Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security 1 Information Security: Lecture no 7 Jeffy Mwakalinga.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security 1 Information Security: Lecture no 7 Jeffy Mwakalinga."— Presentation transcript:

1 Information Security 1 Information Security: Lecture no 7 Jeffy Mwakalinga

2 Information Security 2 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

3 Information Security 3 Information security is defined as methods and technologies as methods and technologies for deterrence (scaring away hackers), protection, detection, response, recovery and extended functionalities Introduction

4 Information Security 4 Why do we need Information Security m Importance of Information Security Protect data from theft Protect data from theft Prevent loss of productivity Prevent loss of productivity Curb theft of intellectual property Curb theft of intellectual property Ensure compliance with law and avoid legal consequences Ensure compliance with law and avoid legal consequences Privacy Privacy Protect personal identity theft Protect personal identity theft Counter cyberterrorism Counter cyberterrorism

5 Information Security 5 Why do we need Computer Security?

6 Information Security 6 Creating Good Passwords m Select a personally interesting topic such as favorite movie. m Develop a password frowm a phrase rather than a single phrase: Gone with the Wind -> GWTW m Encode the password m GWTW. (1)Replace W with 2u: GWTW ->G2uTW. (2) Replace W with 2U. (3) Replace 2 wiyj Spanish ”dos” -> G2uTdosU

7 Information Security 7 Viruses, Trojans and Worms m A virus is a program that infects another program by putting a copy of itself to the program. When the infected program runs the virus also runs. It attaches itself to files like message.zip, message.exe m A worm is an independent program that makes copies of itselft from one computer to another. The worm moves across networks on its own. m A trojan program takes its name from the Greek legend Trojan Horse. It is a program that hides itself inside another useful program and it performs operations that the user in unaware

8 Information Security 8 Privacy m Privacy is the right of people to choose freely under what circumstances and to what extent they will reveal themselves, their attitude and their behavior to others. m Many transactions can link purchase to customers: paying by check, credit card, debit card; purchasing through mail order; buying products that be registered; m Threats to privacy: (1)Government – spying on her citizens (2) busisness –surveillance of employees;and use of business related information (3) private – data mining to sell customers information to the other parties

9 Information Security 9 Cookies: Found in Directory - C:\Documents and Settings\UserName\Cookies (Explorer) A cookie is a record containing seven fields of information that uniquely identifies a customer’s session on your computer m PREF m ID=40dbd37914242a34:TM=1013725751:LM=1013725751:S=P4MUPnk7Wbs m ID=40dbd37914242a34:TM=1013725751:LM=1013725751:S=P4MUPnk7Wbs m google.com/ Distributed by www.google.com m 1536 m 1536 m 2618878336 m 2618878336 m 32111634 m 32111634 m 48239568 m 48239568 m 29472167 m This particular cookie is built and distributed by Google.com. The first line is the name of the cookie, and the second line contains the cookie's value (which, in this case, is actually a set of name-value pairs separated by colons; this is Google.com-specific). The rest of the lines are attributes set by Google.com.

10 Information Security 10 Fields in the HTTPCookie m Name - The name of the cookie m ID Value -The individual value m Expires -The exact time of expiration. After this time, client browsers will stop sending this cookie when requested. m Path -The path under which this cookie is relevant. m Domain - The domain associated with this cookie. The default is the creation domain. m Secure (True/False ) Whether or not should be transmitted using SSL (that is, across the HTTPS port)

11 Information Security 11 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

12 Information Security 12 Security Services : Confidentiality To keep a message secret to those that are not authorized to read it Confidentiality Authentication Access Control Integrity Availability Availability Non-repudiation

13 Information Security 13 Security Services: Authentication Confidentiality Authentication Access Control Integrity Availability Non-repudiation To verify the identity of the user / computer

14 Information Security 14 Security Services: Access Control Confidentiality Authentication Access Control Integrity Availability Non-repudiation To be able to tell who can do what with which resource

15 Information Security 15 Security Services: Integrity Confidentiality Authentication Access Control Integrity Availability Non-repudiation To make sure that a message has not been changed while on Transfer, storage, etc

16 Information Security 16 Security Services: Non-repudiation Confidentiality Authentication Access Control Integrity Availability Non-repudiation To make sure that a user/server can’t deny later having participated in a transaction

17 Information Security 17 Security Services: Availability Confidentiality Authentication Access Control Integrity Availability Non-repudiation To make sure that the services are always available to users.

