computer security - 123SeminarsOnly

standingtopΤεχνίτη Νοημοσύνη και Ρομποτική

17 Νοε 2013 (πριν από 5 χρόνια και 1 μήνα)

132 εμφανίσεις


Sachin Shaw


What is computer security ?

Core security concepts

Security concerns

Contributing factors

Basic security objective

Security Terms

Trends for 2011

Security Components

Certification Authority

Computer security

is a branch of computer
technology known as
information security

applied to

and networks. The objective of
computer security includes protection of information
and property from theft, corruption, or natural
disaster, while allowing the information and property
to remain accessible and productive to its intended

Vulnerability, Exploit, Threat


a weakness in some aspect of a system


a known method for taking advantage of a


the likelihood of some agent using an exploit to
compromise security

Unauthorized access to resources.

Masquerade as authorized user or end system.

mail forgery.

Malicious attacks.

Monitoring and capture of network traffic.

Exploitation of software bugs.

Increased Internet use:

Home broadband,

Greater coverage (wired and wireless):

More ubiquitous on
line use:





Lack of awareness of threats and risks.

open network policies.

Unencrypted network traffic.

Complexity of security measurements and administration.

Software bugs.

Availability of cracking tools .


prevent/detect/deter improper
disclosure of information.


prevent/detect/deter improper modification
of information.


prevent/detect/deter improper denial of
access to services.


The process by which a person or other entity proves that it
is who (or what) it says it is.

Want to authenticate the person or entity that you are
dealing before transferring something valuable, such as
information or money, to or from, it.

Authentication is achieved by presenting some

identifying entity

to the endpoint that is undertaking the

An example of this process is the way you authenticate yourself with
an ATM: here you insert your bank card (something you have) and
enter your personal identification number (PIN, something you

Being able to identify yourself to a computer is
absolutely essential:

ATM, e

Access to e
mail, computer accounts,

Access to personal information (e.g., staff or student

computer identification

Bank teller knows you by sight (good).

Bank teller checks your picture against a photo ID

Bank back office compares cheque signature to one on
record (dodgy).

How we identify a human to a computer?

Username/Passwords (common),

Token, e.g. ATM card,

Cryptographic protocols,

Combinations, e.g. token and password,

Biometrics, e.g. face recognition, finger prints, and
retina/iris scans.

Most common identification technique:

Variants: such as “PIN” (number), memorable date,
mothers maiden name.


we are not well
suited to remembering

Especially rarely used ones,

We can also confuse passwords used in similar contexts.

Users reveal passwords to outsiders.

Users reuse passwords.

Users choose “easy to guess” passwords.

Password observed on entry.

Password obtained from system files.

Biometric identification

Passwords are pretty useless at identifying people.

Can we identify them by their properties?

Face, handwriting, retina, DNA, voice, signature, fingerprint…

“How humans identify other humans”.


Voice recognition is cheap,

Eye (iris) scanning is expensive.

User comfort:

Face recognition is nice (look into camera),

DNA matching is not (blood/skin sample).

Theoretical accuracy:

Iris is unique (determined while an embryo),

DNA is shared by identical twins,

Voice can be imitated.

Excluded population:

Voice does not work on mute people,

Fingerprints do not work on amputees,

DNA works on everyone!


Dirty fingers, or sick (cold) for voice.


This is the assurance that the data has not changed since it
was written:

e.g., prevent a potential intruder
middle from changing

Data integrity can be checked using:

A check
, which is a simple error
detection scheme where each
transmitted message is accompanied by a numerical value based on
the number of set bits in the message:

Checked by the receiving station

if different the receiver can assume
that the message has been garbled.

Hash functions
, any one
way function that reduces variable sized
data to a fixed length “hash code”:

If the hashes of two documents differ, then the documents differ.


This is the act of ensuring no one but authorised parties
(who know some secret) can understand the data.

There are two mechanisms used to ensure data
confidentiality, the more common encryption, and

With encryption an algorithm or function (encrypt) that transforms
plain text to

text where the meaning is hidden, but which
can be restored to the original plain text by another algorithm

, on the other hand is where a message is hidden in
another message or image:

It is used when it is necessary to conceal the fact that a secret message is
being transmitted.

Malware, worms, and Trojan horses

spread by email, instant messaging, malicious or infected websites


and zombies

improving their encryption capabilities, more difficult to detect

Scare ware

fake/rogue security software

Attacks on client
side software

browsers, media players, PDF readers, etc.

Ransom attacks

malware encrypts hard drives, or DDOS attack

Social network attacks

Users’ trust in online friends makes these networks a prime target.

Cloud Computing

growing use will make this a prime target for attack.

Web Applications

developed with inadequate security controls

Budget cuts

problem for security personnel and a boon to cyber criminals.

Encryption and Decryption:


is the conversion of data into a form, called a
which cannot be easily understood by unauthorised entities.


is the process of converting encrypted data back into its
original form, so it can be understood.

Most security technologies rely, to some degree, on encryption of
text or data:

For example, encryption is used in the creation of certificates and
digital signatures, for the secure storage of secrets or transport of

Encryption can be anything from a simple process of
substituting one character for another, in which case the key is
the substitution rule, to some complex mathematical algorithm.

Encryption and Decryption:

We assume that the more difficult it is to decrypt the cipher
text, the better.



if the algorithm is too complex and it takes too
long to use, or requires keys that are too large to store
easily, it becomes impractical to use:

Need a balance between the strength of the encryption; that is, how
difficult it is for someone to discover the algorithm and the key, and
ease of use.

There are two main types of encryption in use for computer
security, referred to as



CAs issue digital certificates after verifying that a public
key belongs to a certain owner:

Driving licenses, identification cards and fingerprints are
examples of documentation required.

Some examples of CAs are:

Thank You