dq After reading chapter 1, compare and contrast two fundamental security design principles. Analyze how these principles and how they impact an orga -

dq
After reading chapter 1, compare and contrast two fundamental security design principles. Analyze how these principles and how they impact an organizations security posture.You must use at least one scholarly resource.

Cryptography and Network Security: Principles and Practice
Eighth Edition
Chapter 1
Information and Network Security Concepts
Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Don't use plagiarized sources. Get Your Custom Assignment on

dq After reading chapter 1, compare and contrast two fundamental security design principles. Analyze how these principles and how they impact an orga

From as Little as $13/Page

Lecture slides prepared for Cryptography and Network Security, 8/e, by William Stallings. Chapter 1, Information and Network Security Concepts.

This book focuses on two broad areas: cryptography and network security. This overview chapter first looks at some of the fundamental principles of security, encompassing both information security and network security. These include the concepts of security attacks, security services, and security mechanisms. Next, the chapter introduces the two areas of cryptography and network security. Finally, the concepts of trust and trustworthiness are examined.
1

Learning Objectives
Describe the key security requirements of confidentiality, integrity, and availability.
Discuss the types of security threats and attacks that must be dealt with and give examples of the types of threats and attacks that apply to different categories of computer and network assets.
Provide an overview of keyless, single-key, and two-key cryptographic algorithms.
Provide an overview of the main areas of network security.
Describe a trust model for information security.
List and briefly describe key organizations involved in cryptography standards.

Cybersecurity (1 of 3)
Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the cyberspace environment and organization and users assets. Organization and users assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyberspace environment.

It would be useful to start this chapter with a definition of the terms cybersecurity, information security, and network security. A reasonably comprehensive definition of cybersecurity is found in ITU-T (International Telecommunication Union Telecommunication Standardization Sector) Recommendation X.1205 (Overview of Cybersecurity, 2014).

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the cyberspace environment and organization and users assets. Organization and users assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyberspace environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and users assets against relevant security risks in the cyberspace environment. The general security objectives comprise the following: availability; integrity, which may include data authenticity and nonrepudiation; and confidentiality.

Cybersecurity (2 of 3)
Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and users assets against relevant security risks in the cyberspace environment. The general security objectives comprise the following: availability; integrity, which may include data authenticity and nonrepudiation; and confidentiality

Cybersecurity (3 of 3)
Information Security
This term refers to preservation of confidentiality, integrity, and availability of information. In addition, other properties, such as authenticity, accountability, nonrepudiation, and reliability can also be involved
Network Security
This term refers to protection of networks and their service from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side effects

As subsets of cybersecurity, we can define the following:

Information security: This term refers to preservation of confidentiality, integrity, and availability of information. In addition, other properties, such as authenticity, accountability, nonrepudiation, and reliability can also be involved.

Network security: This term refers to protection of networks and their service from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side effects.

Cybersecurity encompasses information security, with respect to electronic information, and network security. Information security also is concerned with physical (e.g., paper-based) information. However, in practice, the terms cybersecurity and information security are often used interchangeably.
5

Security Objectives (1 of 2)
The cybersecurity definition introduces three key objectives that are at the heart of information and network security:
Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals
Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed

The cybersecurity definition introduces three key objectives that are at the heart of information and network security:

Confidentiality: This term covers two related concepts:

Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.

Security Objectives (2 of 2)
Integrity: This term covers two related concepts:
Data integrity: Assures that data and programs are changed only in a specified and authorized manner. This concept also encompasses data authenticity, which means that a digital object is indeed what it claims to be or what it is claimed to be, and nonrepudiation, which is assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the senders identity, so neither can later deny having processed the information
System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system
Availability: Assures that systems work promptly and service is not denied to authorized users

Integrity: This term covers two related concepts:

Data integrity: Assures that data (both stored and in transmitted packets) and programs are changed only in a specified and authorized manner. This concept also encompasses data authenticity, which means that a digital object is indeed what it claims to be or what it is claimed to be, and nonrepudiation, which is assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the senders identity, so neither can later deny having processed the information.

System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
7

Figure 1.1 Essential Information and Network Security Objectives

These three concepts form what is often referred to as the CIA triad. The three
concepts embody the fundamental security objectives for both data and for information
and computing services. For example, the NIST standard FIPS 199 (Standards
for Security Categorization of Federal Information and Information Systems ) lists
confidentiality, integrity, and availability as the three security objectives for information
and for information systems. FIPS 199 provides a useful characterization of
these three objectives in terms of requirements and the definition of a loss of security
in each category:

Confidentiality: Preserving authorized restrictions on information access
and disclosure, including means for protecting personal privacy and proprietary
information. A loss of confidentiality is the unauthorized disclosure of
information.

