expiration. After this time, client browsers will stop sending this cookie when requested. m Path -The path under which this cookie is relevant. m Domain - The domain associated with this cookie. The default is the creation domain. m Secure (True/False ) Whether or not should be transmitted using SSL (that is, across the HTTPS port)

Information Security 11 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

Information Security 12 Security Services : Confidentiality To keep a message secret to those that are not authorized to read it Confidentiality Authentication Access Control Integrity Availability Availability Non-repudiation

Information Security 13 Security Services: Authentication Confidentiality Authentication Access Control Integrity Availability Non-repudiation To verify the identity of the user / computer

Information Security 14 Security Services: Access Control Confidentiality Authentication Access Control Integrity Availability Non-repudiation To be able to tell who can do what with which resource

Information Security 15 Security Services: Integrity Confidentiality Authentication Access Control Integrity Availability Non-repudiation To make sure that a message has not been changed while on Transfer, storage, etc

Information Security 16 Security Services: Non-repudiation Confidentiality Authentication Access Control Integrity Availability Non-repudiation To make sure that a user/server can’t deny later having participated in a transaction

Information Security 17 Security Services: Availability Confidentiality Authentication Access Control Integrity Availability Non-repudiation To make sure that the services are always available to users.

Information Security 18 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

Information Security 19 How do you Provide Confidentiality? Network Plaintext “Hello” Encryption Method & Key Ciphertext “ ” Encryption Key Ciphertext “ ” Plaintext “Hello” Decryption Method & Key Decryption Key Interceptor Party A Party B Note: Interceptor Cannot Read Ciphertext Without the Decryption Key ( )

Information Security 20 Key Length and Number of Possible Keys 1 Key Length in Bits , Number of Possible Keys 401,099,511,627, ,057,594,037,927, ,192,296,858,534,830,000,000,000,000,000,000

Information Security 21 Possible keys form a key of 8 bits 1 (first key) …

Information Security 22 Symmetric Key Encryption – One Key System Network Plaintext “Hello” Encryption Method & Key Ciphertext “ ” Symmetric Key Ciphertext “ ” Plaintext “Hello” Decryption Method & Key Same Symmetric Key Interceptor Party A Party B Note: A single key is used to encrypt and decrypt in both directions.

Information Security 23 Cleartext Ciphertext Cleartext Key DES DES Data Encryption Standard (DES)

Information Security 24 CleartextKey 1, 2, 3, , 2, 3, , 192,256 Ciphertext 1, 2, 3, K-1 K-2 K-Rounds Advanced Encryption Algorithm (AES) If key = 128 Rounds = 9 If key = 192 Rounds = 11 If key = 256 Rounds = 13

Information Security 25 Public Key System (Asymmetric system – two keys) Party A Party B Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Encrypt with Party B’s Public Key Decrypt with Party B’s Private Key Encrypted Message Encrypted Message

Information Security 26 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

Information Security 27 How do You Provide Integrity? Hashing (Message Digest) m Hashing is a one-way function. It cannot be reversed From the hash, you cannot compute the original message From the hash, you cannot compute the original message m Hashing is repeatable If two parties apply the same hashing method to the same bit string, they will get the same hash If two parties apply the same hashing method to the same bit string, they will get the same hash

Information Security 28 Some confidential text (message) in clear (readable) form Message Authentication Code ( MAC ) Integrity Security Service Integrity Security Service Hashing

Information Security 29 Integrity cont’d

Information Security 30 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

Information Security 31 How do you Provide Non-repudiation? Digital Signature (DS) To Create the Digital Signature: 1. Hash the plaintext to create a brief message digest; this is NOT the Digital Signature. 2. Sign (encrypt) the message Digest (MD) with the sender’s private key to create the digital signature. 3. Transmit the plaintext + digital signature, encrypted with symmetric key encryption. Plaintext MD DS Plaintext Hash Sign (Encrypt) with Sender’s Private Key

Information Security 32 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

Information Security 33 How do you Provide Access Control? m First Steps Enumeration of Resources Enumeration of Resources Sensitivity of Each Resource Sensitivity of Each Resource m Next, who Should Have Access? Can be made individual by individual Can be made individual by individual More efficient to define by roles (logged-in users, system administrators, project team members, etc.) More efficient to define by roles (logged-in users, system administrators, project team members, etc.)

Information Security 34 Access control Subject can do... Action... with which object under which conditions ? File B File B File A File A Read Copy Execute Formal approach to access control 44

Information Security 35 S1 S2 S3 S4 S5 S6 O1O2O3O4O5O6 r, w x, d l, c Access control matrix 45

Information Security 36 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

Information Security 37 How do you Provide Authentication? Identification Authentication... to identify the user (who he/she is)... to verify the identity, if the user really is who he/she claims to be - something who you are - something what you have -something what you know -where you are - terminal

Information Security 38 Types of Authentication m Simple authentication – using passwords, challenge-response, PINS m Strong authentication – using public key system, digital certificates m What are digital certificates? – it is an object that binds an identity of a person or machine to her public key and this object is used for electronic authentication before transactions in the open networks.

Information Security 39 Authentication- Biometrics Authentication- Biometrics m Biometrics Biometrics used for door locks, can also be used for access control to personal computers Biometrics used for door locks, can also be used for access control to personal computers Fingerprint scanners Fingerprint scanners Fingerprint scanner

Information Security 40 What are Digital Certificates? (X.509 Standard) FieldDescription Version Number Version number of the X.509. Most certificates follow Version 3. Different versions have different fields. This figure reflects the Version 3 standard. IssuerName of the Certificate Authority (CA). Serial Number Unique serial number for the certificate, set by the CA.

Information Security 41 Authentication: X.509 Digital Certificate Fields FieldDescription SubjectThe name of the person, organization, computer, or program to which the certificate has been issued. This is the true party. Public Key The public key of the subject—the public key of the true party. Public Key Algorithm The algorithm the subject uses to sign messages with digital signatures.

Information Security 42 Authentication: X.509 Digital Certificate Fields FieldDescription Valid Period The period before which and after which the certificate should not be used. Note: Certificate may be revoked before the end of this period. Digital Signature The digital signature of the certificate, signed by the CA with the CA’s own private key. Provides authentication and certificate integrity. User must know the CA’s public key independently.

Information Security 43 Digital Signature and Digital Certificate in Authentication Digital Certificate Authentication Public Key of True Party Signature to Be Tested with Public Key of True Party Digital Signature

Information Security 44 Public Key Infrastructure (PKI) with a Certificate Authority (CA) Create & Distribute (1)Private Key and (2) Digital Certificate 4. Certificate for Lee 3. Request Certificate for Lee 5. Certificate for Lee 6. Request Certificate Revocation List (CRL) 7. Copy of CRL Verifier (Brown) Applicant (Lee) Verifier (Cheng) Certificate Authority PKI Server

Information Security 45 Certificate Authority (CA) m CAs are not regulated in any country today Anyone can be a CA Anyone can be a CA Even an organized crime syndicate Even an organized crime syndicate Some, such as VeriSign, are widely trusted Some, such as VeriSign, are widely trusted m Companies can be their own CAs Assign keys and certificates to their internal computers Assign keys and certificates to their internal computers This gets around the need to trust public CAs This gets around the need to trust public CAs

Information Security 46 Public Key Distribution for Symmetric Session Keys Party A Party B 2. Encrypt Session Key with Party B’s Public Key 4. Decrypt Session Key with Party B’s Private Key 3. Send the Symmetric Session Key Encrypted for Confidentiality 5. Subsequent Encryption with Symmetric Session Key

Information Security 47 Summary m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.