Scribd Logo
Upload

Welcome to Scribd!

  • Definition of Security/Privacy: Attacks, Services and Mechanisms

    Uploaded by

    Fisseha Abebe
    17 views9 pages

    Original Title

    02def.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views9 pages

    Definition of Security/Privacy: Attacks, Services and Mechanisms

    Uploaded by

    Fisseha Abebe

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    CS 686 Special Topics in CS

    Privacy and Security

    Definition of Security/Privacy

    EJ Jung
    ejung@cs.usfca.edu

    9/13/2010 CS 686

    Attacks, Services and


    Mechanisms

    ! Security Attack: Any action that compromises the


    security of information.
    ! Security Mechanism: A mechanism that is designed to
    detect, prevent, or recover from a security attack.
    ! Security Service: A service that enhances the
    security of data processing systems and information
    transfers. A security service makes use of one or
    more security mechanisms.

    9/13/2010 Henric
    CSJohnson
    686 2
    Passive attack (1) - Eavesdrop
    ! Code talkers

    9/13/2010 CS 686

    Passive attack (2) - Analysis


    ! Alexa

    9/13/2010 CS 686
    Active attack (1) - impersonation

    ! Impostors on Facebook

    9/13/2010 CS 686

    Active (2) - replay

    9/13/2010 CS 686
    Active (3) intercept&modify

    9/13/2010 CS 686

    Active (4) - DoS


    ! Distributed DoS

    9/13/2010 CS 686
    Summary of attacks

    9/13/2010 Henric
    CSJohnson
    686 9

    Security Services
    ! Confidentiality (privacy)
    ! Authentication (who created or sent the data)
    ! Integrity (has not been altered)
    ! Non-repudiation (the order is final)
    ! Access control (prevent misuse of resources)
    ! Availability (permanence, non-erasure)
    Denial of Service Attacks
    Virus that deletes files

    9/13/2010 Henric
    CSJohnson
    686 10
    Attack on Authenticity
    ! Authenticity is identification and assurance of
    origin of information
    Unauthorized assumption of
    anothers identity

    network

    9/13/2010 CS 686

    Attack on Confidentiality
    ! Confidentiality is concealment of information

    Eavesdropping,
    packet sniffing,
    illegal copying

    network

    9/13/2010 CS 686
    Attack on Integrity
    ! Integrity is prevention of unauthorized changes

    Intercept messages,
    tamper, release again

    network

    9/13/2010 CS 686

    Attack on Availability
    ! Availability is ability to use information or
    resources desired
    Overwhelm or crash servers,
    disrupt infrastructure

    network

    9/13/2010 CS 686
    Famous words
    ! Encrypt and decrypt
    ! Plaintext and ciphertext
    encrypt plaintext -> ciphertext
    decrypt ciphertext -> plaintext
    easy example: XOR
    ! Digital signature
    as you sign on paper
    for non-repudiation and accountability
    ! Session
    one conversation/communication unit

    9/13/2010 CS 686

    Model for Network Security

    9/13/2010 CS 686
    Access Control Model

    9/13/2010 CS 686

    You might also like