2 (v.v.imp) Security Goals or Key Principles of Security

7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security

1/18

Security Goals/

Key Principles of Security V.V.IMP

(Compulsory Question can beexpected for 5-10 M)

BY ::Prof Yogesh Doulatramani

VIT College


2/18

CIA Triad

2


3/18

Key Objectives Confidentiality

Data Confidentiality-informationnot disclosed tounauthorized individuals

Privacy individuals control how their information iscollected, stored, shared

Integrity

Data Integrity System Integrity

Availabilityservice not denied to authorized users

3


4/18

Security Goals

Integrity

Confidentiality

Avalaibility

4


5/18

Security Goals Confidentiality

Concealment of information or resources

Integrity Trustworthiness of data or resources

Availability Ability to use information or resources

5


6/18

Confidentiality Need for keeping information secret arises

from use of computers in sensitive fields such

as government and industry Access mechanisms, such as cryptography,

support confidentiality

Example: encrypting income tax return

Lost through unauthorized disclosure ofinformation

6


7/18

Integrity

Often requires preventing unauthorizedchanges

Includes data integrity (content) and origin

integrity (source of data also calledauthentication)

Include prevention mechanisms and detectionmechanisms Example: Newspaper prints info leaked from White

House and gives wrong source

Includes both correctness and trustworthiness Lost through unauthorized modification or

destruction of information 7


8/18

Availability Is an aspect of reliability and system design

Attempts to block availability, called denial of

service attacks (DoS) are difficult to detect Example: bank with two servers one is blocked, the

other provides false information

Ensures timely and reliable access to and use

of information Lost through disruption of access to

information or information system

8


9/18

3 Additional Goals Authenticity- being genuine and able to be

verified or trust; verifying that users are whothey say they are (use DigitalCertificates,Passwords,Biometrics)

Access Control : only users with

rights(r,w,x) will be allowed(use AccessControl Matrix)

Non-Repudiation : user cant deny later (useDi ital Si natures9


10/18

Security Attacks on Goals

10


11/18

Security Attacks

Information

source

Information

destination

Normal Flow

11


12/18

Security Attacks

Information

source

Information

destination

Interruption

Attack on availability

(ability to use desired information or resources)

12


13/18

Security Attacks

Information

source

Information

destination

Interception

Attack on confidentiality

(concealment of information)13


14/18

Security Attacks

Information

source

Information

destination

Fabrication

Attack on authenticity

(identification and assurance of origin of information)14


15/18

Security Attacks

Information

source

Information

destination

Modification

Attack on integrity

(prevention of unauthorized changes)Network Security 15


16/18

Security Threats/Attacks

16


17/18

Security Attacks Interruption: This is an attack on

availability

Disrupting traffic Physically breaking communication line

Interception: This is an attack onconfidentiality Overhearing, eavesdropping over a

communication line

17


18/18

Security Attacks (continued) Modification: This is an attack on

integrity

Corrupting transmitted data or tamperingwith it before it reaches its destination

Fabrication: This is an attack onauthenticity Faking data as if it were created by a

legitimate and authentic party

18

2 (v.v.imp) Security Goals or Key Principles of Security

Documents

Transcript of 2 (v.v.imp) Security Goals or Key Principles of Security