Information security
Information hiding is a process of embedding it in a digital media, and retrieving it back. The major requirements of the process are to be imperceptible, robust, and secure.
The major criteria for data hiding are: The most important, and the most misunderstood topic of this course is the security. It is formed by:
- Fidelity - how is the data degraded due to embedding
- Robustness - how is the data protected from flows and manipulations.
- Payload - the amount of information that can be reliably embedded.
Information hiding methods are different, on basis of the
- Nature - (audio, video, image, text, software, etc)
- Robustness, where robust is highly immune, and fragile, meand low-immune.
- Synchronous/Asynchronous communications.
And upon the type of threat (attacks) which are malicious (intentional) and non-malicious (not intentional)
What to hide
editThe things we are supposed to hide are:
- Media
- Software
- Hardware Design and Implementation details
Why do we hide?
edit- Protection from malicious use. examples(copyright, watermarking)
- We want to conceal the existence of information from everyone. examples(encryption, steganography)
- To avoid the ugly Meta data, data bridging, etc.
The areas of the course
edit- General Information Theory
- Signal processing and transforms
- Game, and Coding theory
- Cryptography, and Protocols
- Detection and estimation
Information Theory
editThe most important aspect of the security plans is the understanding of the properties and behaviors of the information to be protected. Information has also identity, by which is can be validated, authenticated and addressed. It stays combined with values until and unauthorized change. The information identity combined with vales is called Information Integrity.Piratesation? is the process of evaluating the degree of protection for various items of importance. However practically nothing is fully guarded. In order to be feasible the plan must have a scope. Security plan has three important parts:
- Protecting information's core. Since the information is at the core of the model, we coat it with a protective covering called w:cryptography. Cryptography is tightly couples with an information and follows its ways. Authentications are required through the so-called Digital Signatures.
- The information is too vast, and cannot be narrowed sufficiently to take single set of preventive measures.
- However different measures can be applied to different pieces of information, making it more manageable. The best model is with outer layers.
- Information can be replicated cost-effectively, while the entire system cannot. So, data defense requires backup processes
- Information has mathematical properties and support counter-measures.
- Strengthening the resources (systems and networks) is the issue, addressed to minimizing the risk that the data will be destroyed, stolen, or altered both "at home" or via network.
- Authentication of those who can access the information
- Protecting information's core. Since the information is at the core of the model, we coat it with a protective covering called w:cryptography. Cryptography is tightly couples with an information and follows its ways. Authentications are required through the so-called Digital Signatures.
Cryptographic method layers
editis a second layers of the encryption model. Cryptography disguises informations to be read by attacker, even is wrongly obtained. Its methods are extremely complex and need great deal of time to be analyzed and broken. Cryptography methods are varied, because once the attackers came up with some method of breaking information - this method should be invalidated. Those methods are improving from time to time, and becoming more complex. General cryptography elements are:
- Plain text, which is user-generated message.
- Ciphertext, which is a disguised plain text, the result of cryptography.
- cryptographic algorithm, which is used to encrypt the plain text
- encryption key, is a secret which is shared between two or more trusted parties.
Authentication and verification layer
editit determines, whether the presented information about the accessor? is real. Authentication techniques usually take advantage of the following FOUR factors.
- Possessing factor - something the user has to issue to the system in order to get access to the information.
- Biometric factor - some user's identity that is unique (face, fingerprint, DNA)
- Knowledge fact (something that user may know, in difference of someone's else)
- Integrity Factor - something that allows user to authenticate factor.
OS Hardening Layer
editInformation System Architecture and design layer
editWeb service protection layer
edit8 Ps of security layer
editSecurity Planning
editCryptographic Principles and Methods
editData to Information
editinformation seats at core of model
Abstractions
editData Abstraction
editMetadata
editThe "data" about data is meta data.
For example, author, date created, date modified and file size are examples of very basic document file metadata. Having the ability to search for a particular element (or elements) of that metadata makes it much easier for someone to locate a specific document.
Information systems
editThe most important phases of the information system life cycle are:
- Input, when information is acquired from users.
- Process, when the information is percepted by the system, and the
- Output, when the processed information is displayed back to users.
- Feedback, is a phase that lies on a path from the output back to process. Together with the Process and Output is forms a loop. This loop improves continuously, and is the subject of our course.
Access Methods
editInformation Movement
editInformation Management
editMathematical Principles of Cryptography
editThe information must be treated the same, on the binary level. The type of information (whether it is in bits, float, doubles) doesn't have any meaning. The information has binding in order to be encrypted, the binding can be removed only using some cryptographic procedure. All the methods of number theory must be applied to the binding. On today's dates, the encryption, carried on the character level is not capable of generating a code with significant countermeasure.
Symmetrical Key Cryptography
editThis type of cryptography works by having a cipher (and key) which are the same for encryption and decryption.
- Plain message text, should be coded as a natural language.
- a ciphertext which is obtained by converting a plain text using an encryption method.
- Encryption Algorithm, executed by software in order to carry out the cryptographic strategy.
- Decryption Algorithm is a software that makes a reciprocal function of the encryption algorithm.
- Both of these processes may use a secret key, which does not have any relation with written text.
Asymmetrical Key Cryptography
editThis type of cryptography works by usually having 2 keys which one encrypts (public) and the other decrypts (private). Its main use is to secure communications such as email or instant messaging. Also in this scheme it can be used to sign messages and files (such as programs) to verify their authenticity with their corresponding public key.
- Public-key cryptography is the scheme used by this type of cryptography.
- Diffie–Hellman key exchange is a type of public key cryptography that allows 2 people to communicate their keys over an insecure channel which then later can be used to generate a key for a symmetric key cipher.
- PGP is a asymmetric key implementation that is used for email and also for the purpose of verifying the autheticity of programs through the use of digital signatures.
- SSL uses asymmetric encryption for key exchange but symmetric encryption for the actual encryption.
Bibliography
editInformation hiding and watermarking Introduction to basic concepts and techniques. by: Nasir Memon, Polytechnic University.
See also
edit- Cyber Security Standards: https://en.wikipedia.org/wiki/Cyber_security_standards
- Web_security_exploits https://en.wikipedia.org/wiki/Category:Web_security_exploits and Cross-site request forgery (CSRF) exploits