Scribd
Upload
15 views28 pages

L5 Security and Protection Security Techniques

Uploaded by

Donna Jessica Agbayani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views28 pages

L5 Security and Protection Security Techniques

Uploaded by

Donna Jessica Agbayani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

Mary Grace D.

Matias
Computer Engineering Department
College of Engineering
• Define cipher and cryptography
• Differentiate among the various cipher types
• Decode basic ciphers
• Define authentication and it’s different types
• Explain the types of access control
• Explain the malware defense operation of OS
• the study of secure communications techniques that allow only the
sender and intended recipient of a message to view its contents.
• The term is derived from the Greek word kryptos, which means
hidden.
• process that encodes a message or file so that it can be only be read by
authorized people.
• uses an algorithm to scramble or encrypt data and then uses a key for the
receiving party to unscramble or decrypt the information.
• has two main types: (1) symmetric (2) asymmetric
• also called encryption algorithms
• systems for encrypting and decrypting data
• converts the original message, called plaintext, into ciphertext using a key to
determine how it is done.
• In symmetric encryption the
same key is used for encryption
and decryption.
• It is therefore critical that a
secure method is considered to
transfer the key between sender
and recipient.
• A different key is used for the
encryption and decryption
process.
• One of the keys is typically
known as the private key and the
other is known as the public key.
• The private key is kept secret by
the owner and the public key is
either shared amongst authorized
recipients or made available to
the public.
• one of the earliest known and simplest ciphers.
• substitution cipher in which each letter in the plaintext is shifted a certain
number of places down the alphabet.

A B CD EF G H I J K L M N O P Q R ST U V W X Y Z

Plaintext: secret Shift: 3 Ciphertext: vhfuhw


Plaintext: Heil Hitler Shift: 7 Ciphertext: Olps Opasly
Plaintext: Ariana Grande Shift: 2 Ciphertext: CTKCPC ITCPFG
• Also known as the Freemason’s Cipher
• Encrypt and decryption is done by laying out 4 grids. Two grids contain 9 spaces
like a tic-tac-toe board, and two grids resemble a large letter X and contain 4
spaces each.
• The sections are all uniquely identifiable by a combination of the shape of the
section and the presence, or absence, of a dot in it.
• Messages are encrypted by using the section identifier instead of the actual letter.
Ciphertext: Plaintext: security

Ciphertext: Plaintext: wala kang jowa


manifesting tres

trusttheprocess

Captain Levi
• a method of encrypting alphabetic text.
• It uses a simple form of polyalphabetic substitution.
• A polyalphabetic cipher is any cipher based on substitution, using multiple substitution
alphabets.
Plaintext: engineer

Key: tres

Keystream: trestres

Ciphertext: XEKAGVIJ
• process of verifying the identity of a person or device.
• lets the system know
o who you are
o that it is actually you accessing the system.
• All multiuser systems require that a user provide not only a name or
identifier (ID) but also a password.
• also called Single Factor/Primary Authentication.
• user-friendly but is relatively easy to infiltrate.
• The ID provides security by:
o Determining whether the user is authorized to access the system
o Determining the privileges accorded to the user
o Determining users for discretionary access control

• The password is used to authenticate the ID of the individual


logging on the system.
• use of hashed passwords and a salt value.
• the password and salt serve as inputs to produce a fixed-length hash
code.
• shown to be secure against a variety of cryptanalytic attacks.
• salt serves three purposes:
o Prevents duplicate passwords from being visible in the password file.
o Greatly increases the difficulty of offline dictionary attacks.
o Becomes nearly impossible to know if a person uses the same password on
different systems.
• objects that a user possesses for the purpose of user authentication

• Memory Cards
o can store but not process data
o example is a bank card with magnetic stripe at the back

• Smart Cards
o has an entire microprocessor
• authenticates an individual based on his/her unique physical characteristics.
o Facial characteristics
o Fingerprints
o Hand geometry
o Retinal pattern
o Iris
o Signature
o Voice
• can be generated exclusively for a login every time a user wants to enter the
system.
• cannot be used more than once.
• The system can ask for numbers that are pre arranged. This combination can be
changed each time a login is required.
• Dictates what types of access are permitted, under what circumstances and by
whom.

Discretionary Access Control


• Access is controlled based on the identity of the requestor and on access
rules stating what requestors are allowed to do.
• This entity might permit or enable another entity to access some resources.

Mandatory Access Control


• An entity may not enable another entity to access resources.
Role-based Access Control
• Access is controlled based on roles
that users have and on rules stating
what accesses are allowed to users in
given rules.
Antivirus Approaches

• Detection
- Once the infection has occurred, locate the virus.
• Identification
- Once the detection has been achieved, identify the specific virus that has infected the program.
• Removal
- Once the virus has been identified, remove all traces of the virus from the infected program and
restore it to its original state.
• integrates with the OS of a host computer and monitors program behavior in
real time for malicious actions.
• blocks potentially malicious actions before they have the chance to affect the
system.

You might also like