Download presentation
Presentation is loading. Please wait.
Published byMervin Andrews Modified over 8 years ago
1
Invitation to Computer Science 5 th Edition Chapter 8 Information Security
2
Invitation to Computer Science, 5th Edition2 Objectives In this chapter, you will learn about: Threats and defenses Encryption Web transmission security
3
Introduction Information security –Keeping information secure Security –Can be breached at many different points in the “virtual machine” Invitation to Computer Science, 5th Edition33
4
Threats and Defenses Authentication –Verifies who has the right to gain access to the computer Hash function –Takes password the user originally chooses, chops it up, and stirs it around according to a given formula Social engineering –Process of using people to get the information you want Invitation to Computer Science, 5th Edition44
5
5 Authentication Basic physical security principles –Maintain control of your laptop –Be sure no one peers over your shoulder in your office or on the airplane –Lock your office door when you leave
6
Invitation to Computer Science, 5th Edition6 Authorization Governs what an authenticated user is allowed to do User privileges –Read access (can read a particular file) –Write access (can modify a particular file) –Execute access (can run a particular program file) –Delete access (can delete a particular file) System administrator –Has access to everything
7
Invitation to Computer Science, 5th Edition7 Threats from the Network Malware –Malicious software Virus –Computer program that infects a host computer and then spreads Worm –Can send copies of itself to other nodes on a computer network without having to be carried by an infected host file
8
Invitation to Computer Science, 5th Edition8 Threats from the Network (continued) Trojan horse –Computer program that, unbeknownst to the user, contains code that performs malicious attacks Denial-of-service (DOS) attack –Typically directed at a business or government Web site –Automatically directs browsers on many machines to a single URL at roughly the same time
9
Invitation to Computer Science, 5th Edition9 Encryption Cryptography –The science of “secret writing” Encryption and decryption –Inverse operations Symmetric encryption algorithm –Requires the use of a secret key known to both the sender and receiver Asymmetric encryption algorithm –Key for encryption and decryption are quite different, but related
10
Invitation to Computer Science, 5th Edition10 Simple Encryption Algorithms Caesar cipher (shift cipher) –Shifting each character in the message to another character some fixed distance farther along in the alphabet –Encodes one character at a time Block cipher –Group or block of plaintext letters gets encoded into a block of ciphertext
11
Invitation to Computer Science, 5th Edition11 Figure 8.1 Steps in Encoding and Decoding for a Block Cipher
12
Invitation to Computer Science, 5th Edition12 DES DES (Data Encryption Standard) –Encryption algorithm developed by IBM in the 1970s for the U.S. National Bureau of Standards –A block cipher that is 64 bits long DES algorithm –Every substitution, reduction, expansion, and permutation is determined by a well-known set of tables –The same algorithm serves as the decryption algorithm
13
Invitation to Computer Science, 5th Edition13 Figure 8.2 The XOR Gate
14
Invitation to Computer Science, 5th Edition14 Figure 8.3 The DES Encryption Algorithm
15
Invitation to Computer Science, 5th Edition15 DES (continued) Triple DES –Improves the security of DES –Requires two 56-bit keys –Runs the DES algorithm three times AES (Advanced Encryption Standard) –Adopted for use by the U.S. government in 2001 –Based on the Rijndael algorithm
16
Invitation to Computer Science, 5th Edition16 Public Key Systems RSA –Most common public key encryption algorithm –Based on results from the field of mathematics known as number theory Prime number –Integer greater than 1 that can only be written as the product of itself and 1
17
Invitation to Computer Science, 5th Edition17 Web Transmission Security SSL (Secure Sockets Layer) –Method for achieving secure transfer of information on the Web TLS (Transport Layer Security) protocol –First defined in 1999 –Based on SSL and is nearly identical to SSL –Nonproprietary –Supported by the Internet Engineering Task Force
18
Invitation to Computer Science, 5th Edition18 Figure 8.4 A TLS/SSL Session
19
Summary Information security –Keeping information secure Threats from the network –Malware, viruses, worms, denial-of-service attacks Encryption algorithms –Caesar cipher, block cipher RSA –Most common public key encryption algorithm Invitation to Computer Science, 5th Edition19
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.