Information Security

CHAPTER ONE
Information security
WHAT IS SECURITY?
 Security is defined as “the quality or state of being secure—to be free
from danger.”
 It is defined as the protection afforded to an automated information
system in order to attain the applicable objectives of preserving the
integrity, availability and confidentiality of information system
resources (includes hardware, software, firmware, information/data,
and telecommunications).
 Security is often achieved by means of several strategies usually
undertaken simultaneously or used in combination with one another.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 2

Information security
 Information security:-the protection of information and its critical
elements including systems and hardware used to store and transmit
that information
 Information Assurance (IA) is the study of how to protect your
information assets from destruction, degradation, manipulation and
exploitation. But also, how to recover should any of those happen.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 3

Information security
Specialized areas of security
 Physical security, which encompasses strategies to protect
people, physical assets, and the workplace from various threats
including fire, unauthorized access, or natural disasters
 Personal security, which overlaps with physical security in the
protection of the people within the organization.
 Operations security, which focuses on securing the organization’s
ability to carry out its operational activities without interruption or
compromise.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 4

Specialized areas of security
 Communications security, which encompasses the protection of
an organization’s communications media, technology, and content,
and its ability to use these tools to achieve the organization’s
objectives.
 Network security, which addresses the protection of an
organization’s data networking devices, connections, and contents,
and the ability to use that network to accomplish the organization’s
data communication functions.
 Information security includes the broad areas of information
security management, computer and data security, and network
security.
COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 5
Security Goals
Confidentiality: This term covers two related concepts:
◦ Data confidentiality: Assures that private or confidential
information is not made available or disclosed to unauthorized
individuals.
◦ Privacy: Assures that individuals control or influence what
information related to them may be collected and stored and by
whom and to whom that information may be disclosed.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 6

Security Goals
Integrity: This term covers two related concepts:
◦ Data integrity: Assures that information and programs are changed
only in a specified and authorized manner.
◦ System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.
Availability: Assures that systems work promptly and service is not
denied to authorized users.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 7

Security Goals
These three concepts form what is often referred to as the CIA triad.
The three concepts embody the fundamental security objectives for
both data and for information and computing services.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 8

Security Goals
 Confidentiality: Preserving authorized restrictions on information
access and disclosure, including means for protecting personal
privacy and proprietary information. A loss of confidentiality is the
unauthorized disclosure of information.
 Integrity: Guarding against improper information modification or
destruction, including ensuring information nonrepudiation and
authenticity. A loss of integrity is the unauthorized modification or
destruction of information.
 Availability: Ensuring timely and reliable access to and use of
information. A loss of availability is the disruption of access to or
use of information or an information system.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 9

Security Goals
 Accountability: The security goal that generates the requirement for
actions of an entity to be traced uniquely to that entity. This supports
nonrepudiation, deterrence, fault isolation, intrusion detection and
prevention, and after-action recovery and legal action.
 Because truly secure systems are not yet an achievable goal, we must be
able to trace a security breach to a responsible party. Systems must keep
records of their activities to permit later forensic analysis to trace
security breaches or to aid in transaction disputes.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 10

SECURITY ATTACKS
 A useful means of classifying security attacks, used both in X.800
and RFC 2828, is in terms of passive attacks and active attacks.
 A passive attack attempts to learn or make use of information from
the system but does not affect system resources. An active attack
attempts to alter system resources or affect their operation.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 11

SECURITY ATTACKS
1. Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring
of, transmissions. The goal of the opponent is to obtain information
that is being transmitted.
Two types of passive attacks are
◦ the release of message contents and
◦ traffic analysis.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 12

SECURITY ATTACKS

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 13

SECURITY ATTACKS
The release of message contents is easily understood. A telephone
conversation, an electronic mail message, and a transferred file may
contain sensitive or confidential information. We would like to
prevent an opponent from learning the contents of these
transmissions.
A second type of passive attack, traffic analysis, is subtler .
Suppose that we had a way of masking the contents of messages or
other information traffic so that opponents, even if they captured the
message, could not extract the information from the message.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 14

SECURITY ATTACKS
The common technique for masking contents is encryption. If we had
encryption protection in place, an opponent still might be able to
observe the pattern of these messages.
The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of
messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 15

SECURITY ATTACKS
Passive attacks are very difficult to detect, because they do not
involve any alteration of the data.
Typically, the message traffic is sent and received in an apparently
normal fashion, and neither the sender nor the receiver is aware that a
third party has read the messages or observed the traffic pattern.
However, it is feasible to prevent the success of these attacks, usually
by means of encryption. Thus, the emphasis in dealing with passive
attacks is on prevention rather than detection.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 16

