Cryptography

fishpollutionΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

106 εμφανίσεις

CS 483


SD SECTION


BY DR.
DANIYAL

ALGHAZZAWI


(1)

Information Security

Syllabus


Textbook:


“Information Security
-
Principles and Practice” by Mark Stamp


Grading:


Projects:

1.
Classic Cipher: 10%

2.
Symmetric Cipher: 15%

3.
Asymmetric Cipher: 15%

4.
New Cipher: 10%


Exams (Open book):


OS Services: 5%


Midterm: 15%


Final: 30%

Definition


Information Security
is the process of protecting
data from unauthorized access, use, disclosure,
destruction, modification, or disruption.


Other names:


Computer security


Information assurance


Data security


IT security


Computer security


Basic Principles of Information Security


Confidentiality


No one can see it


Integrity


Remove / Insert some pages


Availability


see it anytime

Where to Start? Risk Management


We need to start the
Risk Management’s

process:


To identify the vulnerabilities


To identify the threat


Why do we need Risk Management?


a threat may use a vulnerability to cause harm to valuable
information


The objective of the
Risk Management’s

:


To reduce risk to an acceptable level


1.
DEFI NI TI ON

2.
PROCESS

3.
EXECUTI VE

Risk Management

Definition



Risk
management is the process of identifying
vulnerabilities
and
threats
to the information
resources used by an organization in achieving
business objectives, and deciding what
countermeasures, if any, to take in reducing risk to
an acceptable level, based on the value of the
information resource to the organization.”
CISA

Review Manual 2006

Process

1.
Identification of assets and estimating their value.

2.
Conduct a threat assessment.

3.
Conduct a vulnerability assessment.

4.
Calculate the impact that each threat would have
on each asset.

5.
Identify, select and implement appropriate
controls.

6.
Evaluate the effectiveness of the control measures.

Executive Management


Executive Management can choose to:


accept the risk


mitigate the risk


deny the risk


Executive Management

1.
“Accept the risk”?


do nothing !

2.
“Mitigate the risk”?


Administrative Control


Logical Control


Physical Control

3.
“Deny the risk”?


Confidentiality


Integrity


Authenticity


1.
TERMI NOLOGY

2.
CRYPTOGRAPHY

3.
CI PHERS

1.
Substitution Ciphers

2.
Transposition Ciphers

3.
Symmetric Ciphers

4.
Asymmetric Ciphers

Cryptology

Basic Terminology of Crypto


Cryptology:
is the art and science of making and
breaking “secret codes.”


Cryptography:
is the making of “secret codes.”


Cryptanalysis:
is the breaking of “secret codes.”


Crypto:
is a synonym for any or all of the above (and
more).

Cryptography


Cipher (
رفص
)
is an algorithm for performing
encryption and decryption


a series of well
-
defined
steps that can be followed as a procedure.

Plaintext

Ciphertext

Encrypt

Decrypt

Cryptography


The operation of a cipher usually depends on a piece
of auxiliary information, called a
key
.








Key Authentication Problem

Plaintext

Ciphertext

Encrypt

Decrypt

Cryptography

Ciphers

1
. Classic

Substitution

e.g.,

Caesar Cipher

Transposition

e.g.,

Route Cipher

Hybrid

2. Modern

Symmetric

(Private Key)

Stream Cipher

e.g.,

RC4, A5/1

Block Cipher

e.g.,

DES, AES

Asymmetric

(Public Key)

e.g.,

RSA

Hybrid