Information security

From Wikiversity
Jump to navigation Jump to search

Information hiding is a process of embedding it in a digital media, and retrieving it back. The major requirements of the process are to be imperceptible, robust, and secure.

The major criteria for data hiding are: The most important, and the most misunderstood topic of this course is the security. It is formed by:

  • Fidelity - how is the data degraded due to embedding
  • Robustness - how is the data protected from flows and manipulations.
  • Payload - the amount of information that can be reliably embedded.

Information hiding methods are different, on basis of the

  • Nature - (audio, video, image, text, software, etc)
  • Robustness, where robust is highly immune, and fragile, meand low-immune.
  • Synchronous/Asynchronous communications.

And upon the type of threat (attacks) which are malicious (intentional) and non-malicious (not intentional)

What to hide[edit | edit source]

The things we are supposed to hide are:

  • Media
  • Software
  • Hardware Design and Implementation details

Why do we hide?[edit | edit source]

  • Protection from malicious use. examples(copyright, watermarking)
  • We want to conceal the existence of information from everyone. examples(encryption, steganography)
  • To avoid the ugly Meta data, data bridging, etc.

The areas of the course[edit | edit source]

  • General Information Theory
  • Signal processing and transforms
  • Game, and Coding theory
  • Cryptography, and Protocols
  • Detection and estimation

Information Theory[edit | edit source]

The most important aspect of the security plans is the understanding of the properties and behaviors of the information to be protected. Information has also identity, by which is can be validated, authenticated and addressed. It stays combined with values until and unauthorized change. The information identity combined with vales is called Information Integrity.Piratesation? is the process of evaluating the degree of protection for various items of importance. However practically nothing is fully guarded. In order to be feasible the plan must have a scope. Security plan has three important parts:

    • Protecting information's core. Since the information is at the core of the model, we coat it with a protective covering called w:cryptography. Cryptography is tightly couples with an information and follows its ways. Authentications are required through the so-called Digital Signatures.
      • The information is too vast, and cannot be narrowed sufficiently to take single set of preventive measures.
      • However different measures can be applied to different pieces of information, making it more manageable. The best model is with outer layers.
      • Information can be replicated cost-effectively, while the entire system cannot. So, data defense requires backup processes
      • Information has mathematical properties and support counter-measures.
    • Strengthening the resources (systems and networks) is the issue, addressed to minimizing the risk that the data will be destroyed, stolen, or altered both "at home" or via network.
    • Authentication of those who can access the information

Cryptographic method layers[edit | edit source]

is a second layers of the encryption model. Cryptography disguises informations to be read by attacker, even is wrongly obtained. Its methods are extremely complex and need great deal of time to be analyzed and broken. Cryptography methods are varied, because once the attackers came up with some method of breaking information - this method should be invalidated. Those methods are improving from time to time, and becoming more complex. General cryptography elements are:

  • Plain text, which is user-generated message.
  • Ciphertext, which is a disguised plain text, the result of cryptography.
  • cryptographic algorithm, which is used to encrypt the plain text
  • encryption key, is a secret which is shared between two or more trusted parties.

Authentication and verification layer[edit | edit source]

it determines, whether the presented information about the accessor? is real. Authentication techniques usually take advantage of the following FOUR factors.

  • Possessing factor - something the user has to issue to the system in order to get access to the information.
  • Biometric factor - some user's identity that is unique (face, fingerprint, DNA)
  • Knowledge fact (something that user may know, in difference of someone's else)
  • Integrity Factor - something that allows user to authenticate factor.

OS Hardening Layer[edit | edit source]

Information System Architecture and design layer[edit | edit source]

Web service protection layer[edit | edit source]

8 Ps of security layer[edit | edit source]

Security Planning[edit | edit source]

Cryptographic Principles and Methods[edit | edit source]

Data to Information[edit | edit source]

information seats at core of model

Abstractions[edit | edit source]

Data Abstraction[edit | edit source]

Metadata[edit | edit source]

the data about data is meta data

Information systems[edit | edit source]

The most important phases of the information system life cycle are:

  • Input, when information is acquired from users.
  • Process, when the information is percepted by the system, and the
  • Output, when the processed information is displayed back to users.
    • Feedback, is a phase that lies on a path from the output back to process. Together with the Process and Output is forms a loop. This loop improves continuously, and is the subject of our course.

Access Methods[edit | edit source]

Information Movement[edit | edit source]

Information Management[edit | edit source]

Mathematical Principles of Cryptography[edit | edit source]

The information must be treated the same, on the binary level. The type of information (whether it is in bits, float, doubles) doesn't have any meaning. The information has binding in order to be encrypted, the binding can be removed only using some cryptographic procedure. All the methods of number theory must be applied to the binding. On today's dates, the encryption, carried on the character level is not capable of generating a code with significant countermeasure.

Symmetrical Key Cryptography[edit | edit source]

This type of cryptography works by having a cipher (and key) which are the same for encryption and decryption.

  • Plain message text, should be coded as a natural language.
  • a ciphertext which is obtained by converting a plain text using an encryption method.
  • Encryption Algorithm, executed by software in order to carry out the cryptographic strategy.
  • Decryption Algorithm is a software that makes a reciprocal function of the encryption algorithm.
  • Both of these processes may use a secret key, which does not have any relation with written text.

Asymmetrical Key Cryptography[edit | edit source]

This type of cryptography works by usually having 2 keys which one encrypts (public) and the other decrypts (private). Its main use is to secure communications such as email or instant messaging. Also in this scheme it can be used to sign messages and files (such as programs) to verify their authenticity with their corresponding public key.

  • Public-key cryptography is the scheme used by this type of cryptography.
    • Diffie–Hellman key exchange is a type of public key cryptography that allows 2 people to communicate their keys over an insecure channel which then later can be used to generate a key for a symmetric key cipher.
  • PGP is a asymmetric key implementation that is used for email and also for the purpose of verifying the autheticity of programs through the use of digital signatures.
  • SSL uses asymmetric encryption for key exchange but symmetric encryption for the actual encryption.

Bibliography[edit | edit source]

Information hiding and watermarking Introduction to basic concepts and techniques. by: Nasir Memon, Polytechnic University.

See also[edit | edit source]