threats and solutions of information security - confidentiality, integrity and availability hyunsung...
DESCRIPTION
Cyber Security Kyungil University Why Information Security 3 Stand-alone -> Secure enoughTRANSCRIPT
Threats and Solutions of Threats and Solutions of Information SecurityInformation Security
- Confidentiality, Integrity and - Confidentiality, Integrity and AvailabilityAvailability
Hyunsung KimHyunsung Kim
Cyber SecurityKyungil University
IndexIndex
Why Information SecurityWhy Information Security
ThreatsThreats of Information Security of Information Security
SolutionsSolutions of Information Security of Information Security
Example of Internet Banking Example of Internet Banking
Conclusion Conclusion
2
Hacking InformationSecurity
Cyber SecurityKyungil University
Why Information SecurityWhy Information Security
3
http://www.123rf.com/ Stand-alone -> Secure enoughStand-alone -> Secure enough
Cyber SecurityKyungil University
Why Information SecurityWhy Information Security To improve usageTo improve usage
4
=> Multi-user case
To improve connectivityTo improve connectivity=> Networked-computer case
HackingInformationSecurity
Cyber SecurityKyungil University
ThreatsThreats of Information Security of Information Security Definition from Wikipedia Definition from Wikipedia A possible danger that might exploit a vulnerability
to breach security and thus cause possible harm
Threats
5
eavesdropping
traffic analysis
modification
masquerading
replaying
repudiationdenial of service
Cyber SecurityKyungil University
Threats to Integrity
Threats Threats of Information Securityof Information Security
6
eavesdropping
traffic analysis
modification
masquerading
replaying
repudiationdenial of service
Threats to Confidentiality
Threat to Availability
Classification of Threats
Cyber SecurityKyungil University
Solutions Solutions of Information of Information SecuritySecurity
ConfidentialityConfidentiality
7
IntegrityIntegrity
AvailabilityAvailability
Cyber SecurityKyungil University
Solutions Solutions of Information of Information SecuritySecurity ConfidentialityConfidentiality
AttacksAttacks Eavesdropping and traffic analysisEavesdropping and traffic analysis
DefinitionDefinitionA set of rules or a promise that limits access or A set of rules or a promise that limits access or places restrictions on certain types of informationplaces restrictions on certain types of information
SolutionSolutionEncryption, traffic paddingEncryption, traffic padding
8
Function()
Cyber SecurityKyungil University
Solutions Solutions of Information of Information SecuritySecurity IntegrityIntegrity
AttacksAttacks Modification, masquerading, replayingModification, masquerading, replaying and repudiation and repudiation
DefinitionDefinitionInternal consistency or state of being uncorrupted Internal consistency or state of being uncorrupted in electronic datain electronic data
SolutionSolutionEncryption, digital signature, authenticationEncryption, digital signature, authentication
9
Function()
Cyber SecurityKyungil University
Solutions Solutions of Information of Information SecuritySecurity AvailabilityAvailability
AttacksAttacks Denial of serviceDenial of service
DefinitionDefinitionThe degree to which a system is in a specified The degree to which a system is in a specified operable and committable state at the start of a operable and committable state at the start of a missionmission
SolutionSolutionPacket filtering, complex schemesPacket filtering, complex schemes
10
Function()Threshold
Cyber SecurityKyungil University
ExampleExample - Internet Banking - Internet Banking AuthenticationAuthentication
11
Internet
Cyber SecurityKyungil University
ExampleExample - Internet Banking - Internet Banking AuthenticationAuthentication
Threat scenario 1 -> authentication with Threat scenario 1 -> authentication with {ID, PW}{ID, PW}
12
{ ID, PW }
eavesdropping masquerading
Cyber SecurityKyungil University
ExampleExample - Internet Banking - Internet Banking AuthenticationAuthentication
Threat scenario 2 -> authentication with Threat scenario 2 -> authentication with EEkk(ID, PW)(ID, PW)
13
Ek(ID, PW)
eavesdropping
E (ID, PW)k
k
k
replaying modification
Cyber SecurityKyungil University
ExampleExample - Internet Banking - Internet Banking AuthenticationAuthentication
Threat scenario 3 -> authentication with Threat scenario 3 -> authentication with EEkk(ID, PW, (ID, PW, TimeTime))
14
k
k
replayingTimesync
Timesync
other threats
verifier with MACk(Ek(ID, PW, Time))
k
Ek(ID, PW, Time) Function() MACk(Ek(ID, PW, Time))
modification
Ek(ID, PW, Time), MACk(Ek(ID, PW, Time))
Cyber SecurityKyungil University
ExampleExample - Internet Banking - Internet Banking AuthenticationAuthentication
Current usage scenario -> authentication with Current usage scenario -> authentication with CertificateCertificate
15
Certificateuser
Certificateserver
Secret cardDevice auth.
Cyber SecurityKyungil University
Modification
Integrity Masquerading Replaying Repudiation
Eavesdropping Confidentiality
Traffic analysis
ConclusionConclusionThreats Services
16
Denial of service Availability
Encryption, traffic padding
Encryption, digital signature,authentication
Cyber SecurityKyungil University 17