SlideShare una empresa de Scribd logo
1 de 23
Descargar para leer sin conexión
Info security & crypto
Info security & crypto
•Information security means protecting information and information systems from
unauthorized access, use, disclosure, disruption, modification, or destruction
Cryptography (from Greek "hidden, secret") is the practice and study of hiding
information
•Information security is concerned with the confidentiality, integrity and availability
of data regardless of the form the data may take: electronic, print, or other
forms.
•Cryptography is used in applications present in technologically advanced societies;
examples include the security of ATM cards, computer passwords, and
electronic commerce, which all depend on cryptography.
•Information security uses cryptography to transform usable information
into a form that renders it unusable by anyone other than an authorized
user; this process is called encryption
•Encrypted information can be transformed back into its original form by an
authorized user, who possesses the cryptographic key, through the process
of decryption
•Cryptography is used in information security to protect information from
unauthorized users while the information is in transit and storage
•Cryptography provides information security with improved authentication
methods, message digests, digital signatures, and encrypted network
communications
Modern Information Security
• Computer Security
It mainly focuses on shared system, such as time-sharing system and
necessary to provide some tools to protect file and other information stored
on the computer
• Network (Communication) Security
It mainly concerns distributed system, such as internet and its purpose is to
protect the information over the internet
It also focuses on measures to deter, prevent, detect and correct security
violations that involve the transmission of information.
• Confidentiality : Information is accessible only for reading
• Authentication : Information is correctly identified, with an assurance
that identity is not false
• Integrity : Only authorized parties are able to modify computer
system assets and transmitted information
• Nonrepudiation : Both the sender and receiver of message are unable
to deny the transmission.
• Access Control : Requires that access to information resources may be
controlled by or for the target system..
Source Destination
INTERRUPTION
Source Destination
INTERCEPTION
Source Destination
MODIFICATION
Source Destination
FABRICATION
Passive Attacks
Passive threats
Interception
Release of message contents Traffic analysis
Active Attacks
Passive threats
Interruption
(availability)
Fabrication
(authenticity)
Modification
(integrity)
Integrity
Confidentiality
Avaliability
The art or science encompassing the principles and methods of transforming
an intelligible message into unintelligible one, and then retransforming that
message back to original form.
Plaintext
Ciphertext
Cipher
Key
code
Encipher(encode)
Decipher(decode)
Cryptanalysis
Cryptology
World War II brought about many advancements in information security
and mark the beginning of the professional field of information security
German Lorenz cipher machine
The development of digital computers and
electronics after WWII made possible
much more complex ciphers
Many computer ciphers can be charact-
erized by their operation on binary bit
sequences,unlike classical and
mechanical schemes
The Enigma machine, used, in several
variants, by the German military between
the late 1920s and the end of
World War II
Enigma machine
Cryptography, then, not only protects data from theft or alteration, but can
also be used for user authentication. There are, in general, three types of
cryptographic schemes typically used to accomplish these goals
•Secret key cryptography (or symmetric)
•Public-key cryptography (or asymmetric)
•Hash functions,
•In this form single key is used for both encryption and decryption
•The sender uses the key to encrypt the plaintext and sends the ciphertext
to the receiver. The receiver applies the same key to decrypt the message
and recover the plaintext
•Because a single key is used for both functions, secret key cryptography is
also called symmetric encryption
•Secret key cryptography schemes are generally categorized as being
either stream ciphers or block ciphers.
•Stream ciphers operate on a single bit (byte or computer word) at a time
and implement some form of feedback mechanism so that the key is
constantly changing.
• A block cipher is so-called because the scheme encrypts one block of
data at a time using the same key on each block.
• In general, the same plaintext block will always encrypt to the same
ciphertext when using the same key in a block cipher whereas the same
plaintext will encrypt to different ciphertext in a stream cipher.
•PKC depends upon the existence of so-called one-way functions,that
are easy to computer whereas their inverse function is difficult to compute
•It employs two keys that are mathematically related although knowledge
of one key does not allow someone to easily determine the other key
•One key is used to encrypt the plaintext and the other key is used to
decrypt the ciphertext
Hash functions, also called message digests and one-way encryption, are
algorithms that, in some sense, use no key
A fixed-length hash value is computed based upon the plaintext that makes
it impossible for either the contents or length of the plaintext to be
recovered.
Hash algorithms are typically used to provide a digital fingerprint of a file's
contents and are also commonly employed by many operating systems to
encrypt passwords and then, provide a measure of the integrity of a file
Combines all functions to form a secure transmission comprising digital signature and
digital envelope
•Nearly all modern network operating systems employ passwords at the
very least to protect and authenticate users accessing computer and
network resources
•But passwords are not typically kept on a host or server in plaintext, but
are generally encrypted using some sort of hash scheme
•As the passwords are not saved in plaintext on computer systems
precisely,they cannot be easily compromised.
•An even stronger authentication method uses the password to modify a
shared secret between the client and server, but never allows the
password in any form to go across the network.
•PGP can be used to sign or encrypt e-mail messages with the mere
click of the mouse
•Depending upon the version of PGP, the software uses SHA or MD5
for calculating the message hash; CAST, Triple-DES, or IDEA for
encryption; and RSA or DSS/Diffie-Hellman for key exchange and digital
signatures.
•PGP is available as a plug-in for many e-mail clients, such as Claris
Emailer, Microsoft Outlook and Qualcomm Eudora
•Pretty Good Privacy (PGP) is one of today's most widely used public key
cryptography programs, developed by Philip Zimmermann in the early
1990s
•In typical applications workstation are attached to LAN. The user can
reach other hosts, workstations and servers in the same LAN that are
interconnected via bridges and routers.
•Transmissions from station to station is visible on the LAN to all
station. Data is transmitted in the form of packets which contain
source/destination Ids, and other information.
•On this basis, an eavesdropper can monitor and capture traffic
packets. Eavesdropper needs not be a local LAN user; it could be
anyone to whom the LAN offers a dial-up capacity.
•Eavesdropping may also occur in any of the communication links
which provide connectivity to the system
Link Encryption
Each vulnerable communication link is equipped on both end with an
encryption devices
End-to-End Encryption
Data is encrypted only at the source node and decrypted at the destination
node
Problem
Data consists of packets have a header portion and content portion. we can’t
encrypt the header. So the data is secure and the traffic pattern is not
Solution
Use a combination of above two approaches.
QUESTIONS
THANK YOU

