KR

CS2005 – Networks and Operating Systems: Security

  • Session Objectives

    • Discuss security threats and attacks
    • Understand the fundamentals of encryption

  • Key Points

    • Types of security violations: accidental and malicious
    • Levels of security measures: Physical, Human, Operating System, Network
    • Types of program and network threats
    • Importance of cryptography
    • Distinction between symmetric and asymmetric encryption
    • Examples of encryption algorithms

  • Security Problem

    • A secure system: resources accessed as intended
    • Total security is unattainable, breaches can occur
    • Violations classified as intentional or accidental
    • Attacks are attempts to breach security, while threats are potential violations

  • Types of Security Violations

    • Breach of Confidentiality: Unauthorized data access (e.g., credit card theft)
    • Breach of Integrity: Unauthorized data modification (e.g., website tampering)
    • Breach of Availability: Unauthorized data destruction (e.g., service denial)
    • Theft of Service: Unauthorized resource use (e.g., installed daemons)

  • Security Violation Methods

    • Masquerading: Pretending to be someone else
    • Replay Attack: Repeating valid transmissions
    • Man-in-the-Middle Attack: Intercepting communications
    • Session Hijacking: Taking control of an active session

  • Security Measure Levels

    • Security should occur at four levels for effectiveness
    • The weakest link can compromise overall security

  • Program Threats

    • Trojan Horse: Disguises as legitimate software
    • Logic Bomb: Activates under specific conditions
    • Viruses: Self-replicating code that spreads

  • System and Network Threats

    • Abuse of services and connections rather than direct program attacks
    • Examples: Worms, Denial of Service attacks

  • Cryptography

    • Defined as secret writing techniques
    • Encryption: Encoding messages to protect data
    • Decryption: Using a key to decode messages
    • Key Types: Symmetric (same key for encryption/decryption) and Asymmetric (different keys)

  • Examples of Encryption Algorithms

    • Symmetric: DES, AES
    • Asymmetric: RSA

  • RSA Algorithm

    • Based on the difficulty of factoring large prime products
    • Generates a public/private key pair for secure communication

  • Encryption Process

    • Involves key sets and encrypting/decrypting functions
    • Encryption should be unfeasible to reverse without keys

  • Importance of Cryptography

    • Essential for secure communication over potentially untrustworthy networks
    • Cryptography eliminates trust issues by securing messages even against eavesdropping.