《密码编码学与网络安全-原理与实践_ch01ppt课件》由会员分享,可在线阅读,更多相关《密码编码学与网络安全-原理与实践_ch01ppt课件(24页珍藏版)》请在金锄头文库上搜索。
1、 CryptographyandNetworkSecurityOverview Chapter1 FifthEditionbyWilliamStallingsLectureslidesbyLawrieBrown Chapter0 Reader sGuide Theartofwarteachesustorelynotonthelikelihoodoftheenemy snotcoming butonourownreadinesstoreceivehim notonthechanceofhisnotattacking butratheronthefactthatwehavemadeourposit
2、ionunassailable TheArtofWar SunTzu Roadmap CryptographicalgorithmssymmetricciphersasymmetricencryptionhashfunctionsMutualTrustNetworkSecurityComputerSecurity StandardsOrganizations NationalInstituteofStandards Technology NIST InternetSociety ISOC InternationalTelecommunicationUnionTelecommunicationS
3、tandardizationSector ITU T InternationalOrganizationforStandardization ISO Chapter1 Introduction Thecombinationofspace time andstrengththatmustbeconsideredasthebasicelementsofthistheoryofdefensemakesthisafairlycomplicatedmatter Consequently itisnoteasytofindafixedpointofdeparture OnWar CarlVonClause
4、witz ComputerSecurity theprotectionaffordedtoanautomatedinformationsysteminordertoattaintheapplicableobjectivesofpreservingtheintegrity availabilityandconfidentialityofinformationsystemresources includeshardware software firmware information data andtelecommunications KeySecurityConcepts LevelsofImp
5、act candefine3levelsofimpactfromasecuritybreachLowModerateHigh ExamplesofSecurityRequirements confidentiality studentgradesintegrity patientinformationavailability authenticationservice ComputerSecurityChallenges notsimplemustconsiderpotentialattacksproceduresusedcounter intuitiveinvolvealgorithmsan
6、dsecretinfomustdecidewheretodeploymechanismsbattleofwitsbetweenattacker adminnotperceivedonbenefituntilfailsrequiresregularmonitoringtoooftenanafter thoughtregardedasimpedimenttousingsystem OSISecurityArchitecture ITU TX 800 SecurityArchitectureforOSI definesasystematicwayofdefiningandprovidingsecur
7、ityrequirementsforusitprovidesauseful ifabstract overviewofconceptswewillstudy AspectsofSecurity consider3aspectsofinformationsecurity securityattacksecuritymechanismsecurityservicenotetermsthreat apotentialforviolationofsecurityattack anassaultonsystemsecurity adeliberateattempttoevadesecurityservi
8、ces PassiveAttacks ActiveAttacks SecurityService enhancesecurityofdataprocessingsystemsandinformationtransfersofanorganizationintendedtocountersecurityattacksusingoneormoresecuritymechanismsoftenreplicatesfunctionsnormallyassociatedwithphysicaldocumentswhich forexample havesignatures dates needprote
9、ctionfromdisclosure tampering ordestruction benotarizedorwitnessed berecordedorlicensed SecurityServices X 800 aserviceprovidedbyaprotocollayerofcommunicatingopensystems whichensuresadequatesecurityofthesystemsorofdatatransfers RFC2828 aprocessingorcommunicationserviceprovidedbyasystemtogiveaspecifi
10、ckindofprotectiontosystemresources SecurityServices X 800 Authentication assurancethatcommunicatingentityistheoneclaimedhavebothpeer entity dataoriginauthenticationAccessControl preventionoftheunauthorizeduseofaresourceDataConfidentiality protectionofdatafromunauthorizeddisclosureDataIntegrity assur
11、ancethatdatareceivedisassentbyanauthorizedentityNon Repudiation protectionagainstdenialbyoneofthepartiesinacommunicationAvailability resourceaccessible usable SecurityMechanism featuredesignedtodetect prevent orrecoverfromasecurityattacknosinglemechanismthatwillsupportallservicesrequiredhoweveronepa
12、rticularelementunderliesmanyofthesecuritymechanismsinuse cryptographictechniqueshenceourfocusonthistopic SecurityMechanisms X 800 specificsecuritymechanisms encipherment digitalsignatures accesscontrols dataintegrity authenticationexchange trafficpadding routingcontrol notarizationpervasivesecuritym
13、echanisms trustedfunctionality securitylabels eventdetection securityaudittrails securityrecovery ModelforNetworkSecurity ModelforNetworkSecurity usingthismodelrequiresusto designasuitablealgorithmforthesecuritytransformationgeneratethesecretinformation keys usedbythealgorithmdevelopmethodstodistrib
14、uteandsharethesecretinformationspecifyaprotocolenablingtheprincipalstousethetransformationandsecretinformationforasecurityservice ModelforNetworkAccessSecurity ModelforNetworkAccessSecurity usingthismodelrequiresusto selectappropriategatekeeperfunctionstoidentifyusersimplementsecuritycontrolstoensureonlyauthorisedusersaccessdesignatedinformationorresources Summary topicroadmap standardsorganizationssecurityconcepts confidentiality integrity availabilityX 800securityarchitecturesecurityattacks services mechanismsmodelsfornetwork access security