Basics of Information and Network Security

Basics of Information and Network Security

• In daily life we use information for various purposes and use network for communication and exchange information between different parties.
• In many cases these information are sensitive so we need to take care that only authorized party can get that information.
• For maintaining such privacy we require some mechanism or physical device which ensures that it is safe. Such mechanism or physical devices are known as security system.
• Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.
• This definition of computer security introduces three key objectives that are at the heart of computer security:

1. Confidentiality: It covers two concepts

• Data Confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
• Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

1. Integrity: It covers two concepts

• Data Integrity: Assures that information and programs are changed authorize manner.
• only in a specified and
• System Integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

1. Availability: Assures that systems work promptly and service is not denied to authorize user.

• Unconditionally secure algorithm: An algorithm or an encryption scheme is unconditionally secure if  the attacker cannot obtain the corresponding plaintext from ciphertext no matter how much ciphertext is available.
• Computationally secure algorithm: An encryption scheme is said to be  computationally  secure  if  either of the following criteria is met:
• The cost of breaking the cipher exceeds the value of the encrypted information.
• The time required to break the cipher exceeds the useful lifetime of the information.
• Threat: A potential for violation of security, which exists when there is a
• circumstance, capability,
• action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit vulnerability.