18 Information Security 18 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

19 Information Security 19 How do you Provide Confidentiality? Network Plaintext “Hello” Encryption Method & Key Ciphertext “11011101” Encryption Key Ciphertext “11011101” Plaintext “Hello” Decryption Method & Key Decryption Key Interceptor Party A Party B Note: Interceptor Cannot Read Ciphertext Without the Decryption Key (10110101)

20 Information Security 20 Key Length and Number of Possible Keys 1 Key Length in Bits 2 4 8 16 256 65,536 16 4 2 Number of Possible Keys 401,099,511,627,776 5672,057,594,037,927,900 1125,192,296,858,534,830,000,000,000,000,000,000

21 Information Security 21 Possible keys form a key of 8 bits 1 (first key)00000000 200000001 300000010 400000100 500001000 600010000 700100000 801000000 ….. 2828 11111111

22 Information Security 22 Symmetric Key Encryption – One Key System Network Plaintext “Hello” Encryption Method & Key Ciphertext “11011101” Symmetric Key Ciphertext “11011101” Plaintext “Hello” Decryption Method & Key Same Symmetric Key Interceptor Party A Party B Note: A single key is used to encrypt and decrypt in both directions.

23 Information Security 23 Cleartext Ciphertext Cleartext Key DES DES Data Encryption Standard (DES)

24 Information Security 24 CleartextKey 1, 2, 3,..................128 1, 2, 3,.......128, 192,256 Ciphertext 1, 2, 3,..................... 64 K-1 K-2 K-Rounds Advanced Encryption Algorithm (AES) If key = 128 Rounds = 9 If key = 192 Rounds = 11 If key = 256 Rounds = 13

25 Information Security 25 Public Key System (Asymmetric system – two keys) Party A Party B Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Encrypt with Party B’s Public Key Decrypt with Party B’s Private Key Encrypted Message Encrypted Message

26 Information Security 26 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

27 Information Security 27 How do You Provide Integrity? Hashing (Message Digest) m Hashing is a one-way function. It cannot be reversed From the hash, you cannot compute the original message From the hash, you cannot compute the original message m Hashing is repeatable If two parties apply the same hashing method to the same bit string, they will get the same hash If two parties apply the same hashing method to the same bit string, they will get the same hash

28 Information Security 28 Some confidential text (message) in clear (readable) form 1101 0011 1010 1001 1101 0011 1010 1001 Message Authentication Code ( MAC ) Integrity Security Service Integrity Security Service 1011100011001101010101010011101 0011 1010 1001 1011100011001101010101010011101 0011 1010 1001 Hashing

29 Information Security 29 Integrity cont’d

30 Information Security 30 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

31 Information Security 31 How do you Provide Non-repudiation? Digital Signature (DS) To Create the Digital Signature: 1. Hash the plaintext to create a brief message digest; this is NOT the Digital Signature. 2. Sign (encrypt) the message Digest (MD) with the sender’s private key to create the digital signature. 3. Transmit the plaintext + digital signature, encrypted with symmetric key encryption. Plaintext MD DS Plaintext Hash Sign (Encrypt) with Sender’s Private Key

32 Information Security 32 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

33 Information Security 33 How do you Provide Access Control? m First Steps Enumeration of Resources Enumeration of Resources Sensitivity of Each Resource Sensitivity of Each Resource m Next, who Should Have Access? Can be made individual by individual Can be made individual by individual More efficient to define by roles (logged-in users, system administrators, project team members, etc.) More efficient to define by roles (logged-in users, system administrators, project team members, etc.)

