SlideShare uma empresa Scribd logo

security issue

Transferir como PPT, PDF
JAINIK PATEL
JAINIK PATEL

Security Issue

Educação
1 de 34
Security Issues in Mobile Technology •presented By: - Parmar Pallavi[112343]. Solanki Urmi[112324].
In any defense system, we need to know our enemy. To build an information security system, we need to answer the following question: 1) who is the enemy ? 2) what are the weak links in the system? 3) what needs special protection? 4) To protect our assets from attack, we need to build a security system. How much does the security system cost in terms of money, resource and time? Information Security
Attack A security system is a system to defend our asset from attacks. In the physical world, these attacks are carried at the weak point in the defense system.. Loss can be either 1.Static information asset(static asset). 2.Dynamic asset
Static assets cover a large portion of theasset base. All the databases, files, documents etc. In the computer fall in this category. Example of attacks on static asset are virus deleting files in a computer or jamming a network. Example of an attack on a dynamic asset is the theft of a credit card number while a user is doing a credit card transaction on the web.
Interception:- An unauthorized party gaining access to an asset will be part of this attack. This is an attack on confidentiality like unauthorized copying of files or tapping a conversation between parties. Modification:- An unauthorized party gaining control of an asset and tampering with it is part of this attack. This is an attack on integrity like changing the content of a message being transmitted through the network Attack on dynamic asset can be of following type
Febrication:- An unauthorized party inserts counterfeited objects into the system. For example , impersonating someone and inserting a spurious message in network. Interruption:- An asset is destroyed or made unusable. This is an attack on availibility. this attack can be on a static assent or a dynamic asset. An example could be cutting a communication line or making the router so busy that a user cannot use a server in a network
Forcenturies,informationsecurity was synonymous with secrecy. The art of keeping a message secret was to encrypt the message and thus hide from others getting to know of it. Thereare six types component of information security are as follows: 1) Confidentiality 2) Availability 3) Integrity 4) Non-repudiation 5) Authorization 6) Trust 7) Accounting
Confidentiality (privacy):- isthe property where the information is kept secret so that unauthorized person cannot get at the information. integrity:- Integrity is to ensure the integrity of the message. Authorization:- It deals with privileges(authority). In any transaction, there is a subject (a person) and an object(data items or file).The subject wants some function to be performed ononthe objects.
Availability (obtainment):- media management is not within the scope of security protocols and algorithms. Media management is needed to ensure a availability of service. Trust :- Trust involves developing a security trust-based security management is necessary. Trust involves developing a securitypolicy,assigningcredentials(identity card) toentities,verifyingthat the credentials fulfill the policy.
Accounting :- It is the process by which the usage of the service is metered. Based upon the usage, the service provider collects the feeeitherdirectly from the customer or through the home network.
In a symmetric key cryptography, the same key is used for both encryption and decryption. This is like a lock where the same key is used to lock and unlock In this type of encryption , the key is secret and known only to the encrypting (sender) and decrypting(receiver) parties. Therefore, it is also known as a secret key algorithm. Some authors refer to symmetric key cryptography as shared key...because the same key is shared between the sender and the receiver of the message.
In a symmetric cryptography, there are four components. 1) plaintext, 2) encryption/decryption algorithm, 3) secret key (key for encryption and decryption), 4)ciphertext.
The most popular symmetric key algorithms are: 1) DES : Data Encryption Standard, this algorithm is the most widely used, researched and has had the longest life so far. 2) 3DES: This is the modification DES. In This algorithm, DES Is used 3 times in succession 3) AES: Advances Encryption Standard, this is the current accepted standard for encryption by FIPS(Federal Information Processing Standards) of USA. 4) Skip jack: this is a token-bases algorithm used by defense personnel in the US.
