Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Tanachat Arayachutinan

Published byTanachart Arayachutinan Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Security Tanachat Arayachutinan"— Presentation transcript:

1 Information Security Tanachat Arayachutinan 3820181023

2 Outline 01 02 03 04 Background and Introduction Types of Cybersecurity Attacks Physical security Logical security

3 Introduction - The Internet has given firms access to customers and other business partners. - It also given criminals access to corporations and individuals. - In recent years, we can say that the number of cyber attacks has grown rapidly

4 Introduction (cont.)

5 What is Data Security? The protection of information and its critical elements Protecting data from unauthorized access and data corruption through out its lifecycle. Using various methods to make sure that data is kept confidential and safe as well as preventing the loss or corruption of data.

6 Security Goals Three widely accepted elements or areas of focus - Confidentiality - Integrity - Availability

7 Security Goals - Confidentiality Confidentiality is the ability to hide information from those people unauthorized to view it -people cannot read sensitive information

8 Security Goals - Integrity Integrity is about information stored in a database being consistent and un-modified. -Ensures that it is edited by only authorized persons

9 Security Goals - Availability Availability is important to ensure that the information concerned is readily accessible to the authorized viewer at all times. -Data and information systems are available when required.

10 Types of Cyber security Attacks

11 Type of Attack Malicious code: includes execution of viruses, worms, Trojan horses, and active Web scripts with which to destroy or steal information

12 Type of Attack Back door: gaining access to system or network using known discovered access mechanism Password crack: attempting to reverse calculate a password Brute force: trying every possible combination of options of a password

13 Type of Attack Denial-of-service (DoS): attacker sends large number of requests to a target. May result in system crash or inability to perform ordinary functions Distributed denial-of-service (DDoS): coordinated stream of requests is launched against target from many locations simultaneously

14 Prevent of Threats At a minimum, an organization’s security policy should cover the following: Physical security Personal security Operations security Communications security Network security Information security (Logical Security)

15 Physical security

16 Physical security - definition Physical security addresses design, implementation, and maintenance to protect physical resources of an organization This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.

17 Physical security - definition Purpose of Physical Security Deter - intruders Delay - intrusion Detect - activities Assess - situation Respond - situation

18 Controls for Protecting the Secure Facility Walls, fencing, and gates GuardsDogs Locks and keys Electronic monitoring Alarms and alarm systems Mantraps

19 Controls for Protecting the Secure Facility Mission impossible We must consider more security option to protect data

20 Logical Security

21 Logical Security “The use of mechanisms or software used to protect information against unauthorized access”

22 Logical Security Cryptography Handshaking Firewall Intrusion detection system Anti Virus software Access levels of data (read, write and execute)

23 Cryptography - definition cryptography refers to secure information and communication techniques derived from mathema tical concepts and algorithm

24 Cryptography - definition Plaintext = ordinary readable text E.g. “hello”, ”0885939693”, ”meet at 5” Encryption = using algorithm to protect data Ciphertext = data which has been transformed to hide information content E.g. ”XVYY UVZ“

25 Types of Cryptographic Functions - Secret key functions - Public key functions - Hash functions

26 Secret key functions plaintext ciphertextplaintext ciphertext decryption encryption key Using a single key for encryption/decryption. The plaintext and the ciphertext having the same size. Also called symmetric key cryptography

27 Secret key functions - Caesar cipher The Caesar cipher is one of the earliest known and simplest ciphers. It is a type of substitute cipher in which each letter in the plaintext is 'shifted’ to a certain number of places down the alphabet.

