![Page 1: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/1.jpg)
Security
Many secure IT systems are like a house with a locked front door but with a side window open
-somebody
![Page 2: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/2.jpg)
What do we want to protect?
• Services and data offered by the computer systems.
![Page 3: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/3.jpg)
Types of Threats
• Interception
• Interruption
• Modification
• Fabrication
![Page 4: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/4.jpg)
Security Mechanisms
• Encryption
• Authentication
• Authorization
• Auditing
![Page 5: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/5.jpg)
Security Policy
•To properly use security mechanisms a security policy is needed
• A security policy helps in understanding what exactly needs to be protected and what the assumptions are with respect to security
e.g. Operations between entities in different domains require mutual authentication
Controlling access to resources in multiple administrative domains is subject to local security only
![Page 6: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/6.jpg)
Layering of Security Mechanisms (1)
The layer in which security mechanisms are placed depends on the trust a client has in how secure the services are in a particular layer
![Page 7: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/7.jpg)
Layering of Security Mechanisms (2)
Several sites connected through a wide-area backbone service.
![Page 8: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/8.jpg)
CryptographyCryptography functions
– Secret key (e.g., DES)– Public key (e.g., RSA)– Message digest (e.g., MD5)
Security services– Privacy: preventing unauthorized release of information– Authentication: verifying identity of the remote participant – Integrity: making sure message has not been altered
Security
Cryptographyalgorithms
Publickey
(e.g., RSA)
Secretkey
(e.g., DES)
Messagedigest
(e.g., MD5)
Securityservices
AuthenticationPrivacy Messageintegrity
![Page 9: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/9.jpg)
Secret Key (DES)
Plaintext
Encrypt withsecret key
Ciphertext
Plaintext
Decrypt withsecret key
![Page 10: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/10.jpg)
Public Key (RSA)
Plaintext
Encrypt withpublic key
Ciphertext
Plaintext
Decrypt withprivate key
![Page 11: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/11.jpg)
Message DigestCryptographic checksum
– just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message.
One-way function
– given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum.
Relevance
– if you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.
![Page 12: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/12.jpg)
Intruders and eavesdroppers in communication.
![Page 13: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/13.jpg)
Notation
Notation Description
KA, B Secret key shared by A and B
Public key of A
Private key of A
K A
K A
![Page 14: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/14.jpg)
Authentication
Authentication based on a shared secret key.
![Page 15: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/15.jpg)
Authentication Using a Key Distribution Center (1)
The principle of using a KDC.
![Page 16: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/16.jpg)
Authentication Using a Key Distribution Center (2)
Using a ticket and letting Alice set up a connection to Bob.
![Page 17: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/17.jpg)
Authentication Using Public-Key Cryptography
Mutual authentication in a public-key cryptosystem.
![Page 18: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/18.jpg)
Message Integrity
• Messages are protected against modification
• e.g. email sale
• Non Repudiation
![Page 19: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/19.jpg)
Digital Signatures (1)
Digital signing a message using public-key cryptography.
![Page 20: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/20.jpg)
Digital Signatures (2)
Digitally signing a message using a message digest.
![Page 21: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/21.jpg)
Key Distribution
Certificate – special type of digitally signed document:
“I certify that the public key in this document belongs to the entity named in this document, signed X.”
– the name of the entity being certified– the public key of the entity– the name of the certified authority– a digital signature
Certified Authority (CA)– administrative entity that issues certificates– useful only to someone that already holds the CA’s public key.
![Page 22: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/22.jpg)
Key Distribution (cont)
Chain of Trust – if X certifies that a certain public key belongs to
Y, and Y certifies that another public key belongs to Z, then there exists a chain of certificates from X to Z
– someone that wants to verify Z’s public key has to know X’s public key and follow the chain
![Page 23: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/23.jpg)
Example Systems:SSL Secure Sockets layer
![Page 24: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/24.jpg)
Protection Domains
The hierarchical organization of protection domains as groups of users.
![Page 25: Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody](https://reader035.vdocument.in/reader035/viewer/2022062517/56649f355503460f94c532dc/html5/thumbnails/25.jpg)
Firewalls
A common implementation of a firewall.