1. Data Security and Encryption (CSE348) 1

2. Lecture # 2 2

3. Review Course outline Topic roadmap Standards organizations Security concepts 3

4. Computer Security Protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) 4

5. Key Security Concepts 5

6. CIA Triad 6 These three concepts form what is often referred to as the CIA triad Figure above. The three concepts embody the fundamental security objectives for both data and for information and computing services. FIPS PUB 199 provides a useful characterization of these three objectives in terms of requirements and the definition of a loss of security in each category.

7. CIA Triad 7 Confidentiality (covers both data confidentiality and privacy): preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information.

8. CIA Triad 8 Integrity (covers both data and system integrity): Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information.

9. CIA Triad 9 Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system. Although the use of the CIA triad to define security objectives is well established, some in the security field feel that additional concepts are needed to present a complete picture. Two of the most commonly mentioned are:

10. CIA Triad 10 Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.

11. CIA Triad 11 Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.

12. Levels of Impact can define 3 levels of impact from a security breach – Low – Moderate – High 12

13. Levels of Impact Low: The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might causes effect. 13

14. Levels of Impact degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; result in minor damage to organizational assets; result in minor financial loss; or result in minor harm to individuals. 14

15. Levels of Impact Moderate: The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss might cause effect. 15

16. Levels of Impact a significant degradation in mission capability and effectiveness of the functions is significantly reduced; result in significant damage to oganizational assets; result in significant financial loss; or result in significant harm to individuals that does not involve loss of life or serious, life- threatening injuries. 16

17. Levels of Impact High: The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss might cause effect. 17

18. Levels of Impact a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; result in major damage to organizational assets; result in major financial loss; or result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries. 18

19. Examples of Security Requirements confidentiality – student grades integrity – patient information availability – authentication service 19

20. Examples of Security Requirements confidentiality – student grades integrity – patient information availability – authentication service 20

21. Confidentiality Example Student grade information is an asset whose confidentiality is considered to be highly important by students. Grade information should only be available to students, their parents, and employees that require the information to do their job. Student enrollment information may have a moderate confidentiality rating. 21

22. Confidentiality Example While still covered by FERPA, this information is seen by more people on a daily basis, is less likely to be targeted than grade information, and results in less damage if disclosed. Directory information, such as lists of students or faculty or departmental lists, may be assigned a low confidentiality rating. Freely available to the public and published on a school's Web site. 22

23. Integrity Example Consider a hospital patient's allergy information stored in a database. The doctor should be able to trust that the information is correct and current. Now suppose that an employee (e.g., a nurse) who is authorized to view and update this information deliberately falsifies the data to cause harm to the hospital. 23

24. Integrity Example The database needs to be restored to a trusted basis quickly, and it should be possible to trace the error back to the person responsible. Patient allergy information is an example of an asset with a high requirement for integrity. Inaccurate information could result in serious harm or death to a patient and expose the hospital to massive liability. 24

25. Availability Example The more critical a component or service, the higher is the level of availability required. Consider a system that provides authentication services An interruption of service results in the inability for customers to access computing resources. loss of service translates into a large financial loss productivity and potential customer loss. 25

26. Computer Security Challenges 1. not simple 2. must consider potential attacks 3. procedures used counter-intuitive 4. involve algorithms and secret info 5. must decide where to deploy mechanisms 6. battle of wits between attacker / admin 7. not perceived on benefit until fails 8. requires regular monitoring 9. too often an after-thought 10. regarded as impediment to using system 26

27. Aspects of Security consider 3 aspects of information security: – security attack – security mechanism – security service note terms – threat – a potential for violation of security – attack – an assault on system security, a deliberate attempt to evade security services 27

28. Aspects of Security Security attack: Any action that compromises the security of information owned by an organization. 28

29. Aspects of Security Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. 29

30. Aspects of Security Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. 30

31. Passive Attacks 31

32. Passive Attacks 32 A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources. Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted.

