Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
18 views22 pages

Computer Information Security Basics Part 1

The document covers key management, authentication, and access control in computer information security, detailing processes for securely handling cryptographic keys and verifying user identities. It outlines various types of keys, authentication methods, and access control models, emphasizing the importance of protecting sensitive data from unauthorized access. Additionally, it discusses challenges such as phishing, password fatigue, and insider threats in the context of authentication and access control.

Uploaded by

hamza zahid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views22 pages

Computer Information Security Basics Part 1

The document covers key management, authentication, and access control in computer information security, detailing processes for securely handling cryptographic keys and verifying user identities. It outlines various types of keys, authentication methods, and access control models, emphasizing the importance of protecting sensitive data from unauthorized access. Additionally, it discusses challenges such as phishing, password fatigue, and insider threats in the context of authentication and access control.

Uploaded by

hamza zahid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Computer Information & Security

Lecture 23 to 28
By:
Dr. Asif Aziz Memon
Dawood University of Engineering
and Technology Karachi, Pakistan.
Outline
• Key Management
• Introduction
• Types of Keys
• Authentication and Access Control
• Overview
• Types of Authentication Methods
• Access Control Models
• Techniques for Implementing Access Control
Key Management
Definition: Key management refers to the processes and
techniques used to securely handle cryptographic keys
throughout their lifecycle.

Purpose: Ensure the confidentiality, integrity, and


authenticity of data by securely managing keys.
Key Management
Key Lifecycle:

1. Generation – Creating secure keys.

2. Distribution – Securely transmitting keys to authorized users.

3. Storage – Storing keys in a protected manner.

4. Revocation – Invalidating keys when no longer needed.

5. Destruction – Securely eliminating keys when they are obsolete.


Key Management
Key Lifecycle:

1. Generation – Creating secure keys.

2. Distribution – Securely transmitting keys to authorized users.

3. Storage – Storing keys in a protected manner.

4. Revocation – Invalidating keys when no longer needed.

5. Destruction – Securely eliminating keys when they are obsolete.


Key Management
Types of Keys:

Symmetric Keys:

• Same key used for both encryption and decryption.

• Key management issues: Secure distribution and storage.


Key Management
Types of Keys:

Asymmetric Keys:

• Public and private key pair.

• Public key is shared; private key is kept secret.


Key Management
Types of Keys:

Session Keys:

• Temporary keys used for a single communication session.

Master Keys:

• High-level keys used to derive other keys, often in


hierarchical systems.
Authentication Overview
Definition: Authentication is the process of verifying the
identity of a user, device, or system.

Purpose: Ensures that only authorized users can access


system resources.
Authentication Overview
Methods:

• Something you know (passwords, PINs).

• Something you have (smart cards, tokens).

• Something you are (biometrics).


Authentication Overview

Authentication Process:

1. Identification – Presenting a credential (e.g., username).

2. Verification – Proving the identity (e.g., password,


fingerprint).
Authentication
Types of Authentication Methods:

• Password-Based Authentication:

• The most common method.

• Issues: Weak passwords, phishing, and brute-force


attacks.
Authentication
Types of Authentication Methods:

• Multi-Factor Authentication (MFA):

• Combines two or more authentication factors to increase


security.

• E.g., Password + OTP (One-Time Password) sent via SMS.


Authentication
Types of Authentication Methods:

• Biometric Authentication:

• Uses unique physical characteristics, such as fingerprints,


facial recognition, or retina scans.
Authentication
Types of Authentication Methods:

• Token-Based Authentication:

• Hardware or software tokens that generate time-sensitive


codes.

• Examples: Google Authenticator, RSA SecurID.


Authentication
Types of Authentication Methods:

• Certificate-Based Authentication:

• Uses digital certificates to authenticate users or devices.


Access Control Overview
Definition: Access control involves managing who can access
system resources and what actions they can perform.

Goal: Protect sensitive data from unauthorized access and ensure


users have only the minimum necessary privileges (principle of
least privilege).
Access Control Overview
Access Control Components:

• Subjects: Users, devices, or processes that request access.

• Objects: Resources being accessed (files, databases, etc.).

• Access Control Policies: Rules defining who can access what.


Access Control Models
1. Discretionary Access Control (DAC):
• Access decisions are made by the resource owner.
• Example: File permissions in operating systems (read, write, execute).
2. Mandatory Access Control (MAC):
• Access decisions are made by a central authority based on system-
wide security policies.
• Example: SELinux or Trusted Computing Base (TCB).
Access Control Models
3. Role-Based Access Control (RBAC):
• Access is based on the roles assigned to users, with each role
having specific permissions.
• Example: Administrative, user, and guest roles in a system.
4. Attribute-Based Access Control (ABAC):
• Access decisions are based on attributes of the user, resource, and
environment (e.g., time of day, location).
• Example: Healthcare data systems.
Challenges in Authentication and
Access Control
• Phishing and Social Engineering:
• Techniques to trick users into revealing their authentication
credentials.
• Password Fatigue:
• Difficulty managing many unique passwords.
• Insider Threats:
• Malicious or careless employees who abuse access privileges.
• Scalability:
• Efficiently managing authentication and access control for large
organizations.
• Privacy Concerns:
• Balancing authentication methods (e.g., biometrics) with privacy
rights.
Thank you

You might also like