Integrity: Guarding against improper information modification or destruction,
including ensuring information nonrepudiation and authenticity. A loss
of integrity is the unauthorized modification or destruction of information.

Availability: Ensuring timely and reliable access to and use of information.
A loss of availability is the disruption of access to or use of information or an
information system.

Although the use of the CIA triad to define security objectives is well established, some
in the security field feel that additional concepts are needed to present a complete picture (Figure 1.1).
Two of the most commonly mentioned are as follows:

Authenticity: The property of being genuine and being able to be verified and
trusted; confidence in the validity of a transmission, a message, or message
originator. This means verifying that users are who they say they are and that
each input arriving at the system came from a trusted source.

Accountability: The security goal that generates the requirement for actions
of an entity to be traced uniquely to that entity. This supports nonrepudiation,
deterrence, fault isolation, intrusion detection and prevention, and after action
recovery and legal action. Because truly secure systems are not yet an
achievable goal, we must be able to trace a security breach to a responsible
party. Systems must keep records of their activities to permit later forensic
analysis to trace security breaches or to aid in transaction disputes.
8

Computer Security Challenges
Security is not simple
Potential attacks on the security features need to be considered
Procedures used to provide particular services are often counter-intuitive
It is necessary to decide where to use the various security mechanisms
Requires constant monitoring
Is too often an afterthought
Security mechanisms typically involve more than a particular algorithm or protocol
Security is essentially a battle of wits between a perpetrator and the designer
Little benefit from security investment is perceived until a security failure occurs
Strong security is often viewed as an impediment to efficient and user-friendly operation

Computer and network security is both fascinating and complex. Some of the
reasons follow:

1. Security is not as simple as it might first appear to the novice. The requirements
seem to be straightforward; indeed, most of the major requirements
for security services can be given self-explanatory, one-word labels: confidentiality,
authentication, nonrepudiation, or integrity. But the mechanisms used
to meet those requirements can be quite complex, and understanding them
may involve rather subtle reasoning.

2. In developing a particular security mechanism or algorithm, one must always
consider potential attacks on those security features. In many cases, successful
attacks are designed by looking at the problem in a completely different way,
therefore exploiting an unexpected weakness in the mechanism.

3. Because of point 2, the procedures used to provide particular services are
often counterintuitive. Typically, a security mechanism is complex, and it is
not obvious from the statement of a particular requirement that such elaborate
measures are needed. It is only when the various aspects of the threat are
considered that elaborate security mechanisms make sense.

4. Having designed various security mechanisms, it is necessary to decide where
to use them. This is true both in terms of physical placement (e.g., at what points
in a network are certain security mechanisms needed) and in a logical sense
(e.g., at what layer or layers of an architecture such as TCP/IP [Transmission
Control Protocol/Internet Protocol] should mechanisms be placed).

5. Security mechanisms typically involve more than a particular algorithm or
protocol. They also require that participants be in possession of some secret
information (e.g., an encryption key), which raises questions about the creation,
distribution, and protection of that secret information. There also may
be a reliance on communications protocols whose behavior may complicate
the task of developing the security mechanism. For example, if the proper
functioning of the security mechanism requires setting time limits on the transit
time of a message from sender to receiver, then any protocol or network
that introduces variable, unpredictable delays may render such time limits
meaningless.

6. Computer and network security is essentially a battle of wits between a perpetrator
who tries to find holes and the designer or administrator who tries to
close them. The great advantage that the attacker has is that he or she need
only find a single weakness, while the designer must find and eliminate all
weaknesses to achieve perfect security.

7. There is a natural tendency on the part of users and system managers to perceive
little benefit from security investment until a security failure occurs.

8. Security requires regular, even constant, monitoring, and this is difficult in
todays short-term, overloaded environment.

9. Security is still too often an afterthought to be incorporated into a system
after the design is complete rather than being an integral part of the design
process.

10. Many users and even security administrators view strong security as an impediment
to efficient and user-friendly operation of an information system or use of
information.

O S I Security Architecture
Security attack
Any action that compromises the security of information owned by an organization
Security mechanism
A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack
Security service
A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization
Intended to counter security attacks, and they make use of one or more security mechanisms to provide the service

To assess effectively the security needs of an organization and to evaluate and
choose various security products and policies, the manager responsible for security
needs some systematic way of defining the requirements for security and characterizing
the approaches to satisfying those requirements. This is difficult enough in a
centralized data processing environment; with the use of local and wide area networks,
the problems are compounded.

ITU-T Recommendation X.800, Security Architecture for OSI, defines such a
systematic approach. The OSI security architecture is useful to managers as a way
of organizing the task of providing security. Furthermore, because this architecture
was developed as an international standard, computer and communications vendors
have developed security features for their products and services that relate to this
structured definition of services and mechanisms.

