Professional Documents
Culture Documents
Lecture 2 Applied Cryptography
Lecture 2 Applied Cryptography
Applied Cryptography
09/02/2023 1
09/02/2023 2
What is this course about?
• Objectives
o Security needs / threats
o Security Goals
o Cryptography
09/02/2023 3
What we will cover?
09/02/2023 4
Vulnerability, Threat and Control
09/02/2023 5
Threats, Controls, and Vulnerabilities
09/02/2023 6
Attacks, Services and Mechanisms
09/02/2023 7
Books
09/02/2023 8
Relationship Between Confidentiality,
Integrity, and Availability
09/02/2023 9
Confidentiality
09/02/2023 10
Integrity
09/02/2023 11
Availability
09/02/2023 12
Security Attacks
09/02/2023 13
09/02/2023 14
Security Attacks
09/02/2023 15
09/02/2023 16
Method, Opportunity and Motive
09/02/2023 17
Attacks
• Cryptanalytic Attacks
o Exploit mathematical weakness of cryptographic algorithm
• Non-cryptanalytic Attacks
o Threats to goal of security
09/02/2023 18
09/02/2023 19
Security Services
• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
o Denial of Service Attacks
o Virus that deletes files
09/02/2023 20
09/02/2023 21
09/02/2023 22
Vulnerabilities
• Hardware vulnerabilities
• Software vulnerabilities
o Software deletion
o Software modification
− Viruses etc.
o Software theft
• Unauthorized copying etc.
• Data vulnerabilities
09/02/2023 23
Data Security
09/02/2023 24
Computing system vulnerabilities
09/02/2023 25
Computer Criminals
• Amateurs
o Personal works
• Crackers
o Trying to access computing facilities for which they are not
authorized
o The perception that nobody is hurt or even endangered by a
little stolen machine time
o Others attack for curiosity, personal gain, or self-
satisfaction
• Career Criminals
09/02/2023 26
Methods of Defense
09/02/2023 27
09/02/2023 28
Methods of Defense
• Controls
o Encryption
o Hardware Controls
− Hardware/smart card implementations of encryption
− Locks or cables limiting access
− Devices to verify users’ identity
− Firewalls
− Intrusion detection systems
o Software Controls
− Internal program controls,
− OS and Network system controls
− Independent control program (anti virus, passwords etc.)
− Development control
o Policies and Procedures
o Physical Controls
09/02/2023 29
Effectiveness of Controls
• Awareness of Problem
o Highlighting Need of security
• Likelihood of Use
o They must be efficient, easy to use, and appropriate
• Overlapping Controls
o Use several different controls, layered defense
• Periodic reviews
o Judging the effectiveness of control is an ongoing task
09/02/2023 30
Others Exposed Assets
• Networks
o Network’s lack of physical proximity
o Use of insecure, shared media
o Inability to identify remote users positively
• Access
o Computer time
o Malicious access
o Denial of service to legitimate user
• Key People
09/02/2023 31
09/02/2023 32
What’s Next?
• Encryption overview
• Cryptography in detail
09/02/2023 33
Questions?
09/02/2023 34