Lecture 02

Electronic security

LECTURER: Olivier Angel Kevin

Email: kishimwe@uok.ac.rw

Labor for the future Lecturer: Olivier Angel Kevin 1

 Security terminology
 Computer security is the protection of assets from unauthorized
access, use, alteration, or destruction.
 There are two types of security:
– Physical security including such devices as alarms, fireproof doors,
security fences, vault.
– Logical security is non-physical protection.
 A threat is an act or object that poses a danger to computer assets.
 A countermeasure is a procedure, either physical or logical that
recognizes, reduces, or eliminates a threat.

Labor for the future Lecturer: Olivier Angel Kevin 2

Security terminology
• Necessity
Preventing data delays or denials.
Example: Delaying a purchase order for stock

• Integrity
Preventing unauthorized data modification.
Example: Changing of an e-mail message

•Secrecy
Protecting against unauthorized data disclosure, and ensuring the
authenticity of the data source.
Example: Use of stolen credit card numbers

Labor for the future Lecturer: Olivier Angel Kevin 3

 Security terminology
Privacy
• The protection of individual rights to non-disclosure.
• The law enforces privacy protection.
• Example: Employers reading employees’ e-mail.

Labor for the future Lecturer: Olivier Angel Kevin 4

Risk analysis
The countermeasure will depend both on the cost
associated with the threat and the likelihood that
the threat will occur.
• High probability, low impact: Contain and control
• High probability, high impact: Prevent
• Low probability, low impact: Ignore
• Low probability, high impact: Insurance or backup

Example: computer systems under threat from

(1) virus, (2) fire, (3) earthquake, (4) theft

Labor for the future Lecturer: Olivier Angel Kevin 5

Types of threats
• Physical threats
– Natural phenomena: Earthquake, storm, tornado
– Arson, electrical shutdown, power surge
– Theft, sabotage
• Logical threats
– denial of service attack,
– Phishing( is the fraudulent attempt to obtain  sensitive information such as
usernames, passwords, and credit card  details (and money)
– Worms(is a standalone malware computer program that replicates itself in
order to spread to other computers.)
– virus

Labor for the future Lecturer: Olivier Angel Kevin 6

 Security policy
• Any organization is concerned about protecting its assets should
have a security policy.

• A security policy is a written statement describing what assets

are to be protected, why they are to be protected, who is
responsible for that protection, and which behaviors are
acceptable and not.

• The policy should address physical security, network security,

access authorizations, virus protection, and disaster recovery.
Labor for the future Lecturer: Olivier Angel Kevin 7
 History
• Early computer security measures:
– Computers were kept in locked central rooms
– Access was granted only to select individuals
– No one could remotely access the machine

• Modern systems are more complex:

– Remote processing
– Electronic transmission of information
– Widespread use of the Internet

Labor for the future Lecturer: Olivier Angel Kevin 8

 Copyright and IP
• Copyright is the protection of expression and it typically covers
items such as books, essays, music, pictures, graphics,
sculptures, motion pictures, recordings, architectural works.
• Intellectual property is the ownership of ideas and control over
the representation of those ideas.
• The U.S. Copyright Act of 1976 protects items for a fixed period
for life time and 50 years after death, Each work is protected
when it is created. A copyright notice is not necessary.

Labor for the future Lecturer: Olivier Angel Kevin 9

 Protecting copyrights and IP
• Enforcing existing copyright laws can be difficult.
• Some methods for protecting digital IP include:
– Digital copyright laws
– Digital watermarks

Labor for the future Lecturer: Olivier Angel Kevin 10

 Digital watermarks
• Steganography is the practice of hiding information within other
information. Example: Come meoc
•A digital watermark is a digital code or stream embedded into a file.
They do not affect the quality of the file and may be undetectable.
• The watermark can indicate that the file was stolen.
•http://www.howdesign.com/design-business/design-news/how-to
-protect-your-work -with-digital-watermarks/

Labor for the future Lecturer: Olivier Angel Kevin 11

 Threats
The widespread use of the Internet has resulted in an increase in
intellectual property threats.
• It is very easy to reproduce an exact copy of anything found on the
Internet.
• Many people are unaware of copyright restrictions protecting
intellectual property right.

