Lecture 6 Disributed

Security Model

A framework or system that defines the security requirements, threats, and controls for a particular system or network.

Breached records

Records or data that have been accessed or obtained by unauthorized individuals or entities.

Hacker attack

An unauthorized attempt to gain access to a computer system or network.

Cyber attacks

Malicious activities or actions carried out by individuals or groups to compromise the security of computer systems or networks.

Data breach

The unauthorized access, acquisition, or disclosure of sensitive or confidential data.

Malware

Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems or networks.

Distributed Denial of Service (DDOS) attacks

where multiple compromised computers are used to flood a target system or network with traffic, causing it to become unavailable.

Human error

Mistakes or actions made by individuals that lead to security breaches or vulnerabilities.

Cybersecurity breaches

Unauthorized access or compromise of computer systems or networks, resulting in potential harm or loss.

Security policies

Guidelines or rules that define the acceptable use and access of resources within an organization.

Security mechanisms

Tools, technologies, or procedures used to enforce security policies and protect resources.

Cryptography

The practice of secure communication by converting information into a code or cipher to prevent unauthorized access or tampering.

Security attacks

Various forms of malicious activities or actions that aim to compromise the security of a system or network.

Secure channels

Communication channels that ensure privacy, data integrity, and protection against tampering or unauthorized access.

Threats

Potential risks or vulnerabilities that can be exploited to compromise the security of a system or network.

Attacks

Specific actions or techniques used to exploit vulnerabilities and compromise the security of a system or network.

Eavesdropping

Unauthorized interception or monitoring of private or secret information.

Masquerading

Impersonating or assuming the identity of another user or principal without their authority.

Message tampering

Altering the content of messages in transit, often done through man-inthe-middle attacks.

Denial of service

Flooding a system or network with excessive traffic or requests to disrupt its normal operation and deny access to legitimate users.

Trojan horses and viruses

Malicious software or code that can enter a computer system and cause harm or unauthorized actions.

IP spoofing

Creating IP packets with a false source IP address to deceive or bypass security measures.

Securing electronic transactions

Implementing measures and protocols to ensure the confidentiality and integrity of email, online purchases, and banking transactions.

Authenticate

Verify the identity of someone or something.

Identity

The unique characteristics or attributes that distinguish an individual or entity.

Interfaces

Points of interaction or communication between different components or systems.

Networks

A group of interconnected devices or systems.

Keys

A parameter used in encryption algorithms to encrypt or decrypt messages.

Hackers

Individuals who gain unauthorized access to computer systems or networks.

Computer security

The protection of computer systems and data from unauthorized access or attacks.

Shared Secret Keys

Keys that are known and shared between the sender and recipient.

Public/Private Key Pair

A pair of keys, used for encryption and decryption.

Authentication

The process of verifying the identity of someone or something.

Digital Signatures

A cryptographic technique used to verify the authenticity and integrity of digital messages.

Secret key

A key used in encryption algorithms that must be kept confidential.

Private key

A key known only to a specific individual or entity.

Public key

A key that is publicly available and used for encryption or verification.

Message encryption

The process of encoding a message to hide its contents.

Message decryption

The process of decoding an encrypted message to reveal its contents.

Public Key Cryptosystem

A cryptographic system that uses public and private keys for encryption and decryption.

Server

A computer or system that provides services or resources to other computers or systems.

Tampering

Unauthorized alteration or modification of data or messages.

Certificate

A digital document that verifies the authenticity and integrity of information.

Trusted authority

An entity that is trusted to issue and verify certificates.

Signature

A unique identifier or mark that verifies the authenticity of a document or message.

Symmetric (secret key)

A cryptographic algorithm that uses the same key for both encryption and decryption.

Asymmetric (public key)

A cryptographic algorithm that uses separate encryption and decryption keys.

Brute-force

A form of attack where all possible key values are tried to decrypt a known pair of message and ciphertext.

Hybrid protocols

Cryptographic protocols that combine symmetric and asymmetric encryption methods.

Public Key Infrastructure (PKI)

A system that allows users to verify the authenticity of public keys.

X.509 certificate

A digital certificate that contains information about the owner of a public key.

Certificate Authorities (CAs)

Trusted entities that issue and verify digital certificates.

RSA

A widely used asymmetric encryption algorithm created by Ron Rivest, Adi Shamir, and Leonard Adleman.

Generating Keys

The process of selecting prime numbers and calculating the public and private keys for RSA encryption.

Encryption

The process of converting plaintext into ciphertext using a cryptographic algorithm and a key.

Decryption

The process of converting ciphertext back into plaintext using a cryptographic algorithm and a key.