U & P U.

Patel Department of Computer Engineering

Chapter 1 Introduction

Prepared by:
Dr. Sneha Padhiar
Assistant Professor,
U & P U. Patel Department of
Computer Engineering

12/09/2024 1
 • In daily life we use information for various purposes and use network for communication and
exchange information between different parties.
• In many cases these information are sensitive so we need to take care that only authorized
party can get that information.
• For maintaining such privacy we require some mechanism or physical device which ensures that
it is safe.
• Such mechanism or physical devices are known as security system.

12/09/2024 2
 • Computer Security:
The protection afforded to an automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and confidentiality of information system
resources.
or
Generic name for the collection of tools designed to protect data and to thrwart hackers.

12/09/2024 3
 • Data Security:
Data security is the science and study of methods of protecting data from unauthorized disclosure
and modification.

12/09/2024 4
12/09/2024 5
 • Confidentiality is probably the most common aspect of information security. We need to
protect our confidential information. An organization needs to guard against those malicious
actions that endanger the confidentiality of its information.

• Integrity Information needs to be changed constantly. Integrity means that changes need to be
done only by authorized entities and through authorized mechanisms.

• Availability The information created and stored by an organization needs to be available to

authorized entities. Information needs to be constantly changed, which means it must be
accessible to authorized entities.

12/09/2024 6
 Confidentiality: It covers two concepts

• Data Confidentiality: Assures that private or confidential information is not made available or
disclosed to unauthorized individuals.
• Privacy: Assures that individuals control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed.

Availability: Assures that systems work promptly and service is not denied to authorize user.

12/09/2024 7
 Integrity: It covers two concepts

• Data Integrity: Assures that information and programs are changed only in a specified and
authorize manner.
• System Integrity: Assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the system.

12/09/2024 8
 • Authentication
Authentication is the process of determining whether someone or something is, in fact, who or
what it is declared to be.

• Access control
It is the ability to limit and control the access to host systems and applications via communication
links.
This service controls who can have access to a resource.

12/09/2024 9
 Nonrepudiation
• Nonrepudiation prevents either sender or receiver from denying a transmitted message.
• When a message is sent, the receiver can prove that the alleged sender in fact sent the message
• When a message is received, the sender can prove that the alleged receiver in fact received the
message.

12/09/2024 10
 • Threat:
• A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and cause harm. That is, a
threat is a possible danger that might exploit vulnerability.

12/09/2024 11
 ATTACKS

• Passive Attack
• Active Attack

12/09/2024 12
 PASSIVE ATTACK
• Release of message contents:
The release of message contents is easily
understood.

A telephone conversation, an electronic

mail message, and a transferred file may
contain sensitive or confidential
information.

12/09/2024 13
 o TRAFFIC ANALYSIS
o Suppose that we had a way of
masking the contents of
messages or other information.
o Even if they captured the
message, could not extract the
information from the message.
o The common technique for
masking contents is encryption.
o If we had encryption
protection in place, an
opponent might still be able
to observe the pattern of
these messages.

12/09/2024 14
ACTIVE ATTACK
• Attacker tries to alter transmitted data.
• Masquerade: A masquerade takes place when one entity pretends to be a different entity
(Figure a). A masquerade attack usually includes one of the other forms of active attack.
Replay: Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
Modification of messages:
o Modification of messages simply means that some portion of a legitimate message
is altered, or that messages are delayed or reordered, to produce an unauthorized
effect (Figure c).
o For example, a message meaning "Allow John Smith to read confidential file
accounts" is modified to mean "Allow Fred Brown to read confidential file
accounts."
Denial of service:
o The denial of service prevents or inhibits the normal
use or management of communications facilities.
o
This attack may have a specific target; for example, an
entity may suppress all messages directed to a
particular destination (e.g., the security audit service).
o Another form of service denial is the disruption of
an entire network, either by disabling the network
or by overloading it with messages so as to degrade
performance.
12/09/2024 19
Security services

• A security service is a processing or communicating service that can prevent or detect the
above- mentioned attacks. Various security services are:
• Authentication: the recipient should be able to identify the sender, and verify that the sender,
who claims to be the sender, actually did send the message.
• Data Confidentiality: An attacker should not be able to read the transmitted data or extract data
in case of encrypted data. In short, confidentiality is the protection of transmitted data from
passive attacks.
• Data Integrity: Make sure that the message received was exactly the message the sender sent.
• Nonrepudiation: The sender should not be able to deny sending the should not be able to deny
receiving the message.
Security Mechanisms (X.800)
specific security mechanisms
• May be incorporated into the appropriate protocol layer in order to provide some of the OSI
security services.
• Encipherment
The use of mathematical algorithms to transform data into a form that is not readily intelligible.

• Digital Signature
Data appended to, or a cryptographic transformation of , a data unit that allows a recipient of the
data unit to prove the source and integrity of the data unit and protect against forgery.
• Access control
A variety of mechanisms that enforce access rights to resources.

• Data Integrity
A variety of mechanisms used to ensure the integrity of a data unit or stream of data units.

• Authentication exchange
A mechanism indented to ensure the identity of an entity by means of information exchange.
• Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

• Notarization
The use of a trusted third party to assure certain Properties of a data exchange.
 pervasive security mechanisms
• Trusted functionality
That which is perceived to be correct with respect to some criteria.
• Event detection
Detection of security relevant events.
• Security label
The marking bound to resource that names or designates the security attributes of
that resource.
• Security recovery
Deals with requests from mechanisms, such as event handling and management
functions, and takes recovery actions.
 TECHNIQUES
 Cryptography
Cryptography, a word with Greek origins, means “secret writing.” However, we use the term to
refer to the science and art of transforming messages to make them secure and immune to
attacks.
• Steganography
The word steganography, with origin in Greek, means “covered writing,” in contrast with
cryptography, which means “secret writing.”
 Guess the message

Xdrqngikhgdcanyuvtio
Yfdugwgvbhdvyouhhibdjw
ipfgtcrackpiywfvthefgyhvhs
cghyppcode?yupiwhbjvgsjhj

12/09/2024 29
 Guess the message
H H O Y O
MSG1
E O W E U
L L A R X

MSG2 P E M R F
R C A E E
A I K P C
C T E S T

12/09/2024 30
 Which security Mechanism/Principles can be applied in following scenario? Give the specific
name of that security Mechanism/Principles.

 A Student breaks into a professor’s office to obtain a copy of the next day’s test.
 A student gives a check for $10 to buy a used book. Later she finds that the check was
cashed for $100.

 A school server disconnects a student if she is logged into the system for more than two
hours.

 A professor refuses to send students their grades by e-mail unless they provide student
identification they were preassigned by the professor.

12/09/2024 31