security services ece 646 - lecture 1. need for information security widespread use of data...
TRANSCRIPT
![Page 1: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/1.jpg)
Security Services
ECE 646 - Lecture 1
![Page 2: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/2.jpg)
Need for information security
• widespread use of data processing equipment: computer security
• widespread use of computer networks and distributed computing systems: network security
![Page 3: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/3.jpg)
Security Threats in Banking Systems
Bank A Bank Binterception
modificationfabrication
unauthorizedaccess
Radiationanalysis
Timingattacks
ATM
![Page 4: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/4.jpg)
Electronic Commerce
HOME-SHOPPING
ELECTRONIC FUND TRANSFER - EFT
ELECTRONIC DATAINTERCHANGE - EDI
• non-digital goods (e.g., books, CDs)• services (e.g., travel reservations)• digital goods (e.g., software, music, video)• micropayments (e.g., database access)
• intra-bank fund transfers• inter-bank fund transfers• home banking• electronic cash
• financial transactions among companies
![Page 5: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/5.jpg)
Electronic Data Interchange
• transactions between computers
• human participation in routine transactions
limited or non-existent
• paper records eliminated
• less time to detect and correct errors
![Page 6: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/6.jpg)
Other types of data needing security
• financial records
• medical records
• commercial secrets
• business and private correspondence
• technical specifications
![Page 7: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/7.jpg)
Potential attackers
• hackers
• industrial competitors
• spies
• press
• government agencies
![Page 8: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/8.jpg)
Security on the Internet
SECUREE-MAIL
Alice, Love you, Bob
AliceSmurftown,SL 22030Smurfland
![Page 9: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/9.jpg)
NSA
National Security Agency(also known as “No Such Agency” or “Never Say Anything”)
Created in 1952 by president Truman
Goals:
• designing strong ciphers (to protect U.S. communications)• breaking ciphers (to listen to non-U.S. communications)
Budget and number of employees kept secretLargest employer of mathematicians in the worldLarger purchaser of computer hardware
![Page 10: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/10.jpg)
RSA Security Inc.(currently the security division of EMC)
• original patents for RSA (expired in 2000), RC5, RC6 and other cryptographic algorithms
• over 1 billion users of the basic cryptographic library BSAFE
• RSA Laboratories
• RSA Conference
• spin-off companies VeriSign - Public Key Infrastructure
![Page 11: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/11.jpg)
American and international standardsregarding public key cryptography
IEEE
ANSI
NIST
ISO
RSA Labs PKCS
Industrialstandards
Bankingstandards
Federal standards
Internationalstandards
Informalindustrialstandards
P1363ANSI X9
FIPS
PKCS
ISO
![Page 12: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/12.jpg)
American and international standardsregarding public key cryptography
IEEE - Institute of Electrical and Electronics Engineers
ANSI - American National Standards Institute
NIST - National Institute of Standards and Technology
ISO – International Organization for Standardization
PKCS – Public Key Cryptography Standards
FIPS - Federal Information Processing Standards
![Page 13: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/13.jpg)
Security services
Protecting data
in transit at rest
• confidentiality• integrity• authentication• non-repudiation
• access control
- identification
- authorization
- auditing
• availability
![Page 14: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/14.jpg)
Identification(User Authentication)
On the basis of
• what you know (passwords, PINs)• what you have (magnetic card, smart card)• what you are (fingerprints, handprints, voiceprints,
keystroke timing, signatures, retinal
scanners)
![Page 15: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/15.jpg)
![Page 16: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/16.jpg)
![Page 17: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/17.jpg)
Basic Security Services (1)
1. Confidentiality
2. Message integrity
3. Message authentication
Bob Alice
Charlie
Bob Alice
Charlie
Bob Alice
Charlie
![Page 18: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/18.jpg)
Basic Security Services (2)
4. Non-repudiation - of sender - of receiver - mutual
Technique: digital signature
Signature
DIGITAL HANDWRITTEN
A6E3891F2939E38C745B25289896CA345BEF5349245CBA653448E349EA47
Main Goals: • unique identification• proof of agreement to the contents of the document
![Page 19: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/19.jpg)
Handwritten and digital signaturesCommon Features
Handwritten signature Digital signature
1. Unique
2. Impossible to be forged
3. Impossible to be denied by the author
4. Easy to verify by an independent judge
5. Easy to generate
![Page 20: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/20.jpg)
Handwritten and digital signaturesDifferences
Handwritten signature Digital signature
6. Associated physically
with the document
7. Almost identical
for all documents
8. Usually at the last
page
6. Can be stored and
transmitted
independently
of the document
7. Function of the
document
8. Covers the entire
document
![Page 21: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/21.jpg)
Relations among security services
INTEGRITY
AUTHENTICATION
NON-REPUDIATION
CONFIDENTIALITY
![Page 22: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/22.jpg)
Network Security Threats (1)
Interruption Interception
Modification Fabrication
![Page 23: Security Services ECE 646 - Lecture 1. Need for information security widespread use of data processing equipment: computer security widespread use of](https://reader035.vdocument.in/reader035/viewer/2022062718/56649ead5503460f94bb4118/html5/thumbnails/23.jpg)
Passive Active
Interception
Release ofmessagecontents
Trafficanalysis
Interruption(availability)
Modification(integrity)
Fabrication(authenticity)
Network Security Threats (2)