For our purposes, the OSI security architecture provides a useful, if abstract,
overview of many of the concepts that this book deals with. The OSI security architecture
focuses on security attacks, mechanisms, and services. These can be defined
briefly as

Security attack: Any action that compromises the security of information
owned by an organization.

Security mechanism: A process (or a device incorporating such a process) that
is designed to detect, prevent, or recover from a security attack.

Security service: A processing or communication service that enhances the
security of the data processing systems and the information transfers of an
organization. The services are intended to counter security attacks, and they
make use of one or more security mechanisms to provide the service.

Threats and Attacks

Threat
A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability.
Attack
An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.

In the literature, the terms threat and attack are commonly used, with the following meanings:

Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

. Attack: Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.

Figure 1.2 Key Concepts in Security (1 of 2)

The following three sections provide an overview of the concepts of attacks, services, and mechanisms. The key concepts that are covered are summarized in Figure 1.2.

Figure 1.2 Key Concepts in Security (2 of 2)

The following three sections provide an overview of the concepts of attacks, services, and mechanisms. The key concepts that are covered are summarized in Figure 1.2.

Security Attacks
A means of classifying security attacks, used both in X.800 and R F C 4949, is in terms of passive attacks and active attacks
A passive attack attempts to learn or make use of information from the system but does not affect system resources
An active attack attempts to alter system resources or affect their operation

A useful means of classifying security attacks, used both in X.800, is in terms of passive attacks and active attacks (Figure 1.2a). A passive attack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation.

Passive Attacks
Are in the nature of eavesdropping on, or monitoring of, transmissions
Goal of the opponent is to obtain information that is being transmitted
Two types of passive attacks are:
The release of message contents
Traffic analysis

Passive attacks are in the nature of eavesdropping on, or monitoring
of, transmissions. The goal of the opponent is to obtain information that is being
transmitted. Two types of passive attacks are the release of message contents and
traffic analysis.

The release of message contents is easily understood. A telephone conversation,
an electronic mail message, and a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent from learning the
contents of these transmissions.

A second type of passive attack, traffic analysis, is subtler. Suppose that we
had a way of masking the contents of messages or other information traffic so that
opponents, even if they captured the message, could not extract the information
from the message. The common technique for masking contents is encryption. If we
had encryption protection in place, an opponent might still be able to observe the
pattern of these messages. The opponent could determine the location and identity
of communicating hosts and could observe the frequency and length of messages
being exchanged. This information might be useful in guessing the nature of the
communication that was taking place.

Passive attacks are very difficult to detect, because they do not involve any
alteration of the data. Typically, the message traffic is sent and received in an apparently
normal fashion, and neither the sender nor receiver is aware that a third party
has read the messages or observed the traffic pattern. However, it is feasible to prevent
the success of these attacks, usually by means of encryption. Thus, the emphasis
in dealing with passive attacks is on prevention rather than detection.

Active Attacks
Involve some modification of the data stream or the creation of a false stream
Difficult to prevent because of the wide variety of potential physical, software, and network vulnerabilities
Goal is to detect attacks and to recover from any disruption or delays caused by them

Masquerade
Takes place when one entity pretends to be a different entity
Usually includes one of the other forms of active attack
Replay
Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect
Data Modification
Some portion of a legitimate message is altered, or messages are delayed or reordered to produce an unauthorized effect
Denial of service
Prevents or inhibits the normal use or management of communications facilities

Active attacks involve some modification of the data stream or the
creation of a false stream and can be subdivided into four categories: masquerade,
replay, modification of messages, and denial of service.

A masquerade takes place when one entity pretends to be a different entity.
A masquerade attack usually includes one of the
other forms of active attack. For example, authentication sequences can be captured
and replayed after a valid authentication sequence has taken place, thus enabling an
authorized entity with few privileges to obtain extra privileges by impersonating an
entity that has those privileges.

Replay involves the passive capture of a data unit and its subsequent retransmission
to produce an unauthorized effect.

Data modification simply means that some portion of a legitimate message is altered,
or that messages are delayed or reordered, to produce an unauthorized effect. For example,
a message stating, Allow John Smith to read confidential file accounts is modified to say,
Allow Fred Brown to read confidential file accounts.

The denial of service prevents or inhibits the normal use or management of
communications facilities. This attack may have a specific target; for
example, an entity may suppress all messages directed to a particular destination
(e.g., the security audit service). Another form of service denial is the disruption
of an entire network, either by disabling the network or by overloading it with
messages so as to degrade performance.