Labor for the future Lecturer: Olivier Angel Kevin 12

 Digital firm threats
Digital firm security is best studied by examining the overall process,
beginning with the consumer and ending with the consumer server.

This analysis produces a three part structures:

1. Client security
2. Communication channel security
3. Server security
First, however, we will consider issues surrounding copyright and
intellectual property.

Labor for the future Lecturer: Olivier Angel Kevin 13

Encryption as control
• Since the Internet is inherently insecure, any secret information
must be encrypted.
• Encryption is the coding of information using a program and a key
to produce a string of unintelligible characters.
• The study of encryption is called cryptography.
The name comes from krupto (secret) and graphy (writing).
• Cryptography is not related to steganography.

Labor for the future Lecturer: Olivier Angel Kevin 14

Terminology
• Unencrypted data is called plaintext.
• Encrypted data is called ciphertext .
• A key is a string of digits that act as a password.
• Only the intended receivers should have the key that transforms the
ciphertext into plaintext.
• A cipher or cryptosystem is a technique or algorithm for encrypting
messages.

Labor for the future Lecturer: Olivier Angel Kevin 15

 Early cipher systems
• Ciphers were used as far back as the ancient Egyptians. Text was
encrypted by hand.
• The two main types of ciphers were used:
– Substitution cipher: Every occurrence of a given letter is replaced by
a different one.
Example: “a” by “b”, “b” by “c”, etc.
Transposition cipher: The ordering of the letters is shifted to form
new words. Example: Plaintext = example
Ciphertext = eae xmlp

Labor for the future Lecturer: Olivier Angel Kevin 16

In a symmetric encryption algorithm, both the sender and the
recipient use the same key (known as the secret key) to
encrypt and decrypt the message. One very basic symmetric
encryption algorithm is known as the rotational cipher. In
this algorithm, the sender simply "adds" the key to each
character of the cleartext message to form the ciphertext. For
example, if the key is 2, "A" would become "C", "B" would
become "D", and so on. The recipient would then decrypt the
message by "subtracting" the key from each character of the
ciphertext to obtain the original message.

Labor for the future Lecturer: Olivier Angel Kevin 17

Modern cipher systems
• Modern cryptosystems are digital; the algorithms are based on the
individual bits of a message rather than letters of the alphabet.
• Computer information is stored as binary strings, sequences of 0’s
and 1’s.
• Encryption and decryption keys are binary strings of a given key
length.

Labor for the future Lecturer: Olivier Angel Kevin 18

Types of cryptosystems
There are two main types of cryptosystems:
• Private-key cryptography
Also known as symmetric or secret-key encryption, it uses a single
key to both encrypt and decipher the message.
• Public-key cryptography
Also known as asymmetric encryption, it uses a public key to
encrypt messages and a private key to decipher messages.

Labor for the future Lecturer: Olivier Angel Kevin 19

 Public-key cryptography
• Public-key cryptography uses two related keys.
• The private key is kept secret by its owner.
• The public key is freely distributed.
• When someone wishes to communicate with Alice they use Alice’s
public key to encode their message. Alice then uses her private
key to decode the message.
• Although the two keys are mathematically related, it would require
massive computing power to gather the private key from the
public one.

Labor for the future Lecturer: Olivier Angel Kevin 21

Asymmetric encryption algorithm.
A modern branch of cryptography. also known as public-
key cryptography in which the algorithms employ a pair
of keys (a public key and a private key) and use a
different component of the pair for different steps of the
algorithm.

Labor for the future Lecturer: Olivier Angel Kevin 22

Asymmetric encryption algorithm.

Labor for the future Lecturer:

Olivier Angel Kevin 23
Symmetric encryption algorithm.
The encryption key and the decryption
key are interrelated and may even be
the same.

