Embed Size (px)
Citation preview
By: Priyanka Mehta
(Assist. Prof. – CS\IT dept)
An information system is a combination of informationtechnology and people’s activities that support operations,management and decision making.
In a broader sense, an information system is a work system,in which humans or machines perform activities likecapturing, transmitting, storing, retrieving, manipulatingand displaying the processed information.
Information security means protecting information andinformation systems from unauthorized access,modification, disruption, recording or destruction.
To fully understand why information security is important, oneneeds to understand both the value of information and theconsequence of such information being compromised.
Eg: An organization can hold sensitive information aboutemployees, salary information, future business plans, tradingsecrets and other information that gives them a competitive edgein the market. If such information fall into wrong hands, then itcan bring down the business leading to huge financial penalties,expensive law suits and loss of reputation.
Similarly, an individual hold personal information on their homecomputers and typically perform online activities such asbanking, shopping and social networking, thus sharing theirsensitive information with others over the internet. If suchinformation is left unprotected, then information may getaccessed by anyone leading to identity theft and damage tofinancial history or credit rating.
Confidentiality: Guarding against the maliciousactions or unauthorized access that endanger theconfidentiality of the information.
Integrity: Preventing the data from beingmodified through unauthorized mechanism.
Availability: Information created and stored mustbe available to authorized entities.
Snoofing
Traffic Analysis
Modification
Masquerading
Replaying
Repudiation
Denial of
Service
Threat to Confidentiality
Threat to Integrity
Threat to Availability
Snoofing: It refers to unauthorized access to anotherperson’s or company’s data. Snooping can include casualobservance of an email that appears on another’s computerscreen or watching what someone else is typing. Moresophisticated snooping uses software programs to remotelymonitor activity on a computer or network device.
Eg: Malicious hackerkeyloggers monitor keystrokes tocapture passwords and login information to intercept emailand other private communications and data transmission.
Corporations sometimes snoop on employees legitimatelyto monitor their use of business computers and trackinternet usage.
Government may snoop on individuals to collectinformation and avoid crime and terrorism
Traffic Analysis: It is a process of intercepting andexamining the encrypted messages by a hacker to deduceinformation by analyzing the patterns in communicationon a network. Traffic analysis of encrypted data candetermine the identity and location of communicatinghosts, observe the length and frequency of messages beingexchanged and can be used to guess the nature of thecommunication taking place. However, using trafficanalysis, one can not extract the information from themessage as the contents of the message are masked usingthe common technique of encryption.
Eg: In a military context, traffic analysis is a basic part ofsignal intelligence(i.e. Intelligence-gathering byinterception of signals) and can be a source of informationabout the intensions, actions and positions of the enemy.
Modification: It means that some portion of alegitimate message is altered, delayed or reordered toproduce an unauthorized effect. Modification can takeplace in three ways:
Changes: If the already existed information is changedand the provided information is no longer accurate.Insertion: If the information that previously did notexisted is added.Deletion: If the existing information is removed.
Eg: A message meaning “Allow Fred Brown to readconfidential file accounts.” is modified to mean“Allow John Smith to read confidential fileaccounts.”
Masquerading: It occurs when the attacker pretendsto be an authorized user of a system in order to gainaccess to it or to gain greater privileges than they areauthorized for. A masquerade may be attemptedthrough the use of stolen login Ids and passwords,through finding security gaps in programs or throughbypassing the authentication mechanism.
Eg: An attacker might steal login and password of anemployee in an organization and can have full accessto the organization’s critical data (depending on theprivilege level they pretend to have) and may able tomodify and delete software and data and makechanges to network configuration and routinginformation.
Replaying: In this attack, a valid data transmission ismaliciously or fraudulently repeated or delayed. Itoccurs when an attacker copies a stream of messagesbetween two parties and replays the stream to one ormore parties.
Eg: A person sends a request to the bank to ask for thepayment to the attacker. The attacker may send thismessage again to that bank to receive anotherpayment.
Repudiation: This issue is concerned with a userdenying that he or she performed an action or initiateda transaction. In other words, it occurs if the sender ofthe message later deny that he send the message or ifthe receiver of the message later deny that he hasreceived the message.
Denial of service: It is an attempt to make acomputer or network resource unavailable to itsintended users. One common method of attackinvolves saturating the target machine withmultiple bogus requests, such that it cannotrespond to legitimate traffic, or responds so slowlythat others believe that the target machine orserver is unavailable. Such attacks lead to serveroverload.
