dc 6 - 1 datacomm john abbott college jpc datacomm security m. e. kabay, phd, cissp director of...
TRANSCRIPT
![Page 1: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/1.jpg)
DC 6 - 1
DATACOMM
John Abbott College JPC
Datacomm SecurityM. E. Kabay, PhD, CISSP
Director of Education, ICSA
President, JINBU Corp
Copyright © 1998 JINBU Corp.
All rights reserved
![Page 2: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/2.jpg)
DC 6 - 2
Datacomm Security
Data Integrity Sources of Error Controlling Errors Other Elements of Security
![Page 3: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/3.jpg)
DC 6 - 3
Data Integrity
Integrity refers to correctness and completeness Switched telephone system has variable quality
– Some virtual circuits are silent– Others are noisy--contain random and non-
random extraneous and transient signals Effects of noise
– Obliterates differences between 0s and 1s– High-frequency transfers especially
susceptible to distortion of signal– Results in data loss
Noise originates in electrical interference– e.g., lightning storms, motors, transmitters
![Page 4: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/4.jpg)
DC 6 - 4
Sources of Error
Options for handling errors Check nothing Error detection with flagging Error detection with request for retransmission Forward error correction (FEC)
– intelligent receiver– detect and correct certain errors
![Page 5: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/5.jpg)
DC 6 - 5
Controlling Errors
Echo Checking Parity Checking Cyclical Parity Hamming Code Checksums Cyclical Redundancy Check
![Page 6: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/6.jpg)
DC 6 - 6
Controlling Errors
Echo Checking Send back all data to host (transmitter) for
comparison with original message Echoplex data transmission on old terminals
sent data to host and then back to display Expensive: at least doubles transmission
time Effectiveness depends on how errors are
detected solely on the host May introduce false positives where terminal
received data OK but return to host had noise Used for critical applications
![Page 7: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/7.jpg)
DC 6 - 7
Controlling Errors
Parity Checking Typically checks every character Add a parity bit to each 7-bit character Even parity
– 0 if even # of 1s in byte– 1 if odd # of 1s in byte
Odd parity– 0 if odd # of 1s in byte– 1 if even # of 1s in byte
Does not permit correction of the error
![Page 8: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/8.jpg)
DC 6 - 8
Controlling Errors
Cyclical Parity Two or more parity bits Permits detection of more types of error than
simple parity check Can have each parity bit depend on specific
bits in byte– E.g., parity bit #1 could check bits 1, 3 & 5
of a 6-bit sequence;– parity bit #2 could check bits 2, 4 & 6 of the
6-bit sequence
![Page 9: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/9.jpg)
DC 6 - 9
Controlling Errors
Hamming Code FEC using 4 parity bits per byte Places parity bits in positions 1, 2, 4 & 8 Data bits in positions 3, 5, 6, 7, 9, 10 & 11 Each data bit is part of the parity calculation
for two or three parity bits Can detect all single-bit errors and exactly
correct the error High overhead (4 parity bits for 7 data bits)
has kept applications rare
![Page 10: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/10.jpg)
DC 6 - 10
Controlling Errors
Checksums Add up the data Append results to data After transmission, recalculate checksum Compare new checksum with transmitted
checksum
![Page 11: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/11.jpg)
DC 6 - 11
Controlling Errors
Cyclical Redundancy Check Similar to checksum Uses more complicated arithmetic; e.g.,
addition, multiplication, division, subtraction Generates a hash total Can ensure that almost all errors, including
multi-bit errors, will be caught Widely used
– client account numbers– telephone and credit card numbers
![Page 12: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/12.jpg)
DC 6 - 12
Other Elements of Security
NIST goals of datacomm: message should be sealed--unmodifiable without authorization sequenced--numbered to prevent loss or
duplication secret--incomprehensible except to
authorized recipient(s) signed--non-repudiable authentication stamped--non-repudiable receipt of message
![Page 13: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/13.jpg)
DC 6 - 13
Datacomm Security
Secure Transmission Facilities Passwords Historical and Statistical Logging Closed User Groups Firewalls Encryption Confidentiality and Authenticity
![Page 14: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/14.jpg)
DC 6 - 14
Secure Transmission Facilities
Transmission media have different vulnerabilities Easiest to tap: wireless & cellular telecomm Easy: twisted pair, coax Possible: satellite and terrestrial microwave Hardest: fibre optic lines
![Page 15: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/15.jpg)
DC 6 - 15
Passwords
Security uses I&A: identification and authentication
Identification depends on user ID Authentication can depend on
– what you know; or– what you have; or both– what you are (or how you do stuff)
Commonest form of authentication is password Other devices include one-time password
generator Call-back devices limit access to known locations
![Page 16: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/16.jpg)
DC 6 - 16
Historical and Statistical Logging Historical:
– record all data passing through device– AKA audit trails
Mainframe systems typically log – all login/logout– file opens/closes & which records changed– device requests (printers, tapes….)
