Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people with bad intention could modify or forge your data, either for amusement or for their own benefit.
Cryptography can reformat and transform our data, making it safer on its trip between computers. The technology is based on the essentials of secret codes, augmented by modern mathematics that protects our data in powerful ways.
- Computer Security – generic name for the collection of tools designed to protect data and to thwart
- Network Security – measures to protect data during their transmission
- Internet Security – measures to protect data during their transmission over a collection of interconnected networks
Security Attacks, Services and Mechanisms
To assess the security needs of an organization effectively, the manager responsible for security needs some systematic way of defining the requirements for security and characterization of approaches to satisfy those requirements. One approach is to consider three aspects of information security:
Security attack – Any action that compromises the security of information owned by an organization.
Security mechanism – A mechanism that is designed to detect, prevent or recover from a security attack.
Security service – A service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and they make use of one or more security mechanisms to provide the service.
Cryptography The art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible, and then re transforming that message back to its original form
Plaintext The original intelligible message
Cipher text the transformed message
Cipher An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods
Key Some critical information used by the cipher, known only to the sender& receiver
Encipher (encode) the process of converting plaintext to cipher text using a cipher and a key
Decipher (decode) the process of converting cipher text back into plaintext using a cipher and a key
Cryptanalysis The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key. Also called code breaking
Cryptology Both cryptography and cryptanalysis
Code An algorithm for transforming an intelligible message into an unintelligible one using a code-book
The classification of security services are as follows:
Confidentiality: Ensures that the information in a computer system a n d transmitted information are accessible only for reading by authorized parties. E.g.: Printing, displaying and other forms of disclosure.
Authentication: Ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false.
Integrity: Ensures that only authorized parties are able to modify computer system assets and transmitted information. Modification includes writing, changing status, deleting, creating and delaying or replaying of transmitted messages.
Non repudiation: Requires that neither the sender nor the receiver of a message be able to deny the transmission.
Access control: Requires that access to information resources may be controlled by or the target system.
Availability: Requires that computer system assets be available to authorized parties when needed.
One of the most specific security mechanisms in use is cryptographic techniques. Encryption or encryption-like transformations of information are the most common means of providing security. Some of the mechanisms are:
- Digital Signature
- Access Control
There are four general categories of attack which are listed below.
An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability e.g., destruction of piece of hardware, cutting of a communication line or Disabling of file management system.
An unauthorized party gains access to an asset. This is an attack on confidentiality. Unauthorized party could be a person, a program or a computer.e.g: wiretapping to capture data in the network, illicit copying of files.
An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity. e.g., changing values in data file, altering a program, modifying the contents of messages being transmitted in a network.
An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. e.g.: insertion of spurious message in a network or addition of records to a file.