Professional Documents
Culture Documents
Objectives
To define three security goals
To define security attacks that threaten security
goals
To define security services and how they are
related to the three security goals
To define security mechanisms to provide security
services
To introduce two techniques, cryptography and
steganography, to implement security mechanisms.
1.1
Definitions
Computer Security - generic name for the collection
of tools designed to protect data and to thwart
hackers
Network Security - measures to protect data during
their transmission
Internet Security - measures to protect data during
their transmission over a collection of interconnected
networks
our focus is on Internet Security
which consists of measures to deter, prevent,
detect, and correct security violations that involve
the transmission & storage of information
1.2
1-1 SECURITY GOALS
1.3
1.1 Continued
Figure 1.1 Taxonomy of security goals
1.4
1.1.1 Confidentiality
1.5
1.1.2 Integrity
1.6
1.1.3 Availability
1.7
1-2 ATTACKS
1.9
1.2.1 Attacks Threatening Confidentiality
1.10
1.2.2 Attacks Threatening Integrity
1.11
1.2.3 Attacks Threatening Availability
1.12
1.2.4 Passive Versus Active Attacks
1.13
Passive Attacks
Active Attacks
1-3 SERVICES AND MECHANISMS
1.16
Security Service
enhance security of data processing systems
and information transfers of an organization
intended to counter security attacks
using one or more security mechanisms
often replicates functions normally associated
with physical documents
which, for example, have signatures, dates; need
protection from disclosure, tampering, or
destruction; be notarized or witnessed; be
recorded or licensed
1.3.1 Security Services
Figure 1.3 Security services
1.18
Security Services (X.800)
1.21
1.22
1.3.3 Relation between Services and Mechanisms
1.23
1-4 TECHNIQUES
1.24
1.4.1 Cryptography
1.25
1.4.2 Steganography
1.26
1.4.2 Continued
1.27