Labor for the future Lecturer: Olivier Angel Kevin 25

Let's
work through a brief example where we take the word
"APPLE" and encrypt it with a key of 4 using this simple algorithm:

Labor for the future Lecturer: Olivier Angel Kevin 26

Key agreement protocols
• A drawback of public-key algorithms is that they are not efficient
for sending large amounts of information.
• Public-key algorithms can be used to exchange private keys.
The process by which two parties exchange keys over an insecure
medium is a key agreement protocol.
• The most common key agreement protocol is a digital envelope.

Labor for the future Lecturer: Olivier Angel Kevin 27

Digital envelopes
The basic idea:
• A message is encrypted using a secret key.
• The secret key is encrypted using a public key.
• Only the receiver can decipher the secret key.
Example:
• Alice encrypts a message using a secret key.
• Alice encrypts the secret key using Bob’s public key.
• Alice sends both to Bob.
• Bob decrypts the secret key using his public key.
• He then uses secret key to decipher the message.

Labor for the future Lecturer: Olivier Angel Kevin 28

Network Topologies we can use in electronic commerce
to help you to control your network and also to enhance
the security of your network in business

Physical
Describes the geometric arrangement of components that make
up the LAN

Labor for the future Lecturer: Olivier Angel Kevin 30

LAN Topologies(Physical)
1) Bus
2) Star
3) Ring
4) Switched
5) Hierarchies

Labor for the future Lecturer: Olivier Angel Kevin 31

 Bus topology

All networked nodes are interconnected, peer to peer, using a

single, open-ended cable
Both ends of the bus must be terminated with a terminating
resistor to prevent signal bounce

Labor for the future Lecturer: Olivier Angel Kevin 32

Advantages of Bus topology
1) Easy to implement and extend
2) Well suited for temporary networks
that must be set up in a hurry
3) Typically the least cheapest
topology to implement
4) Failure of one station does not
affect others
Labor for the future
Disadvantages of Bus
topology
1) Difficult to
administer/troubleshoot
2) Limited cable length and number
of stations (10Base-2 networks
have a maximum length of 925
meters (1,000 m)
3) A cable break can disable the
entire network; no redundancy
4) Maintenance costs may be
higher in the long run
5) Performance degrades as
additional computers are added
Lecturer: Olivier Angel Kevin 33
 Ring topology
startedout as a simple peer-to-
peer LAN topology
Each networked workstation
had two connections: one to
each of its nearest neighbors
Data was transmitted
unidirectionally around the ring
Sending and receiving of data
takes place by the help of
TOKEN
Labor for the future Lecturer: Olivier Angel Kevin 34
Token Passing
Token contains a piece of information which along with
data is sent by the source computer
This token then passes to next node, which checks if the
signal is intended to it
If yes, it receives it and passes the empty to into the network
otherwise passes token along with the data to next node

Labor for the future Lecturer: Olivier Angel Kevin 35

 Advantages of Ring topology
1) This type of network topology is very Disadvantages of Ring
organized topology
2) Performance is better than that of Bus 1) Each packet of data must pass
topology through all the computers between
3) No need for network server to control source and destination,
the connectivity between workstations 2) slower than star topology
4) Additional components do not affect 3) If one workstation or port goes
the performance of network down, the entire network gets
5) Each computer has equal access to affected
resources 4) Network is highly dependent on
the wire which connects different
components

Labor for the future Lecturer: Olivier Angel Kevin 36

 Star topology
Have connections to networked
devices that “radiate” out form a
common point
Each networked device in star
topology can access the media
independently
Have become the dominant
topology type in contemporary
LANs
Stars have made buses and rings
obsolete in LAN topologies

Labor for the future Lecturer: Olivier Angel Kevin 37

 Advantages Disadvantages
1) Compared to Bus topology it 1) If central device fails whole
gives far much better network goes down
performance 2) The use of hub, a router or a
2) Easy to connect new nodes or switch as central device
devices increases the overall cost of
3) Centralized management. It the network
helps in monitoring the 3) Performance and as well
network number of nodes which can
4) Failure of one node or link be added in such topology is
doesn’t affect the rest of depended on capacity of
network central device
Labor for the future Lecturer: Olivier Angel Kevin 38
 Switched topology
A switch is a multiport, Data Link Layer device
A switch “learns” Media Access Control addresses and stores them
in an internal lookup table
Temporary, switched paths are created between the frame’s
originator and its intended recipient, and the frames are forwarded
along the temporary path
Switched topology features multiple connections to a switching
hub/Switch
Each port, and the device to which it connects, has its own
dedicated bandwidth

