Information Security

Course Curriculum: Subjects Offered

Information Security

Teaching Scheme

Sr. No. 1

Subject

Teaching Scheme (Hours) Theory Tutorial 2 Practical 0

Credits

Major Elective-I Information Security

Information Security

Evaluation Scheme : Examination

Information Security

Syllabus : Unit-I
            

Cryptography and Data Security Information assurance issues Threats to authentication, privacy and integrity, Generating MD5 hash collisions Approaches to cryptography Symmetric vs. asymmetric ciphers Issues for secret key encryption Public key fixes to secret key problems Hashing and digital signatures Generating and exchanging keys Authentication via key ownership Non-repudiation using digital signatures Digital signatures in the real world Key distribution and management E-voting

Information Security

Syllabus : Unit-II
           

Intrusion Detection Overview Host based intrusion detection systems Network based intrusion detection systems IDS as part of the overall Security System IDS Signatures and Analysis Schemes for Intrusion Detection Systems Anomaly detection Expert Systems Tools for packet analysis and intrusion detection Some intrusion detection tools (Snort, Windump, Ethereal etc.) Case Reports of various attack strategies Implementation Issues Future directions

Information Security

Reference Books


1. Intrusion Detection & Prevention by Carl Endorf, Eugene Schultz, Jim Mellander, Jack Kozio. Mcgraw Hill publication 2. Network Intrusion Detection (3Edition) by Stephen Northcutt and Judy Novak ISBN 0735712654 3. Snort 2.1 Intrusion Detection (Book with CD-ROM) by Jay Beale, Caswell syngress. 4. William Stallings; Cryptography and Network Security, Pearson publication, 4 edition, 2004 5 . William Stallings; Network Secuirty Essentials, Pearson publication, 2005. 6. A. Menezes, P. van Oorschot, and S. Vanstone; Handbook of Applied Cryptography, CRC Press, 1996 -www.cacr.math.uwaterloo.ca/hac

Information Security

Reference Books


Cryptography and Network Security by William Stallings; Pearson publication, 4 edition, 2004  Ch-1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12.1, 12.2, 13 Information Security-Theory and Practice by Dhiren R. Patel, PHI. Assessing network security-Microsoft, PHI, By-Kevin lan, David le blane  Ch-24, 25, 26, 27 Network security Bible  Ch-13,17(pp 568 to 572)

Information Security

Practical Work
        

Implementation of all classical ciphers study of Linux security and Linux commands Algorithm implementation(MD5) Study of NetBIOS and net commands Study of PGP utility URL scan Study of Ethereal (Wire shark) Study of SNORT and SNORT db Study of windump

Information Security

Introduction


Information is the most critical resource for many organizations so it must be protected. Due to the growth of networked data, security attacks have become a dominant problem in practically all information infrastructures. Computer Security: generic name for the collection of tools designed to protect data and to thwart hackers Network Security: measures to protect data during their transmission Internet Security: measures to protect data during their transmission over a collection of interconnected networks

Information Security

10

Introduction (Conti)


Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, and entity/data origin authentication. A Cryptosystem is a general term referring to a set of cryptographic primitives used to provide information security services. Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques that provide information security services. Cryptology is the study of cryptography and cryptanalysis. The name cryptology is a combination of the Greek words cruptos(=hidden) and logos(=study, science). So, the word cryptology literally means the science of secret writing.

Information Security

11

Security Attacks


Any action that compromises the security of information owned by an organization Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems Two types of attacks are there
 

Passive attack Active attack

Information Security

12

Security Attacks (Cont)

Information Security

13

Security Attacks (Cont)


 

Passive attack
Unauthorized reading of a message of a file Traffic analysis

Information Security

14

Security Attacks (Cont)



Passive attacks are very difficult to detect because they do not involve any alternation of the data Typically, the message traffic is sent and received in an apparently normal fashion and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern However, it is feasible to prevent the success of these attacks, usually by means of encryption Thus, the emphasis in dealing with passive attacks is on prevention rather than detection

Information Security

15

Security Attacks (Cont)



Active attacks
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: Masquerade Replay Modification of messages Denial of service

   

Information Security

16

Security Attacks (Cont)

A masquerade takes place when one entity pretends to be a different entity For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.

Information Security

17

Security Attacks (Cont)



Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect

Information Security

18

Security Attacks (Cont)



Modification of message simply means that some portion of a legitimate message is altered, or that message are delayed or reordered, to produce an unauthorized effect The denial of service prevents or inhibits the normal use or management of communications facilities This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance

Information Security

19

Security Attacks (Cont)



Active attacks present the opposite characteristic of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delay caused by them. If the detection has a deterrent effect, it may also contribute to prevention.

Information Security

20

Information Security Objectives


 

Confidentiality or privacy
Keeping information secret from all but those who are authorized to see it Privacy involves protecting data from unauthorized individuals while in transit or in the store When data travels across a network, especially the internet, it may travel through many intermediate organizations and their devices, such as routers During this process, data packets may be intercepted intentionally or accidentally, or misdirected, and privacy can be lost.




Data integrity
Ensuring that information has not been altered by unauthorized or unknown means. Data integrity provides protection against alteration in an unauthorized manner since the time it was created, transmitted, or stored by an authorized source.

Information Security

21

Information Security Objectives (Conti)



Ensuring the integrity of information requires being able to detect corruption or change to even a single bit of transferred or stored data


 

Entity authentication or identification

Conformation of the identity of an entity. Authentication deals with the confirmation of the identity of a user or devices, such as an employee, customer, partner, or a smart card before allowing access to a system or permitting the completion of a transaction.


 

Non-repudiation
Preventing the denial of previous commitments or actions. Non-repudiation requires mechanisms similar to a personal signature on a cheque or contract to prevent the denial of previous commitments or actions.

Information Security

22

Information Security Objectives (Conti)



Additional Information security objectives are: Message authentication: validation of the source of information; also known as data origin authentication Authorization: Transference to another entity of official sanction, to do or be something. Validation: A means to provide timeliness of authorization to use or manipulate information or resources. Access Control: restricting access to resources to privileged entities.

Information Security

23

Information Security Objectives (Conti)



Certification: Endorsement of information by trusted entity. Time-stamping: Recording the time of creation or existence of information. Witnessing: Verifying the creation of existence of information by an entity other than the creator. Receipt: Acknowledgement that information has been received. Conformation: Acknowledgement that services has been provided. Ownership: A means to provide an entity with the legal right to use or transfer a resource to others.

Information Security

24

Information Security Objectives (Conti)



Anonymity: Concealing the identity of an entity involve involved in some process. Revocation: Retraction of certification or authorization. Availability: Assuring the data and system resources are available to authorized parties when needed. Message Privacy: E-mail message or files can be encrypted as a complete unit before transmission, using a utility, or built in browser functions. Channel Privacy: Channel privacy usually requires that data sent and received through the communications channel is encrypted and decrypted at the packet level, regardless of the content.

Information Security

25

Model for Network Security

Information Security

26

Model for Network Security (Conti)



using this model requires us to:

1.

2.

3.

4.

design a suitable algorithm for the security transformation generate the secret information (keys) used by the algorithm develop methods to distribute and share the secret information specify a protocol enabling the principals to use the transformation and secret information for a security service

Information Security

27

Model for Network Access Security

Information Security

28

Model for Network Access Security



using this model requires us to: 1. select appropriate gatekeeper functions to identify users 2. implement security controls to ensure only authorised users access designated information or resources trusted computer systems may be useful to help implement this model

Information Security

29