December 21, 2015
3 Major Concepts of Cryptography
December 21, 2015
- Computer Security
- OSI Security Architecture
1- Confidentiality: assure that confidential information is not available to unauthorized users.2- Integrity: assure that information is only changed in a specified and authorized manner.3- Availability: assure that services are available to authorized users.
- Security Attack: any action that compromises the security of information. The security attack consists of 2 classes:
- Passive attack: The main goal of this attack is to collect information about the victim without touching the victim's services or alter the data content, such as monitoring the transmission of data or traffic analysis. Passive attacks are very hard to detect because there's no real communication with victim's services or alteration of the data's content.
- Active attack: This type of attack involves touching the victim's services or some alteration to the data's content or creating a false data. Active attacks have a several forms, including:
Masquerades: The attacker pretends to be someone else. For example, the attacker wants to connect to a network with a firewall; the firewall only accepts a list of MAC address. The attacker will masquerade his MAC address (or spoof his MAC) to get access or to be authorized to use it.
Denial of service attack (DOS): The goal of these attacks are to prevent service/s on the victim's machine by sending or redirecting a massive amount of data stream to the victim. This may block the service/s on this server until this action stops. Active attacks are not hard to detect, but it's impossible to prevent this attack absolutely because it has a wide range of potential attacks (OSs, SW, HW, Web applications, services... etc).
- Security Mechanism: a process that's designed to detect, prevent and recover from a security attacks such as:
- Digital Signature: a mechanism that proves the source and the integrity of information.
- Access Control: a mechanism that allows only authorized users with a specific privileges.
- Data Integrity: a mechanism that assure the integrity of data.
- Cryptography: a mechanism that assures the secrecy of information or the secrecy of communication channels.
- Security Services: a processing or communication service that enhances the security of information or information transfers.
- The type of operations used for transforming plaintext to ciphertext. All encryption algorithms are based on 2 principles:
- Substitution: where the elements in the plaintext are mapped into another elements.
- Transposition: where the elements in the plaintext are rearranged.
- The number of keys used:
- If encryption and decryption algorithms use the same key, this system is symmetric.
- If encryption and decryption algorithms use different keys, this system is asymmetric or public-key encryption.
- The way in which the plaintext is processed:
- Block Cipher: The input is one block at a time and produces one block output for each input.
- Stream Cipher: The input is one element at a time and produces one output for each one input.