Basic security_ 정리노트

Security에는 3가지 종류가 있다: 

1. Theoretic security : always secure under all circumstance (almost impossible except one time pad)
2. Computational security : practically not feasible to circumvent a service 
3. Based on cost 

Information security 

• def: basis for protecting information assets

Protection measures for info security: 

• Prevention _encryption
• Detection _modification 
• Reaction/ Recovery 

Security goals/ 3 aspects of information protection  ; CIA

1. Confidentiality : prevention of unauthorised disclosure of information 비밀 - We wish to prevent 
2. Integrity           : prevention of unauthorised modification of information. 진실성 - We cannot prevent, best is detection, cannot recover really 
3. Availability       : prevention of unauthorised withholding 밝히다 of information or resources - We cannot prevent, need to detect, ideally recover 

Threat

Security is only desirable when there is a need to protect a system from threat.

Threat - some thing that can possibly go wrong 

Attack - threat actually happening

1. Security threat.      : means by which security policy may be breached (loss of integrity/confidentiality)
2. Countermeasures  : controls to project against threats
3. Vulnerabilities         : weaknesses in the system 
4. Attack                    : realisation of threat (exploiting a vulnerability)

Classification of threat

1. Deliberate
2. Accidental 

Related to CIA threats: 

1. Exposure of data
2. Tampering with data
3. Denial of service

Adversaries 적

Def: people whose aim is to circumvent your security. Intruders also called, but not all adversaries are external to system 

종류: 

1. Active
1. Unauthorised alteration, deletion, transmission, prevention of access to information 
2. Falsification of origin of information 
2. Passive : attempt to get unauthorised access. Don’t touch data, only observe. 

Threat, service, mechanism을 구별할 줄 알아야 한다. 예를 들어 threat이 disclosure일 경우 security service는 confidentiality이고 security mechanism은 encryption이다. 

Security threat	Possible means by which your security goals may be breached e.g.) loss of integrity/ confidentiality  Disclosure
Security service	Measure which can be put in place to address a threat e.g.) provision of confidentiality  Confidentiality -> CIA can be considered as security service
Security mechanism	Means to provide a service  e.g.) encryption, digital signature  Encryption	2 classes:  Specific security mechanisms Pervasive security mechanisms    Algorithms are used to build mechanisms

Authentication	Entity authentication  Origin authentication
Access control	Protection against unauthorised use of resource
Non-repudiation	Non-repudiation of origin: Protects against sender of data denying that data was sent  Non-repudiation of delivery: protects against a receiver of data denying that data was received