In symmetric key encryption we use the same key for both encryption and decryption. In public key cryptography we use the different keys, one key for encryption and a different key for decryption. As there are two different keys used, this is also called asymmetric key cryptography. Public key cryptosystem is based on mathematical functions rather than permutation and substitution.
There are six components: 1) plain Text: This is the human readable message or data given to the public key algorithm as input for encryption 2)Ciphertext:- This is a unique data and depends only on the unique key used for encryption. 3) Encryption Algorithm :- This is the algorithm that does computation and various transformation on the inputpalintext. 4) Decryption algorithm :- This algorithm does the reverse function of the encryption algorithm. 5) Public key :- This is one of the keys from the key pair. This key is made public for anybody toaccess.Thiskey is either used for encryption and decryption. 6) Private key :- This is called the privatekey,becausethe key is secret..
Hashing function are one-way functions used for message digests. Hash function takes input data of any size and give the output of the fixed size. The outputs are collision (clash)free. This means that two different inputs will not produce the same output. The most commonly used hash functions are MD5 AND SHA-1.
MD5 MD5 is stands for Message Digest version 5. The MD5 algorithm is an extension of the MD4 message – digest algorithm and is slower than MD4. The algorithm can also 512 bits of the input message in blocks.
SHA Algorithm SHA stands for Secure Hash Algorithm. It was developed by the NIST(National Institute of Standard and Technology). SHA was first published in 1993. Later in, 1995, a revised version of the algorithm was published as SHA-1. SHA processes input in 512 bits block and produces 160 bits of output. Like MD5 ,SHA-1 is also based on MD4 algorithm.
MAC stands for Message Authentication Code. it is used to integrity check the message. A secret key is used to generate a small fixed size data block from the message. Both the sender and the receiver share the same secret key for MAC. When the sender has a message to be sent to the receiver, the message is sent along with the MAC. The receiver receives themessage;andcalculate the MAC from the message and the shared key. The receiver checks the MAC received from the sender. if they are the same, the message is considered to be in perfect state.
Security Protocol We need to device protocols that will use these algorithms in such a fashion that vulnerabilities are eliminated and security is ensured. There are many protocols for secured communication.
The most popular protocol is SSL(Secure Socket Layer). SSL was originally developed by Netscape. The Internet standars for TLS (Transport Layer Security) and WTLS(wireless Transport Layer Security) have been derives from the SSL protocol.
Security Socket Layer (SSL) SSL protocol is used to provide security of data over public networks like Internet. it runs above the TCP/IP protocol layer and below higher level protocols such as HTTP. SSL allows both machines(server and client) to establish a secured encrypted channel
•Public-key encryption provides better authentication techniques. •Symmetric key encryption is much faster than the public key encryption. •An SSL session begins with SSL handshake. •SSL handshake allow the server to authenticate itself to the client using public-key techniques.
•SSL handshake also allow the client o authenticate itself to the server. •It then allows the client and server to cooperate in the creation of symmetric key. •It then uses this shared key for payload encryption, decryption and tamper detection the session that follows.
TLS Transport Layer Security or TLS in short is a security protocol to offer secure communication at the transport layer. TLS protocol is the Internet standard and based on the SSL 3.0 protocol specification. The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications. At the lower levels, TLS uses TCP transport protocol. The TLS protocol is composed of two layers: the TLS Handshake protocol and the TLS Record Protocol.
WTLS oThe transport layer security protocol in the WAP architecture is called the Wireless Transport Layer Security. oWTLS provide functionality similar to TLS 1.0 and in corporates new feature such as datagram support, optimized handshake and dynamic key refreshing. oThe WTLS layer operates above the transport protocol layer similar to TLS.
oWTLS provides an interface for creating and terminating secure connections. oThe primary goal of the WTLS layer is to provide, data integrity and authentication between two communicating applications.
Thank You

