Scribd
Upload
16 views

DS&C 01

Data Security and Cryptography

Uploaded by

Aftab Ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views

DS&C 01

Data Security and Cryptography

Uploaded by

Aftab Ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

Data Security & Cryptography

Dr Danish Shehzad
Associate Professor
CS & IT

1
Today’s Lecture
• Introduction
• Course Introduction and Marks Distribution
• Motivation
• Foundations of Security
• Security Levels
• Security Goals
• CNSS Security Model
• ITU-T X.800 “Security Architecture for OSI”
• Model for Network Security

2
Marks distribution
– Quiz: 10
– Assignment: 10
– Mid term exam : 20
– Research Work: 25
– Final exam: 35
– Total: 100

Bonus marks will be given for a real research contribution 

Office#:17
Email-ID: [email protected]
3
Cybersecurity Jobs Report: 3.5
Million Unfilled Positions In 2025

4
Introduction

6
Information Security &
Cryptography
• Information Security, often referred to as InfoSec, refers to the practice of
protecting resources, information and data from unauthorized access, use,
disclosure, disruption, modification, or destruction.

• Cryptography plays a vital role in modern information security and is a


fundamental technology in protecting sensitive data
• Cryptography is the science of secret writing with the goal of hiding the
meaning of message from adversaries.

• Field of information security is a battle of wits:


– Defenders
– Attackers

8
Information Systems
• A healthcare example, from
• http://wiki.ihe.net/images/b/b6/CareManagementDiagram.jpg

• Components:
• Hardware
• Networks
• Software
• Data
• Procedures
• Policies

9
Information Security
Three Foundations Of IT Security
Security Levels
Governmental

Personal Organizational

12
Security Goals
Integrity
• C.I.A.

Confidentiality Availability

13
I. Confidentiality
• Confidentiality is the avoidance of the
unauthorized disclosure of information.
– confidentiality involves the protection of data,
– providing access for those who are allowed to see
it while disallowing others from learning anything
about its content.

14
15
Tools for Confidentiality

1. Encryption: the transformation of information using a secret,


called an encryption key, so that the transformed information
can only be read using another secret, called the decryption key
(which may, in some cases, be the same as the encryption key).

16
Tools for Confidentiality
2. Access control: rules and policies that limit
access to confidential information to those
people and/or systems with a “need to know.”
– This may be determined by identity, such as a
person’s name or a computer’s serial number, or
by a role that a person has, such as being a
manager or a computer security specialist.

17
Tools for Confidentiality
3. Authentication: the determination of the identity or
role that someone has. This determination can be done in
a number of different ways, but it is usually based on a
combination of
– something the person has (like a smart card or a radio key
storing secret keys),
– something the person knows (like a password),
– something the person is (like a human with a fingerprint).

password=ucIb()w1V
mother=Jones
human with fingers pet=Caesar
and eyes
Something you know
Something you are
radio token with
secret keys
Something you have
19
Tools for Confidentiality
4. Authorization: the determination if a person or system is allowed
access to resources, based on an access control policy.
– Such authorizations should prevent an attacker from tricking the
system into letting him have access to protected resources.

5. Virtual Private Networks (VPNs): VPNs create encrypted tunnels


between a user's device and a remote server, ensuring that data
transmitted between them is protected from interception.

6. Physical security: the establishment of physical barriers to limit


access to protected computational resources. It includes
– locks on cabinets and doors,
– placement of computers in windowless rooms,
– use of sound dampening materials,
– construction of buildings or rooms with walls incorporating copper
meshes (called Faraday cages) so that electromagnetic signals cannot
enter or exit the enclosure.
20
Ensuring Confidentiality

• Browser verify that website we are connecting to is


indeed(Really) who it says it is.
– Authentication
• Website might be checking our browser and can we access
that page according to ACP
– Authentication and access control
• Browser may ask the website for encryption key to
encrypt credit card no.
– Encryption
• Finally our credit card no. reaches at server :
– Physical security, access policy, authorization and
authentication to safe credit card no
21
II. Integrity
• Integrity: the property that information has not be altered
in an unauthorized way.
• Techniques
– Backups: the periodic archiving of data.
– Checksums:
• the computation of a function that maps the contents of a file to a
numerical value.
• A checksum function depends on the entire contents of a file and is
designed in a way that even a small change to the input file is highly
likely to result in a different output value.

– Hashing/ Digital Signatures


– Data correcting codes:
• methods for storing data in such a way that small changes can be
easily detected and automatically corrected.
• Apply to small data such as byte or word
• Metadata of the data also need to be protected
22
23
24
III. Availability
• Availability: the property that information is accessible and
modifiable in a timely fashion by those authorized to do so.
• Tools:
– Physical Protections: Infrastructure meant to keep information
available even in the event of physical challenges.
– Computational Redundancies: Computers and storage devices
that serve as fallbacks in the case of failures.
– Automated Monitoring and Alerts: Implement monitoring tools
that continuously track system performance, availability, and
health.
– Virtualization and Cloud Services: Virtualization technologies
allow workloads to be migrated between physical servers
quickly, aiding in maintenance and disaster recovery.

25
26
27
Research Timeline

• 2nd Week Survey Paper Evaluation (2.5)

• 4th Week Research Proposal (5)

• 8th Week Mid Evlaulation/ Implementation (5)

• 15th Week Final Research Paper Evaluation (10)

• Overall Presentations/Documentations (2.5)

Total 25

You might also like