Más contenido relacionado

La actualidad más candente

Frsa
FrsaFrsa
Frsa_111
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric keyRajat Tripathi
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
 
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAA QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAijcisjournal
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsHybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsIJNSA Journal
 
Summer report crypto
Summer report cryptoSummer report crypto
Summer report cryptoGaurav Shukla
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniquesMohitManna
 
Rothke Info Security Canada 2007 Final
Rothke   Info Security Canada 2007 FinalRothke   Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalBen Rothke
 
Omlis fact sheet july 2014, Secure Mobile Payments
Omlis fact sheet july 2014, Secure Mobile PaymentsOmlis fact sheet july 2014, Secure Mobile Payments
Omlis fact sheet july 2014, Secure Mobile PaymentsSimon Cairns
 
Enhancement in network security with security
Enhancement in network security with securityEnhancement in network security with security
Enhancement in network security with securityeSAT Publishing House
 
Enhancement in network security with security protocols
Enhancement in network security with security protocolsEnhancement in network security with security protocols
Enhancement in network security with security protocolseSAT Journals
 

La actualidad más candente (18)

Frsa
FrsaFrsa
Frsa
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric key
 
Cryptography
CryptographyCryptography
Cryptography
 
Encrytion ppt
Encrytion pptEncrytion ppt
Encrytion ppt
 
Crypto academy
Crypto academyCrypto academy
Crypto academy
 
Networksecurity1 1
Networksecurity1 1 Networksecurity1 1
Networksecurity1 1
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
 
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAA QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptography
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsHybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
 
