Professional Documents
Culture Documents
a)VConfidentiality
b)VAuthentication
c)V Integrity
d)VNon-repudiation
e)VDenial of service
f)V Unauthorized access
Public key cryptography (PKI) along with the digital signature act
sufficiently deal with the first 4 aspects.
c
!
Once the Information security policy & program based on the above
common principles are formulated, it needs to be effectively
implemented & managed.
Virus attacks have an impact on the operational level & not on the
finance & reputation of organization facing the attack.
c
c
BS 7799.
c c
ë
! A Firewall is a system that enforces a security policy framed
by an organization. It is generally placed between an organization͛s
intranet (Trusted Network) & the Internet (un-trusted network).
Firewall is a combination of Hardware & software. It deploys the
company policy to protect corporate networks from outsiders
unauthorized access over the internet. It works by enforcing that all
inbound & outbound traffic needs to necessarily pass through the
firewall so that a particular security policy of the company can be
enforced.
1)V
This requires only one key for encrypting & the same
key is required while decrypting.
Popular algorithm used is known as DES (Digital encryption
standards developed by IBM).
Advantages: Simple & comparatively more efficient.
Limitations:
a)VUseful only where the parties are known to each other.
b)VDifficulties in sharing the keys, especially in large networks.
c)V Does not adhere to digital signature as per IT act 2000.
2)Vï
Here 2 sets of keys
(complementary pair) called private key & public key are involved.
One key (generally Private key) is used for encoding the data
while the complementary key (generally public key) is used for
decoding the data. Each key does one way transformation of data
i.e what one key does to rearrange the original data, only the
other complementary pair key can undo or arrange the data in
original form. They are actually a pair of mathematically related
keys. The owners make their public key available to others, while
the corresponding private keys are kept secret. While sending a
message the sender encrypts / scrambles the data using first the
public key of the person he is sending data to and next he further
encrypts the message using his own private key. The receiver of
the scrambled message can see who has sent him the message
and decode / unscramble the message by first using the public key
of the sender which is available in his directory and next with his
own private key which is kept safely in his smartcard.
ï
a)VEnsures total integrity & confidentiality of the message sent.
b)VNo need to exchange the secret or private keys between the
parties. Hence no risk is involved unlike symmetric
cryptosystems.
!"
The Public key infrastructure enables
users of a un-trusted public network like internet to carry out
transactions like payments through credit card/debit cards in e-
commerce or typing account numbers in e-banking etc securely
using the asymmetric cryptosystem described above. In this
system the public & private keys are obtained & shared through a
trusted third party called Certificate Authority (CA). Further the
PKI provides for a digital certificate that can identify an individual
or an organization and directory services that can store and
whenever necessary revoke the digital certificates and publish the
same on its secured server. The PKI consists of the following main
components:
#
# ! SET protocols use a
system of locks & keys along with certified account ID͛s for both
consumers & merchants. Then through a unique process of encrypting
or scrambling, the information exchanged between the shopper & the
on-line store, SET ensures a payment process that is convenient, private
& most of all secure.
$ ! are 2 examples of SET protocols designed
to enable secure communications across the internet. The S-HTTP
enables the encryption of individual web messages between clients and
servers across the internet. The SSL protocol was developed by
Netscape communications in 1994 to provide secure communications
over the internet. The SSL protocol is able to negotiate encryption keys
as well as authenticate the server and the client before exchanging the
data. Thus it maintains the security & integrity of the transmission
channel by using encryption, authentication and message
authentication codes.