Recomendados

2
22
2
Ankit Anand
 
Client server computing in mobile environments
Client server computing in mobile environmentsClient server computing in mobile environments
Client server computing in mobile environments
Praveen Joshi
 
Distributed Computing Report
Distributed Computing ReportDistributed Computing Report
Distributed Computing Report
IIT Kharagpur
 
Distributed Systems - Information Technology
Distributed Systems - Information TechnologyDistributed Systems - Information Technology
Distributed Systems - Information Technology
Sagar Mehta
 
Distributed architecture (SAD)
Distributed architecture (SAD)Distributed architecture (SAD)
Distributed architecture (SAD)
Khubaib Ahmad Kunjahi
 
Introduction to distributed system
Introduction to distributed systemIntroduction to distributed system
Introduction to distributed system
ishapadhy
 
Implementation of Agent Based Dynamic Distributed Service
Implementation of Agent Based Dynamic Distributed ServiceImplementation of Agent Based Dynamic Distributed Service
Implementation of Agent Based Dynamic Distributed Service
CSCJournals
 
Data management issues
Data management issuesData management issues
Data management issues
Neha Bansal
 

Recomendados

2
22
2
Ankit Anand
 
Client server computing in mobile environments
Client server computing in mobile environmentsClient server computing in mobile environments
Client server computing in mobile environments
Praveen Joshi
 
Distributed Computing Report
Distributed Computing ReportDistributed Computing Report
Distributed Computing Report
IIT Kharagpur
 
Distributed Systems - Information Technology
Distributed Systems - Information TechnologyDistributed Systems - Information Technology
Distributed Systems - Information Technology
Sagar Mehta
 
Distributed architecture (SAD)
Distributed architecture (SAD)Distributed architecture (SAD)
Distributed architecture (SAD)
Khubaib Ahmad Kunjahi
 
Introduction to distributed system
Introduction to distributed systemIntroduction to distributed system
Introduction to distributed system
ishapadhy
 
Implementation of Agent Based Dynamic Distributed Service
Implementation of Agent Based Dynamic Distributed ServiceImplementation of Agent Based Dynamic Distributed Service
Implementation of Agent Based Dynamic Distributed Service
CSCJournals
 
Data management issues
Data management issuesData management issues
Data management issues
Neha Bansal
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed System
Sunita Sahu
 
05_system architecture
05_system architecture05_system architecture
05_system architecture
Jadavsejal
 
Ch12
Ch12Ch12
Ch12
phanleson
 
Distributed System ppt
Distributed System pptDistributed System ppt
Distributed System ppt
OECLIB Odisha Electronics Control Library
 
Client server architecture
Client server architectureClient server architecture
Client server architecture
RituBhargava7
 
1. Overview of Distributed Systems
1. Overview of Distributed Systems1. Overview of Distributed Systems
1. Overview of Distributed Systems
Daminda Herath
 
Distributed system
Distributed systemDistributed system
Distributed system
अङ्किता त्रिपाठी
 
Client Server Architecture1
Client Server Architecture1Client Server Architecture1
Client Server Architecture1
Bosch Software Innovations
 
04 Client Server Computing
04 Client Server Computing04 Client Server Computing
04 Client Server Computing
Laguna State Polytechnic University
 
Distributed network
Distributed networkDistributed network
Distributed network
Dhani Ahmad
 
Client Server Computing : unit 1
Client Server Computing : unit 1Client Server Computing : unit 1
Client Server Computing : unit 1
THIRUNEELAKANDAN ARCHUNAN
 
improve cloud security
improve cloud securityimprove cloud security
improve cloud security
Balkees Shereek
 
3 Tier Architecture
3 Tier Architecture3 Tier Architecture
3 Tier Architecture
guestd0cc01
 
An approach of software engineering through middleware
An approach of software engineering through middlewareAn approach of software engineering through middleware
An approach of software engineering through middleware
IAEME Publication
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
Bharat Kalia
 
Client Server Computing Slides by Puja Dhar
Client Server Computing Slides by Puja DharClient Server Computing Slides by Puja Dhar
Client Server Computing Slides by Puja Dhar
puja_dhar
 
Components of client server application
Components of client server applicationComponents of client server application
Components of client server application
Ashwin Ananthapadmanabhan
 
Mobile agents
Mobile agentsMobile agents
Mobile agents
Santosh Pandey
 
Distributed System-Multicast & Indirect communication
Distributed System-Multicast & Indirect communicationDistributed System-Multicast & Indirect communication
Distributed System-Multicast & Indirect communication
MNM Jain Engineering College
 
1. intro
1. intro1. intro
1. intro
khoahuy82
 
Mobile Computing
Mobile ComputingMobile Computing
Mobile Computing
JAINIK PATEL
 
MMS Introduction
MMS IntroductionMMS Introduction
MMS Introduction
mamahow
 

Mais conteúdo relacionado

Mais procurados

1. Overview of Distributed Systems
1. Overview of Distributed Systems1. Overview of Distributed Systems
1. Overview of Distributed Systems
Daminda Herath
 

Mais procurados (20)

Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed System
 
05_system architecture
05_system architecture05_system architecture
05_system architecture
 
Ch12
Ch12Ch12
Ch12
 
Distributed System ppt
Distributed System pptDistributed System ppt
Distributed System ppt
 
Client server architecture
Client server architectureClient server architecture
Client server architecture
 
1. Overview of Distributed Systems
1. Overview of Distributed Systems1. Overview of Distributed Systems
1. Overview of Distributed Systems
 
Distributed system
Distributed systemDistributed system
Distributed system
 
Client Server Architecture1
Client Server Architecture1Client Server Architecture1
Client Server Architecture1
 
04 Client Server Computing
04 Client Server Computing04 Client Server Computing
04 Client Server Computing
 
Distributed network
Distributed networkDistributed network
Distributed network
 
Client Server Computing : unit 1
Client Server Computing : unit 1Client Server Computing : unit 1
Client Server Computing : unit 1
 
improve cloud security
improve cloud securityimprove cloud security
improve cloud security
 
3 Tier Architecture
3 Tier Architecture3 Tier Architecture
3 Tier Architecture
 
An approach of software engineering through middleware
An approach of software engineering through middlewareAn approach of software engineering through middleware
An approach of software engineering through middleware
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
Client Server Computing Slides by Puja Dhar
Client Server Computing Slides by Puja DharClient Server Computing Slides by Puja Dhar
Client Server Computing Slides by Puja Dhar
 
Components of client server application
Components of client server applicationComponents of client server application
Components of client server application
 
Mobile agents
Mobile agentsMobile agents
Mobile agents
 
Distributed System-Multicast & Indirect communication
Distributed System-Multicast & Indirect communicationDistributed System-Multicast & Indirect communication
Distributed System-Multicast & Indirect communication
 
1. intro
1. intro1. intro
1. intro
 

Destaque

MMS Introduction
MMS IntroductionMMS Introduction
MMS Introduction
mamahow
 
10 Slides to SMS
10 Slides to SMS10 Slides to SMS
10 Slides to SMS
seanraz
 
Need For Ethical & Security Issue In It
Need For Ethical & Security Issue In ItNeed For Ethical & Security Issue In It
Need For Ethical & Security Issue In It
Sonali Srivastava
 

Destaque (19)

Mobile Computing
Mobile ComputingMobile Computing
Mobile Computing
 
MMS Introduction
MMS IntroductionMMS Introduction
MMS Introduction
 
Issue with Internet in college (Computer Security and Cyber Law)
Issue with Internet in college (Computer Security and Cyber Law)Issue with Internet in college (Computer Security and Cyber Law)
Issue with Internet in college (Computer Security and Cyber Law)
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud Computing
 
MMS presentation
MMS presentationMMS presentation
MMS presentation
 
Journal of Network Security vol 4 issue 3
Journal of Network Security vol 4 issue 3Journal of Network Security vol 4 issue 3
Journal of Network Security vol 4 issue 3
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Mobile Messaging - Part 5 - Mms Arch And Transactions
Mobile Messaging - Part 5 - Mms Arch And TransactionsMobile Messaging - Part 5 - Mms Arch And Transactions
Mobile Messaging - Part 5 - Mms Arch And Transactions
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and Issues
 
Big Data (security Issue)
Big Data (security Issue)Big Data (security Issue)
Big Data (security Issue)
 
Ch5
Ch5Ch5
Ch5
 
SMS & MMS Technologies
SMS & MMS TechnologiesSMS & MMS Technologies
SMS & MMS Technologies
 
IMS IP multimedia subsystem presentation
IMS IP multimedia subsystem presentationIMS IP multimedia subsystem presentation
IMS IP multimedia subsystem presentation
 
Short message service
Short message serviceShort message service
Short message service
 
Sms &mms
Sms &mmsSms &mms
Sms &mms
 
Wap ppt
Wap pptWap ppt
Wap ppt
 
10 Slides to SMS
10 Slides to SMS10 Slides to SMS
10 Slides to SMS
 
Need For Ethical & Security Issue In It
Need For Ethical & Security Issue In ItNeed For Ethical & Security Issue In It
Need For Ethical & Security Issue In It
 
LinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedLinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-Presented
 

