security many secure it systems are like a house with a locked front door but with a side window...
Post on 05-Jan-2016
215 Views
Preview:
TRANSCRIPT
Security
Many secure IT systems are like a house with a locked front door but with a side window open
-somebody
What do we want to protect?
• Services and data offered by the computer systems.
Types of Threats
• Interception
• Interruption
• Modification
• Fabrication
Security Mechanisms
• Encryption
• Authentication
• Authorization
• Auditing
Security Policy
•To properly use security mechanisms a security policy is needed
• A security policy helps in understanding what exactly needs to be protected and what the assumptions are with respect to security
e.g. Operations between entities in different domains require mutual authentication
Controlling access to resources in multiple administrative domains is subject to local security only
Layering of Security Mechanisms (1)
The layer in which security mechanisms are placed depends on the trust a client has in how secure the services are in a particular layer
Layering of Security Mechanisms (2)
Several sites connected through a wide-area backbone service.
CryptographyCryptography functions
– Secret key (e.g., DES)– Public key (e.g., RSA)– Message digest (e.g., MD5)
Security services– Privacy: preventing unauthorized release of information– Authentication: verifying identity of the remote participant – Integrity: making sure message has not been altered
Security
Cryptographyalgorithms
Publickey
(e.g., RSA)
Secretkey
(e.g., DES)
Messagedigest
(e.g., MD5)
Securityservices
AuthenticationPrivacy Messageintegrity
Secret Key (DES)
Plaintext
Encrypt withsecret key
Ciphertext
Plaintext
Decrypt withsecret key
Public Key (RSA)
Plaintext
Encrypt withpublic key
Ciphertext
Plaintext
Decrypt withprivate key
Message DigestCryptographic checksum
– just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message.
One-way function
– given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum.
Relevance
– if you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.
Intruders and eavesdroppers in communication.
Notation
Notation Description
KA, B Secret key shared by A and B
Public key of A
Private key of A
K A
K A
Authentication
Authentication based on a shared secret key.
Authentication Using a Key Distribution Center (1)
The principle of using a KDC.
Authentication Using a Key Distribution Center (2)
Using a ticket and letting Alice set up a connection to Bob.
Authentication Using Public-Key Cryptography
Mutual authentication in a public-key cryptosystem.
Message Integrity
• Messages are protected against modification
• e.g. email sale
• Non Repudiation
Digital Signatures (1)
Digital signing a message using public-key cryptography.
Digital Signatures (2)
Digitally signing a message using a message digest.
Key Distribution
Certificate – special type of digitally signed document:
“I certify that the public key in this document belongs to the entity named in this document, signed X.”
– the name of the entity being certified– the public key of the entity– the name of the certified authority– a digital signature
Certified Authority (CA)– administrative entity that issues certificates– useful only to someone that already holds the CA’s public key.
Key Distribution (cont)
Chain of Trust – if X certifies that a certain public key belongs to
Y, and Y certifies that another public key belongs to Z, then there exists a chain of certificates from X to Z
– someone that wants to verify Z’s public key has to know X’s public key and follow the chain
Example Systems:SSL Secure Sockets layer
Protection Domains
The hierarchical organization of protection domains as groups of users.
Firewalls
A common implementation of a firewall.
top related