33. Passive Attacks 33 Two types of passive attacks are: + release of message contents + traffic analysis - monitor traffic flow to determine location and identity of communicating hosts and could observe the frequency and length of messages being exchanged

34. Active Attacks 34

35. Active Attacks 35 Active attacks involve some modification of the data stream or the creation of a false stream can be subdivided into four categories: masquerade of one entity as some other replay previous messages modify/alter (part of) messages in transit to produce an unauthorized effect denial of service - prevents or inhibits the normal use or management of communications facilities

36. Active Attacks 36 Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. Quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption/or delays caused by them.

37. Security Service – enhance security of data processing systems and information transfers of an organization – intended to counter security attacks – using one or more security mechanisms – often replicates functions normally associated with physical documents which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed 37

38. Security Services X.800: “a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers” RFC 2828: “a processing or communication service provided by a system to give a specific kind of protection to system resources” 38

39. Security Services (X.800) Authentication - assurance that communicating entity is the one claimed – have both peer-entity & data origin authentication Access Control - prevention of the unauthorized use of a resource Data Confidentiality –protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Availability – resource accessible/usable 39

40. Security Mechanism feature designed to detect, prevent, or recover from a security attack no single mechanism that will support all services required however one particular element underlies many of the security mechanisms in use: – cryptographic techniques hence our focus on this topic 40

41. Security Mechanisms (X.800) specific security mechanisms: – encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization pervasive security mechanisms: – trusted functionality, security labels, event detection, security audit trails, security recovery 41

42. Model for Network Security 42

43. Model for Network Security using this model requires us to: 1.design a suitable algorithm for the security transformation 2.generate the secret information (keys) used by the algorithm 3.develop methods to distribute and share the secret information 4.specify a protocol enabling the principals to use the transformation and secret information for a security service 43

44. Model for Network Access Security 44

45. Model for Network Access Security using this model requires us to: 1.select appropriate gatekeeper functions to identify users 2.implement security controls to ensure only authorised users access designated information or resources 45

46. Chapter 2 – Classical Encryption Techniques "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and sixty separate ciphers," said Holmes.. —The Adventure of the Dancing Men, Sir Arthur Conan Doyle 46

47. Symmetric Encryption or conventional / private-key / single-key sender and recipient share a common key all classical encryption algorithms are private- key was only type prior to invention of public-key in 1970’s and by far most widely used 47

48. Some Basic Terminology plaintext - original message ciphertext - coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key cryptology - field of both cryptography and cryptanalysis 48

49. Symmetric Cipher Model 49

50. Symmetric Cipher Model Ingredients of the symmetric cipher model plaintext - original message encryption algorithm – performs substitutions/transformations on plaintext secret key – control exact substitutions/transformations used in encryption algorithm ciphertext - scrambled message decryption algorithm – inverse of encryption algorithm 50

51. Requirements two requirements for secure use of symmetric encryption: – a strong encryption algorithm – a secret key known only to sender / receiver mathematically have: Y = E(K, X) X = D(K, Y) assume encryption algorithm is known implies a secure channel to distribute key 51

52. Cryptography can characterize cryptographic system by: – type of encryption operations used Substitution ( each element in the plaintext bits, letter is mapped into another element) Transposition ( elements in the plaintext are rearranged ) Product ( involve multiple stages of substitutions and transpositions ) – number of keys used single-key or private two-key or public – way in which plaintext is processed block stream 52

53. Cryptanalysis objective to recover key not just message general approaches: – cryptanalytic attack – brute-force attack if either succeed all key use compromised 53

54. Cryptanalytic Attacks  ciphertext only only know algorithm & ciphertext, is statistical, know or can identify plaintext  known plaintext know/suspect plaintext & ciphertext  chosen plaintext select plaintext and obtain ciphertext  chosen ciphertext select ciphertext and obtain plaintext  chosen text select plaintext or ciphertext to en/decrypt 54

55. More Definitions  unconditional security no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext  computational security given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken 55

56. Summary Security concepts: – confidentiality, integrity, availability Security attacks, services, mechanisms Models for network (access) security Classical Encryption Techniques Symmetric Cipher Model 56