0% found this document useful (0 votes)
28 views16 pages

Lecture 3 Computer Security

Uploaded by

Mick lee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
28 views16 pages

Lecture 3 Computer Security

Uploaded by

Mick lee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Computer

Security

Dr.-Ing. Morice Daudi


13/11/2024 RESEARCH GROUP: INTELLIGENT SYSTEMS 1
Key Security Concepts
Vulnerabilities and Attacks
System resource vulnerabilities may
Be corrupted (loss of integrity)
Become leaky (loss of confidentiality)
Become unavailable (loss of availability)
Attacks are threats carried out and
may be
Passive
Active
Insider
Outsider
Countermeasures
Means used to deal with security attacks
Detect
Prevent
Recover
May result in new vulnerabilities
Goal is to minimize risk given constraints
Threat Consequences
Unauthorized disclosure
Exposure: Sensitive data is directly released to an unauthorized entity.
Interception: An unauthorized entity directly accesses sensitive data in
transit.
Inference: an unauthorized entity indirectly accesses sensitive data by
reasoning from characteristics or byproducts of communications.
Intrusion: An unauthorized entity circumvents system's security
protections.
Deception
Masquerade: An unauthorized entity poses as an authorized entity.
Falsification: False data deceives an authorized entity.
Repudiation: An entity deceives another by falsely denying responsibility
for an act.
Threat Consequences
Disruption
Incapacitation: Prevent/interrupt system operation by
disabling a system component
Corruption: adversely modifying system functions or
data
Obstruction: interrupts delivery of system services by
hindering system operation.
Usurpation
Misappropriation: unauthorized logical or physical
control of a system resource.
Misuse: Causes system to perform a function or
service detrimental to security.
Network Security Attacks
Classify as passive or active
Passive attacks are eavesdropping
Release of message contents
Traffic analysis
Note: Are hard to detect, therefore, one must aim to
prevent
Active attacks modify/fake data
Masquerade
Replay
Modification
Denial of service
Note: Are hard to prevent, one must aim to detect
Security Functional
Requirements
Technical measures:
Access control; identification & authentication
System & communication protection; system &
information integrity
Management controls and procedures
Awareness & training; audit & accountability;
certification, accreditation, & security assessments;
Contingency planning; physical & environmental
protection; planning; personnel security; risk
assessment; systems & services acquisition
User Authentication
User Authentication
Fundamental security building block
Basis of access control & user accountability
Is the process of verifying an identity
claimed by or for a system entity
Has two steps:
Identification - specify identifier
Verification - bind entity (person) and identifier
Means of User Authentication
Four means of authenticating user's identity

Bases on something the individual


Knows - e.g. password, PIN

Possesses - e.g. key, token, smartcard

Is (static biometrics) - e.g. fingerprint, retina

Does (dynamic biometrics) - e.g. voice, sign

Can be used alone or combined


Password Authentication
Something Individual Knows
Widely used user authentication method
User provides name/login and password
System compares password with that saved for
specified login
Authenticates ID of user logging and
That the user is authorized to access system
Determines the user’s privileges
Used in discretionary access control
Password Vulnerabilities
Offline dictionary attack
Specific account attack
Popular password attack
Password guessing against single user
Workstation hijacking
Exploiting user mistakes
Exploiting multiple password use
Electronic monitoring
Token Authentication
Something an individual Possesses
Object user possesses to
authenticate, e.g.
Embossed Card
Magnetic Stripe Card
Memory Card
Smartcard
Memory Card
Store but do not process data
Magnetic stripe card, e.G. Bank card
Electronic memory card
Used alone for physical access
With password/PIN for computer use
Drawbacks of memory cards include:
Need special reader
Loss of token issues
User dissatisfaction
Is (Biometric
Authentication)
Something an individual Is
Authenticate user based on one of
their physical characteristics

You might also like