28 Secret key functions - Caesar cipher Encryption Decryption

29 Secret key functions - Caesar cipher Encryption & Decryption shifted a certain number of places down the alphabet.

30 Secret key functions - Caesar cipher Key = N (14) Ciphertext = NGGN P Plain text = A T T A C K X A - Z = 0 - 25

31 Secret key functions - Caesar cipher It could be easily decrypted if you know the key Easy to decrypt by trying every possible alphabet from A-Z (1-26)

32 Secret key functions - Vigenère cipher A method of encrypting alphabetic text by using a series of interwoven Caesar ciphers, based on the letters of a keyword. It is a form of polyalphabetic substitution. Improve Caesar ciphers with longer set of key

33 Secret key functions - Vigenère cipher Encryption Decryption

34 Secret key functions - Vigenère cipher Plaintext = CALCUL Key = MATHSM Ciphertext = O A E J M X

35 Secret key functions Well known Symmetric algorithm - Data Encryption Standard DES Brute-forced - Triple Data Encryption Standard DES Unbreakable - Blowfish Unbreakable - Advance Encryption Standard (AES) Unbreakable

36 Secret key Public key functions Public key functions The encryption key is public, and it is different from the decryption key which is kept secret (private)encryption keydecryption key The decryption key is known only to authorized parties. It’s also call asymmetric encrypted.

37 Secret key Public key functions RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used for secure data transmission -Handshaking process -Client and Server authentication process

38 Secret key Public key functions

39 Secret key Public key functions - RSA STEP 1 p = initial value, q = initial value, n = p x q,  (n) = (p-1)(q-1) p = 41, q = 61, n = 2501  (n) = 2400

40 Secret key Public key functions - RSA STEP 2 Choose d such that *(gcd) = greatest common divisor and compute By choosing d = 2087 we get e = 23

41 Secret key Public key functions - RSA STEP 2 Public key (n, e) = (2501,23) Private key (n, d) = (2501,2087)

42 Secret key Public key functions - RSA Public key (n, e) = (2501,23)

43 Secret key Public key functions - RSA STEP 4 Message = “ H E L L O” One common conversion process uses the ASCII alphabet:

44 Secret key Public key functions - RSA STEP 4 Message = “ H E L L O” W = 072 069 076 076 079

45 Secret key Public key functions - RSA Public key (n, e) = (2501,23)

46 Secret key Public key functions - RSA Public key (n, e) = (2501,23)

47 Secret key Public key functions - RSA Public key (n, e) = (2501,23) Private key (n, d) = (2501,2087)

48 Secret key Public key functions - RSA STEP 5 Decryption Message = 072 069 076 076 079 Public key (n, e) = (2501,23) Private key (n, d) = (2501,2087) Message = “H E L L O”

49 public key (n, e) = (2501,23) Private key (n,d) = (2501,2087) Message = H E L L O Cipher = 599,024,1733,1733,519 Message = H E L L O

50 Hash Function -A hash function is any function that can be used to map data functiondata -The size of output is fixed -always maps the same input to the same output. -one-way property it is easy to generate a code given a message, but virtually impossible to generate a message given a code.

51 Hash Function Integrity check – Hash file/message - Error Detection - Prevent forgery, modification Authentication - Signature: hash data to shorten (for efficiency) then encrypt with public key algorithm

52 Real world application of cryptography Secret key functions / Symmetric functions - Open SSL - RAR, WinZip, UltraISO - WhatsApp

53 Real world application of cryptography Secret key functions / Symmetric functions - Open SSL - RAR, WinZip, UltraISO - WhatsApp

54 Real world application of cryptography Public key functions - Windows certification (RSA) - Digital key exchange

55 Real world application of cryptography Hash function - Authentication NOT SECURE

56 Real world application of cryptography Hash function - Authentication Tomorrow1996 MD5 3ab78ee9c03c1a12d1c35a216c06a1ae

57 Real world application of cryptography Hash function - Authentication SECURE

58

59 Hash function - Authentication

60 Conclusion In recent years, we can say that the number of cyber attacks has grown rapidly Data must be protecting all the time Physical security is as important as logical security Cryptography can protect data confidential and integrity

61 Reference Randall J. Boyle, “Corporate Computer Security Third Edition” 2013 Dorothy E. Denning “Cryptography and Data Security” 2011 Berkeley College “Data Security Policy” 2018

62 Thanks!

Download ppt "Information Security Tanachat Arayachutinan"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Cryptographic Technologies

Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Computer and Network Security Risanuri Hidayat, Ir., M.Sc.

Computer and Network Security Risanuri Hidayat, Ir., M.Sc.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.

Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: 102088 March 10, 2001.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.

Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.

Similar presentations

Ads by Google