Académique Documents
Professionnel Documents
Culture Documents
Forensic Technologies
Security Concepts, Models and
Protocols
Learning Outcome
At the end of this session you should be
able to explain: Basic concepts of security
Several terms in basic security
Title of Slides
Title of Slides
Title of Slides
Security Objectives
Confidentiality: prevent/detect/deter
improper disclosure of information.
Integrity: prevent/detect/deter improper
modification of information.
Availability: prevent/detect/deter improper
denial of access to services.
Title of Slides
Title of Slides
AAA
What is Authentication?
How does it work?
How can it fail?
What is Accounting?
How does it depend on Authentication?
What is its utility?
What is Authorisation?
How does it depend on Authentication?
Where and how do authorization systems work?
Title of Slides
Authentication
The process by which a person or other entity proves
that it is who (or what) it says it is.
Want to authenticate the person or entity that you are
dealing before transferring something valuable, such as
information or money, to or from, it.
Authentication is achieved by presenting some unique
identifying entity to the endpoint that is undertaking the
process:
An example of this process is the way you authenticate yourself
with an ATM: here you insert your bank card (something you
have) and enter your personal identification number (PIN,
something you know).
Module Code and Module Title
Title of Slides
Computer Identification
How we identify a human to a computer?
Username/Passwords (common),
Token, e.g. ATM card,
Cryptographic protocols,
Combinations, e.g. token and password,
Biometrics, e.g. face recognition, finger prints,
and retina/iris scans.
Title of Slides
Passwords
Most common identification technique:
Variants: such as PIN (number), memorable
date, mothers maiden name.
Title of Slides
Vulnerabilities
Title of Slides
Title of Slides
Biometric Identification
Passwords are pretty useless at
identifying people.
Biological authenticators, based on some
physical characteristic of the human body
such as a fingerprint, the pattern of a
person's voice, or a face (picture).
Title of Slides
Authorisation
Is the act of providing the rights to perform some action:
Typically based on what are known as Access Control Lists
(ACLs), which for some set of resources, a list of user names
and their rights are provided.
Title of Slides
Title of Slides
Program-specific permissions:
Allows application-specific restrictions:
(NHS, blood-test.db, SPSS) AIDS/region
Title of Slides
Accounting
Accounting refers to the tracking of the
Title of Slides
Accounting
Typical information that is gathered in
accounting may be:
the identity of the user,
the nature of the service delivered,
when the service began, and when it
ended.
Title of Slides
Trust
Trust is the assured reliance on the character, ability,
strength, or truth of someone or something.
A distributed environment requires explicit statements of
trust, such as:
who is trusted to do what,
Also obligations of all the parties involved in the trust
relationship.
Title of Slides
Integrity
This is the assurance that the data has not changed
since it was written:
e.g., prevent a potential intruder-in-the-middle from changing
messages.
Title of Slides
Confidentiality
This is the act of ensuring no one but authorised parties
(who know some secret) can understand the data.
There are two mechanisms used to ensure data
confidentiality, the more common encryption, and
steganography:
With encryption an algorithm or function (encrypt) that
transforms plain text to cypher text where the meaning is hidden,
but which can be restored to the original plain text by another
algorithm (decrypt).
Steganography, on the other hand is where a message is hidden
in another message or image:
It is used when it is necessary to conceal the fact that a secret
message is being transmitted.
Module Code and Module Title
Title of Slides
Summary
Basic concepts of security
Several terms in basic security
- CIA
- Trust
- AAA
Title of Slides