SECURITY ATTACKS
2. Active attacks
Active attacks involve some modification of the data stream or the
creation of a false stream and can be subdivided into four categories:
masquerade, replay, modification of messages, and denial of service.
◦ A masquerade takes place when one entity pretends to be a different
entity. A masquerade attack usually includes one of the other forms of
active attack. For example, authentication sequences can be captured
and replayed after a valid authentication sequence has taken place, thus
enabling an authorized entity with few privileges to obtain extra
privileges by impersonating an entity that has those privileges.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 17

 Masquerade
COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 18
SECURITY ATTACKS
Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 19

SECURITY ATTACKS
Modification of messages simply means that some portion of a legitimate
message is altered, or that messages are delayed or reordered, to produce
an unauthorized effect.
For example, a message meaning “Allow John Smith to read confidential
file accounts” is modified to mean “Allow Fred Brown to read confidential
file accounts.”

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 20

SECURITY ATTACKS
The denial of service prevents or inhibits the normal use or
management of communications facilities. This attack may have a
specific target; for example, an entity may suppress all messages
directed to a particular destination (e.g., the security audit service).
Another form of service denial is the disruption of an entire network
either by disabling the network or by overloading it with messages so
as to degrade performance.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 21

SECURITY ATTACKS

denial of service

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 22

SECURITY SERVICES
X.800 defines a security service as a service that is provided by a protocol layer
of communicating open systems and that ensures adequate security of the
systems or of data transfers.
Perhaps a clearer definition is found in RFC 2828, which provides the following
definition: A processing or communication service that is provided by a system to
give a specific kind of protection to system resources; security services
implement security policies and are implemented by security mechanisms.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 23

SECURITY SERVICES
A. Authentication
The authentication service is concerned with assuring that a communication is
authentic. In the case of a single message, such as a warning or alarm signal, the
function of the authentication service is to assure the recipient that the message is
from the source that it claims to be from.
In the case of an ongoing interaction, such as the connection of a terminal to a
host, two aspects are involved. First, at the time of connection initiation, the
service assures that the two entities are authentic (that is, that each is the entity
that it claims to be). Second, the service must assure that the connection is not
interfered with in such a way that a third party can masquerade as one of the two
legitimate parties for the purposes of unauthorized transmission or reception.
COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 24
SECURITY SERVICES
B. Access Control
In the context of network security, access control is the ability to
limit and control the access to host systems and applications via
communications links. To achieve this, each entity trying to gain
access must first be identified, or authenticated, so that access rights
can be tailored to the individual.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 25

SECURITY SERVICES
C. Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With
respect to the content of a data transmission, several levels of protection can be
identified. The broadest service protects all user data transmitted between two
users over a period of time. For example, when a TCP connection is set up
between two systems, this broad protection prevents the release of any user data
transmitted over the TCP connection.
Narrower forms of this service can also be defined, including the protection of a
single message or even specific fields within a message. These refinements are
less useful than the broad approach and may even be more complex and
expensive to implement.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 26

SECURITY SERVICES
 The other aspect of confidentiality is the protection of traffic flow
from analysis. This requires that an attacker not be able to observe
the source and destination, frequency, length, or other
characteristics of the traffic on a communications facility.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 27

SECURITY SERVICES
D. Data Integrity
As with confidentiality, integrity can apply to a stream of messages, a single
message, or selected fields within a message. Again, the most useful and
straightforward approach is total stream protection.
A connection-oriented integrity service deals with a stream of messages and
assures that messages are received as sent with no duplication, insertion,
modification, reordering, or replays. The destruction of data is also covered under
this service. Thus, the connection-oriented integrity service addresses both
message stream modification and denial of service.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 28

SECURITY SERVICES
 On the other hand, a connectionless integrity service deals with individual
messages without regard to any larger context and generally provides
protection against message modification only

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 29

SECURITY SERVICES
E. Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a transmitted
message. Thus, when a message is sent, the receiver can prove that the alleged
sender in fact sent the message. Similarly, when a message is received, the sender
can prove that the alleged receiver in fact received the message.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 30

SECURITY MECHANISM
 The security mechanisms defined in X.800.The mechanisms are divided into
those that are implemented in a specific protocol layer, such as TCP or an
application layer protocol, and those that are not specific to any particular
protocol layer or security services.
 X.800 distinguishes between reversible encipherment mechanisms and
irreversible encipherment mechanisms.
 A reversible encipherment mechanism is simply an encryption algorithm that
allows data to be encrypted and subsequently decrypted.
 Irreversible encipherment mechanisms include hash algorithms and message
authentication codes, which are used in digital signature and message
authentication applications.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 31

SECURITY MECHANISM
SPECIFIC SECURITY MECHANISMS
 May be incorporated into the appropriate protocol layer in order to provide
some of the OSI security services.
◦ Encipherment: The use of mathematical algorithms to transform data into a form
that is not readily intelligible. The transformation and subsequent recovery of
the data depend on an algorithm and zero or more encryption keys.
◦ Digital Signature: Data appended to, or a cryptographic transformation of, a data
unit that allows a recipient of the data unit to prove the source and integrity of
the data unit and protect against forgery (e.g., by the recipient).
◦ Access Control: A variety of mechanisms that enforce access rights to resources.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 32