Labor for the future Lecturer: Olivier Angel Kevin 39

Switched topology

Labor for the future Lecturer:

Olivier Angel Kevin 40
 Advantages/Disadvantages of a Switched topology
Advantage:
Can improve LAN performance:
increase the aggregate bandwidth available throughout the
network
reducing the number of devices forced to share each segment of
bandwidth
Disadvantage:
Large switched implementations do not isolate broadcasts

Labor for the future Lecturer: Olivier Angel Kevin 41

 Hierarchies
Hierarchical topologies consist of more than one layer of
hubs. Each layer serves a different network function
The bottom tier is reserved for user station and server
connectivity. Higher-level tiers provide aggregation of the
user-level tier
A hierarchical arrangement is best suited for medium-to-
large-sized LANs that must be concerned with scalability
of the network and with traffic aggregation.

Labor for the future Lecturer: Olivier Angel Kevin 42

 Hierarchical rings
Ring networks can be scaled up by interconnecting multiple
rings in a hierarchical fashion
User station and server connectivity can be provided by as
many limited size rings as are necessary to provide the
required level of performance
A second-tier ring, either Token Ring or FDDI, can be used
to interconnect all the user level rings and to provide
aggregated access to the Wide Area Network (WAN)

Labor for the future Lecturer: Olivier Angel Kevin 43

Hierarchical rings

Labor for the future Lecturer: Olivier Angel Kevin 44

Hierarchical stars
Star topologies, can be implemented in hierarchical
arrangements of multiple stars
Hierarchical stars can be implemented as a single
collision domain or segmented into multiple collision
domains using switches, routers or bridges

Labor for the future Lecturer:

Olivier Angel Kevin 45
Hierarchical stars

Labor for the future Lecturer: Olivier Angel Kevin 46

Hierarchical combinations
Overall network performance can be enhanced by not
force-fitting all the functional requirements of the LAN
into a single solution
Today’s high-end switching hubs enable you to mix
multiple technologies

Labor for the future Lecturer: Olivier Angel Kevin 47

Hierarchical combinations

Labor for the future Lecturer:

Olivier Angel Kevin 48
Anonymous browsing
• Since many Web sites gather information about
visitors to their sites, you are constantly giving
away information such as your IP address.
• There are portals that allow you to surf the Web
anonymously by visiting their portal first.
• Their site acts as a firewall, preventing any leaks
in information.

Labor for the future

Lecturer: Olivier Angel Kevin 49
 Client threats
• Malicious code is a program that causes damage
to a system.
• Malicious code can affect both the server and the
client. Typically servers engage in much more
thorough detection and disinfection.
• Examples:
 Virus or worm
 Trojan horses
 Malicious mobile code in active content

Labor for the future Lecturer: Olivier Angel Kevin 50

 Worms
• Viruses are often combined with a worm.
• A worm is designed to spread from computer to computer rather than
from file to file.
• A worm does not necessarily need to be activated by a user or program
for it to replicate.
Trojan horse programs
• Malicious active content may be embedded into a seemingly
innocuous Web page.
• A Trojan horse is a program hidden inside another program or Web
page that masks its true purpose.

Labor for the future Lecturer: Olivier Angel Kevin 51

Digital certificates
• A digital certificate, or digital ID, is an attachment to a Web page or e-
mail message verifying the identity of the creator of the
page/message.
• It identifies the author and has an expiration date.
• A page or message with a certificate is signed.
• The certificate is only a guarantee of the identity of the author, not of
the validity of the page/code.
• Certificates are obtained from a Certificate Authority
(CA) that issues them to an individual or an organization.
• Identification requirements vary.
Labor for the future Lecturer: Olivier Angel Kevin 52
Security zones
• You can specify different security settings based on the origin of the
information being downloaded.
• There are four zones:
– Internet: Anything not classified in another way/ n/w of n/w
– Local intranet: The internal network
– Extranet : wider networks
– Demilitarized : a zone that has no belonging

