History and Evolution of Information Security
•
Objectives and Properties of Information Security
•
Concepts of Computer Security, Attack and Anti-Attack
•
1.Outlines:
替代加密:将一个信息用一个符号去替代
•
位移加密:
•
• 豪密:
凯撒密码:最早的密码,将字母都后移3位
•
棍子密码Scytale Cipher:
•
2.加密方法
3.Information Hiding/Steganography 隐写术
从经验->科学,依赖密钥
○
The Kerckhoffs' Principle
•
加速enctryption&decryption,cryptography evolved from Manual to Mechanical and Electronic
○ Computers
•
Make it possible to exchange large amount of secret message without sharing any secret key between the sender and receiver
○
RSA加密算法——非对称加密算法:对极大整数做引述分解
○
Public Key Ciphers 公钥密码学
•
区块链,去中心化
○ Internet
•
4.The evolution of Cryptography(密码学)
PCEra: Virus ravages——show off/destroy
•
Internet Era:Hacker, worm and DOS burst out——benefit&monetize
•
5.Computer Security
2017/3/6 10:03
Can't distinguish between the original and the copy;
•
Alteration on digital paper will leave nothing;
•
Digital documents are really easy to delete;
•
Digital Information only depends on binary information;
•
6. Distinctness of computer based information security & paper based information security : The earliest info security?
○
The Landmark event of four evolution of computer security?
○
History of info security and evolution
•
What’s special of computer security?
○
Significance and properties of computer security
•
Three elements of computer security
○
Concepts of computer security: vulnerabilities, threats, attacks, control
○
Ways of computer attack and its classifier
○
Security system, security services, security mechanisms, operational and human issues
○
Concepts, attack and confront of computer security
• BY LSY
Chapter 1 Concepts and Base of Information Security
2017年3月3日 13:26
分区 信安 的第 1 页
System Security depends on the weakest link
○
Comprehensiveness
•
It’s a constant back and forth rising spiral security model
○ Procedural
•
The entire security system is in the process of constantly update, improve and
○
progress Dynamic
•
Have to use multi-level security technologies, method and ways to resolve security
○ risk Hierarchy
•
Security is relative, and no absolute security
○ Relativity
•
7. Chatacteristics of computer security
Concepts of Computer Security Confidentiality 保密性
•
Integrity 完整性
•
Availability 可用性
•
Authenticity 真实性
•
8. 3 elements of computer security:
Is a weakness in the security system
○
Vulnerabilities / 漏洞
•
Is set of circumstances that has the potential to cause loss of harm
○
Threats / 威胁
•
A human or another system can exploit vulnerabilities to initiates an attack
○
Attacks / 攻击
•
Is an action, device, procedure, or technique that removes or reduces the vulnerabilities
○
Control / 控制、对抗措施
•
9.Concepts of computer security
10.Types of security threat
Interruption : availability
•
Interception 信息泄露: Confidentiality
•
Modification : Integrity
•
Fabrication : Authenticity
•
Interception
○
Passive Attack 被动攻击——prevention
•
Active Attack 主动攻击——detect+restore
•
分区 信安 的第 2 页
后三者
○
Active Attack 主动攻击——detect+restore
•
Prevention
•
Detection
•
Recovery
•
11.The Goal
Make sure that the entities of communication is the actual claimed entities, include peer
○
Authentication
•
12.Against security threats
Prevent the unauthorized visit to resource
○
Access control
•
Prevent data leakage, include linked confidentiality, unlinked confidentiality, selected fiel
○
confidentiality and flow confidentiality.
○
Data Confidentiality
•
Make sure the received data is sent from authorized entity, and without modification, insert,
○
Data Integrity
•
entity authentication and data origin authentication.
Prevent repudiation in communication from any entity
○
Non-Repudiation
•
Make sure the availability of service
○
Availability
•
delete and replay.
分区 信安 的第 3 页