Summer report crypto
Summer report cryptoSummer report crypto
Summer report crypto
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniques
 
Rothke Info Security Canada 2007 Final
Rothke   Info Security Canada 2007 FinalRothke   Info Security Canada 2007 Final
Rothke Info Security Canada 2007 Final
 
Omlis fact sheet july 2014, Secure Mobile Payments
Omlis fact sheet july 2014, Secure Mobile PaymentsOmlis fact sheet july 2014, Secure Mobile Payments
Omlis fact sheet july 2014, Secure Mobile Payments
 
Enhancement in network security with security
Enhancement in network security with securityEnhancement in network security with security
Enhancement in network security with security
 
Enhancement in network security with security protocols
Enhancement in network security with security protocolsEnhancement in network security with security protocols
Enhancement in network security with security protocols
 
CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS
 

Destacado (20)

When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)
 
got HW crypto-slides_hardwear
got HW crypto-slides_hardweargot HW crypto-slides_hardwear
got HW crypto-slides_hardwear
 
Hackfest Cracking Crypto Rev 2
Hackfest Cracking Crypto Rev 2Hackfest Cracking Crypto Rev 2
Hackfest Cracking Crypto Rev 2
 
C# chap 1
C# chap 1C# chap 1
C# chap 1
 
Comp hardware Introduction
Comp hardware IntroductionComp hardware Introduction
Comp hardware Introduction
 
Unix intro
Unix introUnix intro
Unix intro
 
Introduction to 80386 microprocessor
Introduction to 80386 microprocessorIntroduction to 80386 microprocessor
Introduction to 80386 microprocessor
 
8086 assembly
8086 assembly8086 assembly
8086 assembly
 
Artificial intel
Artificial intelArtificial intel
Artificial intel
 
Unix1
Unix1Unix1
Unix1
 
Basic
BasicBasic
Basic
 
Php mysql
Php mysqlPhp mysql
Php mysql
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction
Introduction Introduction
Introduction
 
Windows mobile
Windows mobileWindows mobile
Windows mobile
 
Intel80286
Intel80286Intel80286
Intel80286
 
Application service provider [compatibility mode]
Application service provider [compatibility mode]Application service provider [compatibility mode]
Application service provider [compatibility mode]
 
Usb
UsbUsb
Usb
 
Awt and swing in java
Awt and swing in javaAwt and swing in java
Awt and swing in java
 
Booting
BootingBooting
Booting
 

Similar a Info security & crypto

Cryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptxCryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptxSamiDan3
 
Cryptography
CryptographyCryptography
CryptographyJasim Jas
 
Cryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingCryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingSumit Satam
 
A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfYasmine Anino
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture NotesFellowBuddy.com
 
Linux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsxLinux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsxBrenoMeister
 
A+ Update Endpoint Encryption
A+ Update Endpoint EncryptionA+ Update Endpoint Encryption
A+ Update Endpoint EncryptionOSU - East
 
cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptxBisharSuleiman
 
Software for encrypting and decrypting text file powerpointpresentation
Software for encrypting and decrypting text file powerpointpresentationSoftware for encrypting and decrypting text file powerpointpresentation
Software for encrypting and decrypting text file powerpointpresentationRuchika Sinha
 
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docx
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docxRunning Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docx
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docxtodd271
 
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Petar Radanliev
 

Similar a Info security & crypto (20)

chapter 1-4.pdf
chapter 1-4.pdfchapter 1-4.pdf
chapter 1-4.pdf
 
Cryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptxCryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptx
 
Network security
Network securityNetwork security
Network security
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingCryptography : The Art of Secured Messaging
Cryptography : The Art of Secured Messaging
 
A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdf
 
groupWork.pptx
groupWork.pptxgroupWork.pptx
groupWork.pptx
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture Notes
 
