Scribd
Upload
24 views24 pages

Lecture 1,2,3

This document provides an introduction to information privacy and security. It discusses key concepts like confidentiality, integrity, and availability (CIA model), as well as other important terms like vulnerability, attack, threat, and mechanisms for security. It describes different types of security attacks such as active attacks that modify data and passive attacks that don't harm data but affect confidentiality. Finally, it outlines common security services and methods of defense like encryption, access controls, policies, and physical controls.

Uploaded by

Subhan Ch
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
24 views24 pages

Lecture 1,2,3

This document provides an introduction to information privacy and security. It discusses key concepts like confidentiality, integrity, and availability (CIA model), as well as other important terms like vulnerability, attack, threat, and mechanisms for security. It describes different types of security attacks such as active attacks that modify data and passive attacks that don't harm data but affect confidentiality. Finally, it outlines common security services and methods of defense like encryption, access controls, policies, and physical controls.

Uploaded by

Subhan Ch
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 24

Information Privacy and

Security
Lecture 01,02,03
Introduction

Areesha Sajjad
NCBA&E FLC
Security???
What is security
• Security revolves around CIA
Confidentiality

• Preventing the unauthorized disclosure of sensitive information.


• disclosure could be
• Intentional (Breaking)
• Unintentional (Carelessness)
• Confidentiality VS Privacy
• Privacy:
• Degree to which entity will interact with its environment.
• Privacy is a reason for confidentiality
Integrity

• Goals of integrity (e.g. email)


• Prevention of the modification of information by unauthorized users.
• Prevention of the unauthorized or unintentional modification of information
by authorized users
Availability

• a system’s authorized users have timely and uninterrupted access


• DoS/DDoS
What is Privacy

• Right to Access
• Privileges defined by the owner on the resource.
• Legislations (HIPPA/US Laws/EU laws)
Other Terms

• Vulnerability: An error or weakness in the design, implementation,


or operation of a system
• Attack: A mean of exploiting some vulnerability in a system.
• Threat: An adversary that is motivated and capable of exploiting a
vulnerability.
Attacks, Services and Mechanisms

• Security Attack: Any action that compromises the security of


information.
• Security Mechanism: A mechanism that is designed to detect, prevent,
or recover from a security attack.
• Security Service: A service that enhances the security of data processing
systems and information transfers. A security service makes use of one
or more security mechanisms. E.g., virus detection, firewall, etc.
Security Attacks

• Active attacks ( affects integrity & availability)


• Modifies data
• Passive attacks (Affects confidentiality)
• Don’t harm data
Active Attacks

• Masquerade
• Pretending to be a different entity
Active Attacks
• Replay Attacks (to trick the system into accepting the re transmission
of the data as legitimate one)
Active Attacks
• Denial of service (A denial-of-service (DoS) attack occurs when
legitimate users are unable to access information systems, devices,
or other network resources due to the actions of a malicious cyber
threat actor.)
• Easy to detect
• Hard to prevent
Passive Attacks

• Eavesdropping on transmissions to obtain information


• Release of message contents
• Outsider learns content of transmission
• Traffic analysis
• By monitoring frequency and length of messages, even encrypted, nature of
communication may be guessed (ID, location, session, file transfer)
• Difficult to detect
• Can be prevented
Attackers

• 1. Hacker: The one who is only interested in penetrating into your


system. They do not cause any harm to your system they only get
satisfied by getting access to your system.
• 2. Intruders: These attackers intend to do damage to your system or
try to obtain the information from the system which can be used to
attain financial gain.
• The attacker can place a logical program on your system through the
network which can affect the software on your system. This leads to
two kinds of risks:
• a. Information threat: This kind of threats modifies data on the
user’s behalf to which actually user should not access. Like enabling
some crucial permission in the system.
• b. Service threat: This kind of threat disables the user from
accessing data on the system.
Security Attacks (active and passive, affects CIA)
Security Attacks

• Interruption: This is an attack on availability


• Interception: This is an attack on confidentiality
• Modification: This is an attack on integrity
• Fabrication: This is an attack on authenticity
Security Services

• Confidentiality (privacy)

• Authentication (who created or sent the data)

• Integrity (has not been altered)

• Non-repudiation (cannot deny authenticity of message i.e. signature)

• Access control (prevent misuse of resources)

• Availability
• Denial of Service Attacks
• Virus that deletes files
Methods of Defence

• Encryption
• Software Controls (access limitations in a database, in operating
system protect each user from other users)
• Hardware Controls (smartcard)
• Policies (frequent changes of passwords)
• Physical Controls
Internet RFC Publication Process
Recommended Reading

• Pfleeger, C. Security in Computing. Prentice Hall, 1997.

• Mel, H.X. Baker, D. Cryptography Decrypted. Addison


Wesley, 2001.

You might also like