Security

System SecurityProf. Rupesh Mishra

System Security - Introduction

Prerequisites

• Computer Networks

• Operating Systems

• Algorithm & Programming

• Computer Organization and Architecture

• Data Structure

System Security - Introduction 2

Syllabus

• 150 = 100 + 25 + 25

• Cryptography

• Access Control

• Software Security

• Network Security


• Text Book

1. Cryptography and Network Security by Behrouz A.

Forouzan, TATA McGraw hill.

2. Security in Computing by Charles P. Pfleeger ,

Pearson Education

• Reference Book

1. Cryptography and Network Security, William

Stalling, Prentice hall


Information Asset


Computing System

Software

Hardware

Data


VulnerabilityWeakness in the security

system

ThreatCircumstances that cause

harm or loss to system

AttackExploiting the

vulnerability of system


Control

• An action, device, procedure or technique to

remove or reduce vulnerability.

• A threat is blocked by controlling

vulnerability.


•Interception

•Interruption

•Modification

•Fabrication

Threats


Interception


Interception

• Unauthorized party has gained access to an

asset.

• Unauthorized party can be a Person,

Program or System.

• Copying data , Wiretapping


Interruption


Interruption

• An asset of the system becomes

unavailable or unusable.

oDestruction of hardware devices.

oDeleting program or data file.

oMalfunction of O.S.


Modification

• Unauthorized tempering of asset.

oChange database value

oAlter program to perform additional

computation

oModify data to be transmitted


Fabrication• Fabrication of counterfeit objects on a

computing system.

oAdd records to an existing database


Software Vulnerability

• Software Deletion(Interruption)

• Software Modificationo Logic Bomb

o Trojan Horse

o Virus

o Trap Door

o Information Leak

• Software Theft



Security

Confident-iality

IntegrityAvailability


Confidentiality

• No unauthorized disclosure of information


I Don’t want anyone to steal my credit card

number

Confidentiality

• Only authorized party can access the

protected data.

• Determine authorized people

• Determine data access policy

• Awareness of sensitivity of data


Integrity

• No unauthorized modification of information


I Don’t want anyone to change my

report

Asp

ects

of

Inte

gri

tyAuthorized Action

Separation and Protection

Error Detection & Correction


Availability

• System should be available for legitimate

use.


I want to check my E-Mails

24/7

Availability

• Applicable to data and services.

o Timely response to the request

o Fault Tolerance

o Easy to use

oConcurrency Controlled

oDeadlock Management


Computer Security

• The protection afforded to an automated

information system in order to attain the

applicable objectives of preserving the

integrity , availability and confidentiality of

resources.


Security Attack

Active Attack

Passive attack


Snooping


Snooping


Traffic Analysis


Modification


Modification


Masquerading


Masquerading


Replay


Repudiation


Denial of Service


Denial of Service


Active Attack Passive Attack

Access and modify information

Access information

System is harmed No harm to system

Easy to detect than preventDifficult to detect than prevent

Threat to Integrity, Availability Threat to Confidentiality

Masquerading, Repudiation, DOS

Snooping, Traffic analysis


Security Attack

Confidentiality (Passive)

Snooping

Traffic Analysis

Integrity (Active)

Modification

Masquerading

Replaying

Repudiation

Availability (Active)

DOS


Service Security Mechanism

Data Confidentiality

Encipherment , Routing Control

Data IntegrityEncipherment , Digital Signature, Data Integrity

AuthenticationEncipherment , Digital Signature, Authentication Exchange

NonrepudiationDigital Signature, Data Integrity, Notarization

Access Control Access Control



Encipherment

Cryptography

Steganography


Cryptography

• Secret writing

• Encryption * Decryption

• Symmetric * Asymmetric


Steganography

This course is about cryptography,

not on steganography

Thank You !!!!!!!


Technology

Security