07 Handout 1 - Security and Cryptography

Confidentiality

is the art of ensuring that data is kept private and accessed only by the intended recipient.

Integrity

is the art of ensuring that data is transmitted from source to destination without alteration.

Availability

is the information created and stored by an organization that needs to be available to authorized entities

Authentication

is the process of verifying that the user is exactly who he claims to be.

Single-factor authentication

is usually done through the use of passwords or user IDS.

Two-factor authentication

is a two-step verification that provides an extra layer of security beyond user ID and password, usually with a software code generator or a hardware-based login key.

Network Attacks

It is an intrusion on network infrastructure.

Network Attacks Example:

o The attacker first analyzes the environment and collects information in order to exploit the existing open ports or vulnerabilities.

o An attack can be performed either from outside of the organization by an unauthorized entity or from within the company by an “insider” that already has some access to the network

Security Goals and Services

1. Confidentiality

2. Integrity

3. Availability

4. Authentication

Snooping

refers to unauthorized access to or interception of data.

Traffic Analysis.

Although encipherment of data may make it unintelligible for the interceptor, she can obtain some other types of information by monitoring online traffic.

Attacks Threatening Confidentiality:

1. Snooping

2. Traffic Analysis

Modification

After intercepting or accessing information, the attacker modifies the information to make it beneficial to herself.

Masquerading

happens when the attacker impersonates somebody else.

Replaying

The attacker obtains a copy of a message sent by a user and later tries to replay it.

Repudiation

This type of attack is different from others because it is performed by one of the two parties in the communication: the sender or the receiver.

Attacks Threatening Integrity:

1. Modification

2. Masquerading

3. Replaying

4. Repudiation

Denial of Service (DoS)

may slow down or totally interrupt the service of a system.

Network sniffing (packet sniffing)

is a process of capturing the data packets traveling in the network. It is used by IT professionals to analyze and monitor the traffic to find such things as unexpected suspicious traffic.

Spoofing

is a process by which an intruder masquerades as a trusted user in order to gain unauthorized access to a secure environment

IP address spoofing

is a process of creating IP packets with forged source IP address to impersonate a legitimate system. This kind of spoofing is often used in denial-of-service (DoS) attacks.

ARP spoofing

is a process of sending fake ARP messages in the network. The purpose of this type of spoofing is to associate the MAC address with the IP address of another legitimate host, causing traffic redirection to the attacker’s system.

DNS spoofing

is an attack where the wrong data is inserted into the DNS server cache, causing the DNS server to divert the traffic by returning wrong IP addresses as the results for client queries.

Man-in-the-middle (MITM) attack

is an attack that involves placing a software agent between the client and server ends before or during a communication session

A replay attack

is a variation on the man-in-the-middle attack. In this case, an agent is once again placed within the client-server line of communication where it records the transaction data.

How does DoS disruptthe network?

A DoS attack can be in the form of flooding the network with invalid data until traffic from authorized network users cannot be processed.

▪ It can also be in the form of disrupting communication between hosts and clients through the modification of system configurations.

▪ It can be in the form of causing physical network destruction, such as crashing a server or router in the network.

distributed denial-of-service attack (DDoS),

An attacker can initiate a DoS attack from multiple computers or systems. This type of attack is called a

Trojan horse

is a program that installs malicious software while under the guise of doing something else

Session hijacking

refers to the exploitation of a valid computer to gain unauthorized access to information or services in a computer system.

Phishing

is an attack in which the attacker attempts to fraudulently acquire sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity in a communication session

Encryption

is a method of concealing information from a recognizable text into encrypted form.

plaintext (or cleartext)

ion is a method of concealing information from a recognizable text into encrypted form. Encryption transforms readable text, called

ciphertext

into an unintelligible form, called ____, using an encryption algorithm.

encryption algorithm

The purpose of an ____ is to scramble a message so that it remains secure even if the ciphertext is transmitted over a nonsecure medium

decryption

• The process of recovering a plaintext from its ciphertext is called .

cryptosystem

• A system that encrypts and decrypts information is called a .

cryptography

The art of creating and using cryptosystems is called ,

cryptanalysis

the art of breaking encrypted messages (usually by intruders) is called

cryptology

o The study of cryptography and cryptanalysis is called .

key

Both encryption and decryption use a _____

• Symmetric Cryptosystems

The same key is used for encryption and decryption.

o Both the originator and the recipient of a message must know the key, which is either known to the recipient through some prior arrangement or communicated in parallel with the ciphertext.

• Public-Key Cryptosystems (or Asymmetric Cryptosystems)

A public-key cryptosystem uses one key (public-key) for encryption and another key (private-key) for decryption. Each user is assigned a pair of unique and mathematically related keys: a public key and a private key.

o The private key is a secret key that is available only to the owner, and the public key is published.