◦ Data Integrity A variety of mechanisms used to assure the integrity of a data unit or stream of
data units.
◦ Authentication Exchange A mechanism intended to ensure the identity of an entity by means
of information exchange.
◦ Traffic Padding The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
◦ Routing Control: Enables selection of particular physically secure routes for certain data and
allows routing changes, especially when a breach of security is suspected.
◦ Notarization: The use of a trusted third party to assure certain properties of a data exchange.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 33

MODEL FOR NETWORK SECURITY
 A message is to be transferred from one party to another across some sort of
Internet service. The two parties, who are the principals in this transaction,
must cooperate for the exchange to take place. A logical information channel
is established by defining a route through the Internet from source to
destination and by the cooperative use of communication protocols (e.g.,
TCP/IP) by the two principals.

Model for Network Security

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 34

MODEL FOR NETWORK SECURITY
 Security aspects come into play when it is necessary or desirable to protect the
information transmission from an opponent who may present a threat to
confidentiality, authenticity, and so on. All of the techniques for providing
security have two components:
• A security-related transformation on the information to be sent. Examples include the
encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be
used to verify the identity of the sender.
• Some secret information shared by the two principals and, it is hoped, unknown to
the opponent. An example is an encryption key used in conjunction with the
transformation to scramble the message before transmission and unscramble it on
reception.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 35

MODEL FOR NETWORK SECURITY
A trusted third party may be needed to achieve secure transmission. For example,
a third party may be responsible for distributing the secret information to the two
principals while keeping it from any opponent. Or a third party may be needed to
arbitrate disputes between the two principals concerning the authenticity of a
message transmission.
This general model shows that there are four basic tasks in designing a particular
security service:
◦ Design an algorithm for performing the security-related transformation. The algorithm should
be such that an opponent cannot defeat its purpose.
◦ Generate the secret information to be used with the algorithm.
◦ Develop methods for the distribution and sharing of the secret information.
◦ Specify a protocol to be used by the two principals that makes use of the security algorithm
and the secret information to achieve a particular security service.
COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 36
MODEL FOR NETWORK SECURITY
Another type of unwanted access is the placement in a computer system of logic
that exploits vulnerabilities in the system and that can affect application programs
as well as utility programs, such as editors and compilers. Programs can present
two kinds of threats:
◦ Information access threats: Intercept or modify data on behalf of users who should not have
access to that data.
◦ Service threats: Exploit service flaws in computers to inhibit use by legitimate users.

Network Access Security Model

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 37

MODEL FOR NETWORK SECURITY
 Viruses and worms are two examples of software attacks. Such attacks can be
introduced into a system by means of a disk that contains the unwanted logic
concealed in otherwise useful software. They also can be inserted into a system
across a network; this latter mechanism is of more concern in network security.
 The security mechanisms needed to cope with unwanted access fall into two
broad categories.
• The first category might be termed a gatekeeper function. It includes password-
based login procedures that are designed to deny access to all but authorized users
and screening logic that is designed to detect and reject worms, viruses, and other
similar attacks. Once either an unwanted user or unwanted software gains access,
◦ The second line of defense consists of a variety of internal controls that monitor
activity and analyze stored information in an attempt to detect the presence of
unwanted intruders.
COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 38
STANDARDS
 Various organizations have been involved in the development or
promotion of different standards. The most important (in the
current context) of these organizations are as follows.
• National Institute of Standards and Technology: NIST is a U.S. federal
agency that deals with measurement science, standards, and technology
related to U.S. government use and to the promotion of U.S. private-sector
innovation. Despite its national scope, NIST Federal Information
Processing Standards (FIPS) and Special Publications (SP) have a
worldwide impact.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 39

STANDARDS
• Internet Society: ISOC is a professional membership society with
worldwide organizational and individual membership. It provides
leadership in addressing issues that confront the future of the Internet
and is the organization home for the groups responsible for Internet
infrastructure standards, including the Internet Engineering Task Force
(IETF) and the Internet Architecture Board (IAB). These organizations
develop Internet standards and related specifications, all of which are
published as Requests for Comments (RFCs).

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 40

Individual Assignment 1 (5%)
 Consider an automated teller machine (ATM) in which users
provide a personal identification number (PIN) and a card for
account access.
• Give examples of confidentiality, integrity, and availability
requirements associated with the system. In each case, indicate the
degree of importance of the requirement.

NB: please don’t share anything your idea should be different as you
are different.

COMPILED BY SELAMU SHIRTAWI SOFTWARE ENGINEERING DEPRATMENT 41