Statistical logging– How long user IDs access specific files– Does not keep record-level detail
![Page 17: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/17.jpg)
DC 6 - 17
Closed User Groups
Set of user IDs that can access information Can also define CUGs on VANs such as
CompuServe ICSA has CUGs for clients taking on-line
courses
![Page 18: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/18.jpg)
DC 6 - 18
Firewalls
Firewall = data filter to examine all inbound and outbound data
Firewall can prevent intruders from gaining access to certain parts (or any) of system
Accept inbound connection only from trusted hosts
Can set up internal firewalls to segregate certain systems from each other; e.g., research computers protected from sales users
Application-level firewalls search data stream for e-mail, database access, file transfers
Firewalls susceptible to IP address spoofing
![Page 19: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/19.jpg)
DC 6 - 19
Encryption
Scramble data using a key and descramble using a key
Key is a secret data sequence
![Page 20: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/20.jpg)
DC 6 - 20
Encryption
Symmetrical algorithms; e.g., DES Problem of key management & distribution Number of key pairs rises as n2
Cleartext Ciphertext
![Page 21: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/21.jpg)
DC 6 - 21
Encryption
Asymmetrical algorithms Keys and algorithms may both be different for
encryption and decryption
![Page 22: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/22.jpg)
DC 6 - 22
Encryption
Public Key Cryptosystem; e.g., PGP Generate 2 keys: keep 1 private, make 2 public Only the other key can decrypt what 1 key
encrypts
![Page 23: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/23.jpg)
DC 6 - 23
Confidentiality and Authenticity To keep message secret, encrypt using
recipient’s public key To prove origin of message, encrypt message
using author’s private key Current applications generally create a
checksum and encrypt it with private key--faster than encrypting entire message
See <http://www.pgp.com> for freeware version of PGP for private use
![Page 24: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/24.jpg)
DC 6 - 24
Encryption: DES
Data Encryption Standard– example of symmetric encryption algorithm– especially useful for storing encrypted data
Cleartext
Key: 7dhHG0(Jd*/89f-0ejf-pt2@...
ENCRYPT Ciphertext
Ciphertext
Key: 7dhHG0(Jd*/89f-0ejf-pt2@...
DECRYPTCleartext
![Page 25: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/25.jpg)
DC 6 - 25
Encryption: PKC Public Key Cryptosystem
– example of asymmetric encryption– especially good for communications and
for digital signatures
Cleartext
Key: 7dhHG0(Jd*/89f-0ejf-pt2@...
ENCRYPT Ciphertext
Ciphertext
Key: fu3f93jgf912=kjh#1sdfjdh1&...
DECRYPTCleartext
![Page 26: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/26.jpg)
DC 6 - 26
Encryption: PKC (cont’d)PGP is an example of the PKC Key generation produces 2 keys Each can decrypt only the ciphertext
produced by the other One is defined as public Other is kept as private
Can easily send a message so only the desired recipient can read it:
– encrypt using the _______________’s_______________ key
– decrypt using the _______________’s_______________ key
![Page 27: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/27.jpg)
DC 6 - 27
Encryption: PKC (cont’d) Signing a document using PKC
This is the original text.
Create message hash
83502758
Unencryptedhash of msg
and encrypt only hashwith private key.
This is the original text.
8u3ofdjghdjc9d_j3$
Encryptedhash of msg
![Page 28: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/28.jpg)
DC 6 - 28
This is the original text.
8u3ofdjghdjc9d_j3$
Encryptedhash of msg
Encryption: PKC (cont’d) Verifying the signature using PKC
Decrypt the hashwith sender’ public key…
Unencryptedhash of msg
83502758
. . . and now create your own hash
83502758
Newly computedhash of msg
. . . and compare the two hashes
SAME = VALID DIGITAL SIGNATURE
![Page 29: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/29.jpg)
DC 6 - 29
Communications Encryption Encrypted messages
– ideally all messages should be encrypted– public messages should be signed digitally
Virtual Private Networks– packets destined for remote network are
encrypted before being sent to remote system
– automatically decrypted upon receipt
![Page 30: DC 6 - 1 DATACOMM John Abbott College JPC Datacomm Security M. E. Kabay, PhD, CISSP Director of Education, ICSA President, JINBU Corp Copyright © 1998](https://reader033.vdocuments.site/reader033/viewer/2022052820/5514729e550346494e8b6128/html5/thumbnails/30.jpg)
DC 6 - 30
Homework
Read Chapter 6 of your textbook in detail, adding to your workbook notes as appropriate.
Review and be prepared to define or expand all the terms listed at the end of Chapter 6 of your textbook (no hand-in required)
Answer all the exercises on pages 128 of the textbook using a computer word-processing program or absolutely legible handwriting (hand in after quiz tomorrow morning)