34 Information Security 34 Access control Subject can do... Action... with which object under which conditions ? File B File B File A File A Read Copy Execute Formal approach to access control 44

35 Information Security 35 S1 S2 S3 S4 S5 S6 O1O2O3O4O5O6 r, w x, d l, c Access control matrix 45

36 Information Security 36 Outline m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

37 Information Security 37 How do you Provide Authentication? Identification Authentication... to identify the user (who he/she is)... to verify the identity, if the user really is who he/she claims to be - something who you are - something what you have -something what you know -where you are - terminal

38 Information Security 38 Types of Authentication m Simple authentication – using passwords, challenge-response, PINS m Strong authentication – using public key system, digital certificates m What are digital certificates? – it is an object that binds an identity of a person or machine to her public key and this object is used for electronic authentication before transactions in the open networks.

39 Information Security 39 Authentication- Biometrics Authentication- Biometrics m Biometrics Biometrics used for door locks, can also be used for access control to personal computers Biometrics used for door locks, can also be used for access control to personal computers Fingerprint scanners Fingerprint scanners Fingerprint scanner

40 Information Security 40 What are Digital Certificates? (X.509 Standard) FieldDescription Version Number Version number of the X.509. Most certificates follow Version 3. Different versions have different fields. This figure reflects the Version 3 standard. IssuerName of the Certificate Authority (CA). Serial Number Unique serial number for the certificate, set by the CA.

41 Information Security 41 Authentication: X.509 Digital Certificate Fields FieldDescription SubjectThe name of the person, organization, computer, or program to which the certificate has been issued. This is the true party. Public Key The public key of the subject—the public key of the true party. Public Key Algorithm The algorithm the subject uses to sign messages with digital signatures.

42 Information Security 42 Authentication: X.509 Digital Certificate Fields FieldDescription Valid Period The period before which and after which the certificate should not be used. Note: Certificate may be revoked before the end of this period. Digital Signature The digital signature of the certificate, signed by the CA with the CA’s own private key. Provides authentication and certificate integrity. User must know the CA’s public key independently.

43 Information Security 43 Digital Signature and Digital Certificate in Authentication Digital Certificate Authentication Public Key of True Party Signature to Be Tested with Public Key of True Party Digital Signature

44 Information Security 44 Public Key Infrastructure (PKI) with a Certificate Authority (CA) Create & Distribute (1)Private Key and (2) Digital Certificate 4. Certificate for Lee 3. Request Certificate for Lee 5. Certificate for Lee 6. Request Certificate Revocation List (CRL) 7. Copy of CRL Verifier (Brown) Applicant (Lee) Verifier (Cheng) Certificate Authority PKI Server

45 Information Security 45 Certificate Authority (CA) m CAs are not regulated in any country today Anyone can be a CA Anyone can be a CA Even an organized crime syndicate Even an organized crime syndicate Some, such as VeriSign, are widely trusted Some, such as VeriSign, are widely trusted m Companies can be their own CAs Assign keys and certificates to their internal computers Assign keys and certificates to their internal computers This gets around the need to trust public CAs This gets around the need to trust public CAs

46 Information Security 46 Public Key Distribution for Symmetric Session Keys Party A Party B 2. Encrypt Session Key with Party B’s Public Key 4. Decrypt Session Key with Party B’s Private Key 3. Send the Symmetric Session Key Encrypted for Confidentiality 5. Subsequent Encryption with Symmetric Session Key

47 Information Security 47 Summary m Introduction m Security Services m How do you provide Confidentiality? m How do you Provide Integrity? m How do you Provide Non-repudiation? m How do you provide Access Control? m How do you Provide Authentication m Summary

Download ppt "Information Security 1 Information Security: Lecture no 7 Jeffy Mwakalinga."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Similar presentations

Ads by Google