Labor for the future Lecturer: Olivier Angel Kevin 53

Sniffer programs
• E-mail transmissions can be compromised by the theft of sensitive or
personal information.
• Sniffer programs record information as it passes through a particular
router.
• This can capture:
– Passwords
– Credit card numbers
– Proprietary corporate product information

Labor for the future

Lecturer: Olivier Angel Kevin 54
Integrity threats
• An integrity threat is also called active wiretapping.
• This occurs when an unauthorized party alters a message in a flow of
information.
• Cyber vandalism is the electronic spoil of an existing Web site’s page.
This occurs when an individual replaces content on the site.
•Cyber squatting is the practice of registering a trademark of another
company as your own domain name.
• Masquerading or spoofing occurs when perpetrators substitute the
address of their site for a legitimate site and then alter an order or
other information before passing it along.
Labor for the future Lecturer: Olivier Angel Kevin 55
Necessity threats
• Also known as delay or denial threats, the purpose is to disrupt or
deny normal processing.
• Slowing processing can render a service unusable.

Labor for the future Lecturer: Olivier Angel Kevin 56

Transaction integrity
• It is difficult to prevent integrity violations, but techniques can enable
integrity violations to be detected; information can then be re-sent.
• The basic idea:
– A confusion algorithm is applied to produce a message digest.
– The message digest is encrypted to produce a digital signature.

Labor for the future Lecturer: Olivier Angel Kevin 57

Message digest
• A hashing function is applied to the message.
• This produces a number that is based on the length and content of
the message. Good hash algorithms have few collisions.
• The message digest is added to the message.
• The receiver recalculates the message digest.
• If they two do not match, integrity is violated.

Labor for the future Lecturer: Olivier Angel Kevin 58

Digital signature
• The sender computes the digest, encrypts it using her private key,
and then appends the encrypted digest onto the message.
• Only the sender could have created the digital signature.
• The merchant deciphers the digest, computes his own digest, and
compares the two. If they match the integrity of the message
was preserved.
• For added security, the digital signature and the message can be
encrypted.

Labor for the future Lecturer: Olivier

Angel Kevin 59
Database threats
• Because databases hold valuable information, attacks on them are
particularly troubling.
• Security features rely on usernames/passwords.
• Security is enforced using privileges.
• Databases that fail to store usernames/passwords in a secure manner
or fail to enforce privileges can be compromised.
• During an attack, information may be moved to a less protected
level of the database, giving full access.

Labor for the future Lecturer: Olivier Angel Kevin 60

Securing the server
• Access control and authentication
Controlling who and what has access to the server; includes both
users and other servers.
• Firewalls
Inside: Network and machines protected by the firewall.
Outside: All other networks.

Labor for the future Lecturer: Olivier Angel Kevin 61

Access control
• Authentication via digital certificates and signatures.
• Usernames/passwords
– Usernames are stored as clear text
– Passwords are stored as encrypted text
– A password entered is encrypted and compared against the
encrypted password.
• An access control list gives the users that can access certain files
and folders in the system.
Read, write, and execute permissions may be set separately.

Labor for the future Lecturer: Olivier Angel Kevin 62

Firewalls
• All traffic from the outside must pass through it.
• Only authorized traffic is allowed to pass.
• The firewall should be immune to attack.
• Operates at the application layer.
• Trusted networks are inside; untrusted ones outside.
• Can be used to separate divisions of a company.
• The same policies should apply to all firewalls.
• Unnecessary software should be stripped off.

Labor for the future Lecturer: Olivier Angel Kevin 63

Types of firewalls
• Packet filters
Filters traffic according to source and destination (IP address) based
on a set of rules.
• Gateway servers
Filter traffic according to the application requested.
Example: Incoming FTP requests granted but out-going requests
denied.
• Proxy servers
Communicate with the Internet on behalf of the private network.
Also used as a cache for Web pages.

Labor for the future Lecturer: Olivier Angel Kevin 64