Chapter
Chapter
Chapter
1
2
Definitions
• Computer Security
– Generic name for the collection of tools
designed to protect data and to thwart
hackers
• Network Security
– Measures to protect data during their
transmission
• Internet Security (our focus!)
– Measures to protect data during their
transmission over a collection of
interconnected networks
3
3 Aspects of Info Security
• Security Attack
– Any action that compromises the security of
information.
• Security Mechanism
– A mechanism that is designed to detect, prevent, or
recover from a security attack.
• Security Service
– A service that enhances the security of data
processing systems and information transfers.
• Makes use of one or more security mechanisms.
4
Security Attacks
• Threat & attack
– Often used equivalently
• There are a wide range of attacks
– Two generic types of attacks
• Passive
• Active
5
Security Attack Classification
6
Security Attacks
• Interruption: This is an attack on
availability
• Interception: This is an attack on
confidentiality
• Modification: This is an attack on
integrity
• Fabrication: This is an attack on
authenticity
7
3 Primary Security Goals
9
Security Mechanism
• Features designed to detect, prevent, or
recover from a security attack
• No single mechanism that will support all
services required
• One particular element underlies many of
the security mechanisms in use:
– Cryptographic techniques
– Hence we will focus on this topic first
10
Security Mechanisms (X.800)
• Specific security mechanisms:
– Encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
11
Model for Network Security
12
Model for Network Security
Using this model requires us to:
1. design a suitable algorithm for the security
transformation (message de/encryption)
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information (keys)
4. specify a protocol enabling the principals to
use the transformation and secret information
for a security service (e.g. ssh)
13
Model for Network Access Security
14
Model for Network Access Security
Using this model requires us to implement:
1. Authentication
select appropriate gatekeeper functions to identify
users
2. Authorization
implement security controls to ensure only
authorized users access designated information or
resources
Trusted computer systems may be useful
to help implement this model
15
Methods of Defense
• Encryption
• Software Controls
– Limit access in a database or in operating systems
– Protect each user from other users
• Hardware Controls
– Smartcard (ICC, used for digital signature and
secure identification)
• Policies
– Frequent changes of passwords
– Recent study shows controversial arguments
• Physical Controls
16
Internet standards and RFCs
• Three organizations in the Internet
society
– Internet Architecture Board (IAB)
• Defining overall Internet architecture
• Providing guidance to IETF
– Internet Engineering Task Force (IETF)
• Actual development of protocols and standards
– Internet Engineering Steering Group (IESG)
• Technical management of IETF activities and
Internet standards process
17
Internet RFC Publication
Standardization Process
18
Recommended Reading
• Pfleeger, C. Security in Computing.
Prentice Hall, 1997.
19