Passive Attacks Active Attacks
A passive attack attempts to learn ormake use of information from thesystem but does not affect systemresources.
An active attack attempts to altersystem resources or affect theiroperation.
Passive attacks are very difficult todetect because they do not involve anyalteration of the data.
Active attacks are easier to detect as they involve some modification of the data.
More emphasis is made onpreventing(usually by meansencryption) a passive attack rather thandetection.
It is quite difficult to prevent an active attack absolutely, because of the wide variety of potential physical, software and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them.
Passive attacks such as snooping andtraffic analysis threaten theconfidentiality of the information.
Active attacks such as modification,masquerading, replaying, repudiation,denial of service threaten the integrityand availability of the information.
Security services enhances the security of dataprocessing and transferring and thus it is divided intofive categories:
Authentication: To assure that the communicatingentity is the one that it claims to be.
Access control: To prevent the unauthorized use ofa resource or data.
Data confidentiality: To protect the data fromunauthorized disclosure.
Data integrity: To ensure that the data received issame as send by an authorized entity.
Non-repudiation: To provide protection againstdenial by one of the entities involved in acommunication of having participated in all orpart of the communication. With this service, thereceiver of the data can later prove the identity ofthe sender if denied or the sender of the data canlater prove that the data were delivered to theintended recipient.
Security mechanism allow one to detect, preventand recover from a security attack. Followingsecurity mechanisms provide security services:
Encipherment: Encipherment means hiding orcovering data. By this mechanism a readablemessage is transformed into an illegible messageby the use of mathematical algorithms. Twotechniques – cryptography and steganography areused for enciphering the data.
Access control: This mechanism provides a wayto enforce access right to resources. For example,in Linux, every file, folder or resource have threesets of permissions. These permissions indicatewho have the right to read, write or execute aspecific file, folder or resource.
Digital Signatures: A digital signature is a stampwhich is placed or appended with the messagebefore sending it to the receiver. When the receiverobtains the message, it can verify the authenticityof the message by checking the digital signature.This prevents the forgery of the message by anattacker.
Data integrity: In the data integrity mechanismthe sender first pass the message through analgorithm called a cryptographic hash functionbefore sending it to the receiver. This functioncreates a compressed image of the message calledmessage digest. To check the integrity of themessage the receiver again run the cryptographichash function on the received message andcompare the new message digest with the previousone. If both are same, the receiver is sure that theoriginal message has not changed.
Traffic padding: This is a security mechanism inwhich unwanted or bogus bits of data is inserted orappended with the stream of data making harder forthe attacker to perform a traffic analysis.
Authentication exchange: In this mechanism, twoentities exchange certain information to prove theiridentity to each other and verify that the entity is notan attacker.
Routing control: Routing control means selectingand continuously changing different available routesbetween the sender and the receiver to prevent theattacker from eavesdropping on a particular route.
Cryptography: The art or science encompassing theprinciples and methods of transforming an intelligiblemessage into one that is unintelligible, and thenretransforming that message back to its original form.
Plaintext: A plaintext is the original message or data.
Ciphertext: A ciphertext is the coded message thatdepends on the plaintext and secret key.
Cipher: An algorithm for transforming an intelligiblemessage into unintelligible by transposition and/orsubstitution.
Key: Some critical information used by the cipher, known only to the sender & receiver
Encryption: The process of converting a plaintextinto ciphertext is called encryption.
Decryption: The process of recovering the originalplaintext from the ciphertext is called decryption.
Cryptanalysis: The study of principles and methodsof transforming an unintelligible message back into anintelligible message without knowledge of the key.Also called code breaking.
The Symmetric-key algorithm uses a single secret key forboth encryption and decryption. It is also known as secret-key algorithm.
Ek (P) = C
Dk (C) = P
Well known symmetric-key algorithms are DES, RC5,Blowfish etc.
Chances of loosing security is very high.
Used for large messages.
Fast
The Asymmetric-key algorithm uses two keys:Private keyPublic key
The message is encrypted using a public key and is decrypted using a private key.
Ek1 (P) = C k1 – Public key
Dk2 (C) = P k2 – Private key
Security is quite strong.
Used for authentication, digital signature and secret-keyexchange.
Slow
Key-generation
procedure
To Public
Public-key distribution channel
Bob
Alice
Public key
Encryption
Plaintext Ciphertext
Decryption
Ciphertext Plaintext
Private key
Insecure
channel
