Presentation is loading. Please wait.

Presentation is loading. Please wait.

CONTROLS & PROTECTION MECHANISMS Today’s Reference: Whitman & Mattord, Management of Information Security, 2 nd edition, 2008 Chapter 9.

Published byMoses Dyce Modified over 10 years ago

Similar presentations

Presentation on theme: "CONTROLS & PROTECTION MECHANISMS Today’s Reference: Whitman & Mattord, Management of Information Security, 2 nd edition, 2008 Chapter 9."— Presentation transcript:

1 CONTROLS & PROTECTION MECHANISMS Today’s Reference: Whitman & Mattord, Management of Information Security, 2 nd edition, 2008 Chapter 9

2 Overview Access controls Firewalls Intrusion Detection Systems (IDSs) Wireless Network Security Cryptography

3 Access Controls Authentication – controlling a person’s access to a system – Barrier (i.e. login sequence) versus ongoing (intrusion detection) – Something you know – Something you have – Something you are (and something you produce, e.g. voice) – Includes biometrics which authenticate a user against known personal features (fingerprints, iris patterns, voice, etc) – Something you do (user behaviour profiling) Authorisation – controlling a person’s access to features (software, data) within the system – Scoping each user’s permitted activities – Maybe individual or group-based – Can be specific to resources

4 Firewalls Generations – 1: packet filtering – 2: application-level – 3: stateful inspection – 4: dynamic packet filtering Architectures – Packet filtering routers – Screened-host firewalls – Dual-homed host firewalls – Screened-subnet firewalls

5 Intrusion Detection Systems Host-based – Alerts administrator when files or folders change – Monitor host only Network-based – Monitor network traffic – Alerts administrator when patterns of network traffic change Signature-based – Work like anti-virus software – Alerts administrator when ‘signature’ of attack is matched Statistical-anomaly-based – Establishes baseline of what is ‘normal’ traffic – Alerts administrator when pattern is abnormal Rule-based ‘never do this’ – includes honeypots

6 Wireless Network Security Wired Equivalent Privacy (WEP) – basic level of security – several fundamental cryptological flaws – average home or small only Wi-Fi Protected Access (WPA) – WPA is industry standard – increased capabilities for authentication, encryption, and throughput

7 Cryptography Symmetric encryption methods – Substitution, Transposition, XOR, Vernam Cipher, One-time pad, and many others – the same key—a secret key—is used to encrypt and decrypt the message – Mono-alphabetic & poly-alphabetic ciphers Asymmetric encryption – public key encryption (PKE) – uses two different keys. Either key can be used to encrypt or decrypt the message, but one must always be kept secret Digital signatures – PKE used in reverse to give non-repudiation Steganography – Hiding messages in graphics files

8 Encryption Cipher Decryption Cipher Encryption & Decryption Cipher Text Plain Text from Sender Plain Text to Recipient Secure Key Management

9 Symmetric Encryption Methods Substitution – One letter exchanged for another – Creates confusion – Mono-alphabetic or Poly-alphabetic Transposition – Re-arrangement of letters – Creates diffusion XOR – If 2 values are the same, you get “0” – If not, you get “1” – Process is reversible E.g. 1 0 1 0 0 0 1 0 1 1 1 1 0 0 0 1 __________________ 0 1 0 1 0 0 1 1

10 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Caesar plaintext is ROSTRUM ciphertext is URVWUXP A B C D E F G H I J K L M N O P Q R S T U V W X Y Z M N B V C X Z L K J H G F D S A P O I U Y T R E W Q Random Keyword A B C D E F G H I J K L M N O P Q R S T U V W X Y Z S E C U R I T Y A B D F G H J K L M N O P Q V W X Z Monoalphabetic cipher

11 Polyalphabetic Cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Alphabet No. 1 (offset by 3) Alphabet No. 2 (offset by 15) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z P Q R S T U V W X Y Z A B C D E F G H I J K L M N O 1 2 1 2 1 2 1 2 1 plaintext is GO FOR GOLD ciphertext is JD IDU VRAG

12 Transposition Ciphers For example, every 4th letter Modern transposition ciphers use a network or path diversity principle, so the diffusion is not just within-file but over the network via different paths becomes 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 THE RAIN IN SPAIN FALLS 4 1 2 3 4 1 2 3 MAINLY ON THE PLAIN TANIL AYHAH ISNLI OEIEN PFSNN PNRIA AMLTL

13 Vernam Cipher The perfect substitution cipher The original one-time pad Plaintext V E R N A M Numerics 21 4 17 13 0 12 Random 76 48 16 82 44 3 _________________ Sum 97 52 33 95 44 15 Mod 26 19 0 7 17 18 15 Ciphertext T A H R S P

14 Breaking Encryption (almost) All encryption is crackable… – Just need time and computing power Brute force may not work because - – Number of alphabet combinations is 26 x 25 x 24 x 23 x etc which equals 4 x 10 27 – 4 000 000 000 000 000 000 000 000 000 – If each alphabet takes 1 millionth of a sec (micro second) then all combinations would take 4 x 10 21 secs – 4 x 10 13 years !!!! EXCEPT… – The one-time pad is provably secure (if properly used) – but it is not easy to use properly

15 Public Key Encryption Known as Asymmetric encryption 2 keys, one public, one private, linked mathematically, one to encrypt & one to decrypt Uses large prime numbers “mathematically infeasible” to derive private key from public key Advantages – no need to tell anyone your private key – no need for key distribution – no need for a key for each pair of people Not used to encrypt messages, as it is generally slower than secret-key encryption Used to encrypt other keys (as in PGP) and to authenticate sender

16 Digital Signatures Reverses the role of private & public keys Effectively unique to the document – uses a cryptographically-robust hash function Unforgeable (without the sender’s private key) not re-usable (due to message- specific hash) document unalterable undeniable

17 What you Need to Know A basic level of detail about all of the security technologies in the previous slides.

Download ppt "CONTROLS & PROTECTION MECHANISMS Today’s Reference: Whitman & Mattord, Management of Information Security, 2 nd edition, 2008 Chapter 9."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
Cryptography Ch-1 prepared by: Diwan.

Cryptography Ch-1 prepared by: Diwan.
Cryptography encryption authentication digital signatures

Cryptography encryption authentication digital signatures
Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
Classical Encryption Techniques Week 6-wend. One-Time Pad if a truly random key as long as the message is used, the cipher will be secure called a One-Time.

Classical Encryption Techniques Week 6-wend. One-Time Pad if a truly random key as long as the message is used, the cipher will be secure called a One-Time.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Security – Keys, Digital Signatures and Certificates I

Security – Keys, Digital Signatures and Certificates I
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptology Terminology and Early History. Cryptology Terms Cryptology –The science of concealing the meaning of messages and the discovery of the meaning.

Cryptology Terminology and Early History. Cryptology Terms Cryptology –The science of concealing the meaning of messages and the discovery of the meaning.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.

CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Chapter 2 – Classical Encryption Techniques

Chapter 2 – Classical Encryption Techniques

Similar presentations

Ads by Google