Security
SecuritySecurity
Security
 
Linux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsxLinux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsx
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
A+ Update Endpoint Encryption
A+ Update Endpoint EncryptionA+ Update Endpoint Encryption
A+ Update Endpoint Encryption
 
cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptx
 
Crytography
CrytographyCrytography
Crytography
 
Sw2
Sw2Sw2
Sw2
 
Software for encrypting and decrypting text file powerpointpresentation
Software for encrypting and decrypting text file powerpointpresentationSoftware for encrypting and decrypting text file powerpointpresentation
Software for encrypting and decrypting text file powerpointpresentation
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docx
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docxRunning Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docx
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docx
 
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
 

Más de Shehrevar Davierwala

Más de Shehrevar Davierwala (20)

Introduction_Swift
Introduction_SwiftIntroduction_Swift
Introduction_Swift
 
PsudoCode.pptx
PsudoCode.pptxPsudoCode.pptx
PsudoCode.pptx
 
Number System.pptx
Number System.pptxNumber System.pptx
Number System.pptx
 
Java Script (Module 1).pptx
Java Script (Module 1).pptxJava Script (Module 1).pptx
Java Script (Module 1).pptx
 
Website in Clicks Day 2
Website in Clicks Day 2Website in Clicks Day 2
Website in Clicks Day 2
 
Develop Website in Clicks
Develop Website in ClicksDevelop Website in Clicks
Develop Website in Clicks
 
Build Virtual Assistant Using AI
Build Virtual Assistant Using AI Build Virtual Assistant Using AI
Build Virtual Assistant Using AI
 
Build brand reputation using facebook
Build brand reputation using facebookBuild brand reputation using facebook
Build brand reputation using facebook
 
Digital Marketing Session 2
Digital Marketing Session 2Digital Marketing Session 2
Digital Marketing Session 2
 
Learn Digital Marketing : 0 to Hero Day 1
Learn Digital Marketing :  0 to Hero Day 1 Learn Digital Marketing :  0 to Hero Day 1
Learn Digital Marketing : 0 to Hero Day 1
 
Standard template
Standard templateStandard template
Standard template
 
Digital Marketing for Sustainable Business - Afghan Perspective
Digital Marketing for Sustainable Business - Afghan Perspective  Digital Marketing for Sustainable Business - Afghan Perspective
Digital Marketing for Sustainable Business - Afghan Perspective
 
Developing stunning website in clicks - 2
Developing stunning website in clicks - 2Developing stunning website in clicks - 2
Developing stunning website in clicks - 2
 
Developing stunning website in clicks
Developing stunning website in clicksDeveloping stunning website in clicks
Developing stunning website in clicks
 
Google forms for data analysis
Google forms for data analysisGoogle forms for data analysis
Google forms for data analysis
 
Webdesign session1
Webdesign session1Webdesign session1
Webdesign session1
 
Tech talk webtech
Tech talk webtechTech talk webtech
Tech talk webtech
 
Tech talk php_cms
Tech talk php_cmsTech talk php_cms
Tech talk php_cms
 
Ph pbasics
Ph pbasicsPh pbasics
Ph pbasics
 
Java operators
Java operatorsJava operators
Java operators
 

Último

UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 

Último (20)

UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 

Info security & crypto

  • 3. •Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction Cryptography (from Greek "hidden, secret") is the practice and study of hiding information •Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. •Cryptography is used in applications present in technologically advanced societies; examples include the security of ATM cards, computer passwords, and electronic commerce, which all depend on cryptography.
  • 4. •Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption •Encrypted information can be transformed back into its original form by an authorized user, who possesses the cryptographic key, through the process of decryption •Cryptography is used in information security to protect information from unauthorized users while the information is in transit and storage •Cryptography provides information security with improved authentication methods, message digests, digital signatures, and encrypted network communications
  • 5. Modern Information Security • Computer Security It mainly focuses on shared system, such as time-sharing system and necessary to provide some tools to protect file and other information stored on the computer • Network (Communication) Security It mainly concerns distributed system, such as internet and its purpose is to protect the information over the internet It also focuses on measures to deter, prevent, detect and correct security violations that involve the transmission of information.
  • 6. • Confidentiality : Information is accessible only for reading • Authentication : Information is correctly identified, with an assurance that identity is not false • Integrity : Only authorized parties are able to modify computer system assets and transmitted information • Nonrepudiation : Both the sender and receiver of message are unable to deny the transmission. • Access Control : Requires that access to information resources may be controlled by or for the target system..
  • 7. Source Destination INTERRUPTION Source Destination INTERCEPTION Source Destination MODIFICATION Source Destination FABRICATION
  • 8. Passive Attacks Passive threats Interception Release of message contents Traffic analysis Active Attacks Passive threats Interruption (availability) Fabrication (authenticity) Modification (integrity)
  • 10. The art or science encompassing the principles and methods of transforming an intelligible message into unintelligible one, and then retransforming that message back to original form. Plaintext Ciphertext Cipher Key code Encipher(encode) Decipher(decode) Cryptanalysis Cryptology
  • 11. World War II brought about many advancements in information security and mark the beginning of the professional field of information security German Lorenz cipher machine
  • 12. The development of digital computers and electronics after WWII made possible much more complex ciphers Many computer ciphers can be charact- erized by their operation on binary bit sequences,unlike classical and mechanical schemes The Enigma machine, used, in several variants, by the German military between the late 1920s and the end of World War II Enigma machine
  • 13. Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication. There are, in general, three types of cryptographic schemes typically used to accomplish these goals •Secret key cryptography (or symmetric) •Public-key cryptography (or asymmetric) •Hash functions,
  • 14. •In this form single key is used for both encryption and decryption •The sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext •Because a single key is used for both functions, secret key cryptography is also called symmetric encryption
  • 15. •Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers. •Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing. • A block cipher is so-called because the scheme encrypts one block of data at a time using the same key on each block. • In general, the same plaintext block will always encrypt to the same ciphertext when using the same key in a block cipher whereas the same plaintext will encrypt to different ciphertext in a stream cipher.
  • 16. •PKC depends upon the existence of so-called one-way functions,that are easy to computer whereas their inverse function is difficult to compute •It employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key •One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext
  • 17. Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key A fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents and are also commonly employed by many operating systems to encrypt passwords and then, provide a measure of the integrity of a file
  • 18. Combines all functions to form a secure transmission comprising digital signature and digital envelope
  • 19. •Nearly all modern network operating systems employ passwords at the very least to protect and authenticate users accessing computer and network resources •But passwords are not typically kept on a host or server in plaintext, but are generally encrypted using some sort of hash scheme •As the passwords are not saved in plaintext on computer systems precisely,they cannot be easily compromised. •An even stronger authentication method uses the password to modify a shared secret between the client and server, but never allows the password in any form to go across the network.
  • 20. •PGP can be used to sign or encrypt e-mail messages with the mere click of the mouse •Depending upon the version of PGP, the software uses SHA or MD5 for calculating the message hash; CAST, Triple-DES, or IDEA for encryption; and RSA or DSS/Diffie-Hellman for key exchange and digital signatures. •PGP is available as a plug-in for many e-mail clients, such as Claris Emailer, Microsoft Outlook and Qualcomm Eudora •Pretty Good Privacy (PGP) is one of today's most widely used public key cryptography programs, developed by Philip Zimmermann in the early 1990s
  • 21. •In typical applications workstation are attached to LAN. The user can reach other hosts, workstations and servers in the same LAN that are interconnected via bridges and routers. •Transmissions from station to station is visible on the LAN to all station. Data is transmitted in the form of packets which contain source/destination Ids, and other information. •On this basis, an eavesdropper can monitor and capture traffic packets. Eavesdropper needs not be a local LAN user; it could be anyone to whom the LAN offers a dial-up capacity. •Eavesdropping may also occur in any of the communication links which provide connectivity to the system
  • 22. Link Encryption Each vulnerable communication link is equipped on both end with an encryption devices End-to-End Encryption Data is encrypted only at the source node and decrypted at the destination node Problem Data consists of packets have a header portion and content portion. we can’t encrypt the header. So the data is secure and the traffic pattern is not Solution Use a combination of above two approaches.