Download presentation
Presentation is loading. Please wait.
1
Chapter 10 Boundary Controls
2
Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into codes
4
Transposition Ciphers Simple transposition rule is to swap the position of characters in consecutive pairs. For example: Peace is our objective is coded as Epca Esio Ruo Jbceitev
5
Substitution Ciphers Simple rule: hide identity of characters by replacing them with another character according to some rule For example: Letters:ABCDEFGHIJKLMNOP Code:IDEOGRAPHYBCFJKL GOOD DOG will be AKKO OKA
6
Product Cipher Product Cipher: Combination of substitution and transposition Better than both and resistant to cryptanalysis The remaining discussion assumes product cipher
7
Choosing a Cipher System Cipher System has two components –(1) an encipherment method or algorithm that constitutes the basic cryptographic technique –(2) a cryptographic key upon which the algorithm operates in conjunction with cleartext to produce ciphertext
8
5 Desirable Properties of a Cipher System (1) High work factor (difficult to break) (2) Small key (can be changed frequently) (3) Simplicity (too complex = too costly) (4) Low error propagation (if chained encryption is used) (5) Little expansion of message size (avoid stats pkg to identify patterns of letters)
10
Private Key vs. Public Key Parties should share the same key at both ends. This make it difficult for business applications, thought it might be good for military purposes. Private key is slow So, we need Public Key Cryptosystems –Different keys to encrypt and decrypt
12
Key Management Key generation Key distribution Key installation
13
Key Generation 3 Questions when performing the key- generation function: –(1) What keys must be generated? (key for PIN is different from key for other part of transaction ) –(2) How should these keys be generated? (a complete random process) –(3) How long must the keys be? (trade off between risk and overhead, 90-bit key is good)
14
Key Distribution Different place than where was generated Physically carry the key or part of it
15
Key Installation Setting switches Turning dials Keypad to a temp storage Use of special command to link all and make it a workable key No wire tap between keypad and cryptographic facility
16
Access Controls Restrict use of computer system resources to authorized users Limit actions authorized users can take with these resources Ensure the users obtain only authentic computer system resources Are part of Op Sys or special software
19
Identification & Authentication Users can provide 3 classes of authentication information: –Remembered information (name, account) –Possessed objects (Badge, card) –Personal characteristics (finger print)
20
Object Resources Resources users seek to employ in a computer-based information system can be classified into 4 types: –Hardware –Software –Commodities –Data
23
What is a good password? Make one now See page 381
24
Action Privilages Read –Direct read –Statistical read Add –Insert –Append Modify
25
Access Control Policies Two Types: (1) Discretionary -users can choose to share files with other users if they wish (2) Mandatory -both users and resources are assigned fixed security attributes
29
Implementing Access Control Mechanism Open vs. Closed Environment –OPEN: users have all access unless authorization data specifies otherwise –CLOSED: users cannot access resources unless they have been assigned the necessary action privileges
31
Approaches to Authorization Two alternatives: (1) a “ticket-oriented” approach (2) a “list-oriented” approach
32
PIN Generation & Advantages Derived PIN –PIN need not be stored Random PIN –PIN not tied to an account number Customer-selected PIN –PIN is easy to remember
33
PIN Issuance & Delivery Mail Solicitation Telephone Solicitation PIN entry via a secure terminal PIN entry at the issuer’s facility
34
PIN Validation Local PIN Validation –online or offline modes Interchange PIN Validation –transmission –processing –storage –change
35
Plastic Cards Application for the Card Preparation of the Card –embossing name, account number, exp date Issue of the Card –ensure cards arrives safely to user Use of the Card –controls seek to ensure that users safeguard their cards
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.