Active attacks present the opposite characteristics of passive attacks. Whereas
passive attacks are difficult to detect, measures are available to prevent their success.
On the other hand, it is quite difficult to prevent active attacks absolutely
because of the wide variety of potential physical, software, and network vulnerabilities.
Instead, the goal is to detect active attacks and to recover from any disruption
or delays caused by them. If the detection has a deterrent effect, it may also
contribute to prevention.
16

Figure 1.3 Security Attacks

Figure 1.3 illustrates the types of attacks in the context of a client/server interaction. A passive attack (Figure 1.3b)
does not disturb the information flow between the client and server, but is able to observe that flow.

A masquerade can take the form of a man-in-the-middle attack (Figure 1.3c). In this type of attack, the attacker intercepts masquerades as the client to the server and as the server to the client. We see specific applications of this attack in defeating key exchange and distribution protocols (Chapters 10 and 14) and in message authentication protocols (Chapter 11). More generally, it can be used to impersonate the two ends of a legitimate communication. Another form of masquerade is illustrated in Figure 1.3d. Here, an attacker is able to access server resources by masquerading as an authorized user.

Data modification may involve a man-in-the middle attack, in which the attacker selectively modifies communicated data between a client and server (Figure 1.3c). Another form of data modification attack is the modification of data residing on a serve or other system after an attacker gains unauthorized access (Figure 1.3d).

Figure 1.3e illustrates the replay attack. As in a passive attack, the attacker does not disturb the information flow between client and server, but does capture client message. The attacker can then subsequently replay any client message to the server.

Figure 1.3d also illustrates denial of service in the context of a client/server environment. The denial of service can take two forms: (1) flooding the server with an overwhelming amount of data; and (2) triggering some action on the server that consumes substantial computing resources.

Authentication (1 of 2)
Concerned with assuring that a communication is authentic
In the case of a single message, assures the recipient that the message is from the source that it claims to be from
In the case of ongoing interaction, assures the two entities are authentic and that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties
Two specific authentication services are defined in X.800:
Peer entity authentication
Data origin authentication

The authentication service is concerned with assuring that a communication is
authentic. In the case of a single message, such as a warning or alarm signal, the
function of the authentication service is to assure the recipient that the message
is from the source that it claims to be from. In the case of an ongoing interaction,
such as the connection of a terminal to a host, two aspects are involved. First,
at the time of connection initiation, the service assures that the two entities are
authentic, that is, that each is the entity that it claims to be. Second, the service
must assure that the connection is not interfered with in such a way that a third
party can masquerade as one of the two legitimate parties for the purposes of
unauthorized transmission or reception.

Two specific authentication services are defined in X.800:

Peer entity authentication: Provides for the corroboration of the identity
of a peer entity in an association. Two entities are considered peers if they
implement to same protocol in different systems; for example two TCP modules
in two communicating systems. Peer entity authentication is provided for
use at the establishment of, or at times during the data transfer phase of, a
connection. It attempts to provide confidence that an entity is not performing
either a masquerade or an unauthorized replay of a previous connection.

Data origin authentication: Provides for the corroboration of the source of a
data unit. It does not provide protection against the duplication or modification
of data units. This type of service supports applications like electronic mail,
where there are no prior interactions between the communicating entities.
18

Authentication (2 of 2)
Peer entity authentication
Provides for the corroboration of the identity of a peer entity in an association. Two entities are considered peers if they implement the same protocol in different systems. Peer entity authentication is provided for use at the establishment of, or at times during the data transfer phase of, a connection. It attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection
Data origin authentication
Provides for the corroboration of the source of a data unit. It does not provide protection against the duplication or modification of data units. This type of service supports applications like electronic mail, where there are no ongoing interactions between the communicating entities

. Peer entity authentication: Provides for the corroboration of the identity of a peer entity in an association. Two entities are considered peers if they implement the same protocol in different systems; for example, two TCP modules in two communicating systems. Peer entity authentication is provided for use at the establishment of, or at times during the data transfer phase of, a connection. It attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection.

Data origin authentication: Provides for the corroboration of the source of a data unit. It does not provide protection against the duplication or modification of data units. This type of service supports applications like electronic mail, where there are no ongoing interactions between the communicating entities.

Access Control
The ability to limit and control the access to host systems and applications via communications links
To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual

In the context of network security, access control is the ability to limit and control
the access to host systems and applications via communications links. To achieve
this, each entity trying to gain access must first be identified, or authenticated, so
that access rights can be tailored to the individual.
20

Data Confidentiality
The protection of transmitted data from passive attacks
Broadest service protects all user data transmitted between two users over a period of time
Narrower forms of service includes the protection of a single message or even specific fields within a message
The protection of traffic flow from analysis
This requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility

Confidentiality is the protection of transmitted data from passive attacks. With
respect to the content of a data transmission, several levels of protection can be
identified. The broadest service protects all user data transmitted between two
users over a period of time. For example, when a TCP connection is set up between
two systems, t

Related Questions:

Related questions