Semelhante a security issue

The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
Kimberly Thomas
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
Editor IJCATR
 
Different date block size using to evaluate the performance between different...
Different date block size using to evaluate the performance between different...Different date block size using to evaluate the performance between different...
Different date block size using to evaluate the performance between different...
IJCNCJournal
 
Overview on Symmetric Key Encryption Algorithms
Overview on Symmetric Key Encryption AlgorithmsOverview on Symmetric Key Encryption Algorithms
Overview on Symmetric Key Encryption Algorithms
IJERA Editor
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
ams1ams11
 

Semelhante a security issue (20)

A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdf
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
 
L017136269
L017136269L017136269
L017136269
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
 
Different date block size using to evaluate the performance between different...
Different date block size using to evaluate the performance between different...Different date block size using to evaluate the performance between different...
Different date block size using to evaluate the performance between different...
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
Overview on Symmetric Key Encryption Algorithms
Overview on Symmetric Key Encryption AlgorithmsOverview on Symmetric Key Encryption Algorithms
Overview on Symmetric Key Encryption Algorithms
 
Implementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithmImplementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithm
 
Cryptography
CryptographyCryptography
Cryptography
 
Data encryption algorithm(edit)
Data encryption algorithm(edit)Data encryption algorithm(edit)
Data encryption algorithm(edit)
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptx
 
Achieving data integrity by forming the digital signature using RSA and SHA-1...
Achieving data integrity by forming the digital signature using RSA and SHA-1...Achieving data integrity by forming the digital signature using RSA and SHA-1...
Achieving data integrity by forming the digital signature using RSA and SHA-1...
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
 
Dnssec Case Study
Dnssec Case StudyDnssec Case Study
Dnssec Case Study
 
Cryptography
CryptographyCryptography
Cryptography
 
Websphere - About Websphere ssl part ii
Websphere - About Websphere ssl part iiWebsphere - About Websphere ssl part ii
Websphere - About Websphere ssl part ii
 
Websphere - Introduction to ssl part ii
Websphere - Introduction to ssl part iiWebsphere - Introduction to ssl part ii
Websphere - Introduction to ssl part ii
 

Mais de JAINIK PATEL

Mais de JAINIK PATEL (6)

Facade pattern
Facade patternFacade pattern
Facade pattern
 
The Singleton Pattern Presentation
The Singleton Pattern PresentationThe Singleton Pattern Presentation
The Singleton Pattern Presentation
 
SMS
SMSSMS
SMS
 
Architecture of Mobile Computing
Architecture of Mobile ComputingArchitecture of Mobile Computing
Architecture of Mobile Computing
 
112321 112333 wirless application protocol
112321 112333 wirless application protocol112321 112333 wirless application protocol
112321 112333 wirless application protocol
 
Facadepattern
FacadepatternFacadepattern
Facadepattern
 

Último

Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 

Último (20)

Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 

security issue

  • 1. Security Issues in Mobile Technology •presented By: - Parmar Pallavi[112343]. Solanki Urmi[112324].
  • 2. In any defense system, we need to know our enemy. To build an information security system, we need to answer the following question: 1) who is the enemy ? 2) what are the weak links in the system? 3) what needs special protection? 4) To protect our assets from attack, we need to build a security system. How much does the security system cost in terms of money, resource and time? Information Security
  • 3. Attack A security system is a system to defend our asset from attacks. In the physical world, these attacks are carried at the weak point in the defense system.. Loss can be either 1.Static information asset(static asset). 2.Dynamic asset
  • 4. Static assets cover a large portion of theasset base. All the databases, files, documents etc. In the computer fall in this category. Example of attacks on static asset are virus deleting files in a computer or jamming a network. Example of an attack on a dynamic asset is the theft of a credit card number while a user is doing a credit card transaction on the web.
  • 5. Interception:- An unauthorized party gaining access to an asset will be part of this attack. This is an attack on confidentiality like unauthorized copying of files or tapping a conversation between parties. Modification:- An unauthorized party gaining control of an asset and tampering with it is part of this attack. This is an attack on integrity like changing the content of a message being transmitted through the network Attack on dynamic asset can be of following type
  • 6. Febrication:- An unauthorized party inserts counterfeited objects into the system. For example , impersonating someone and inserting a spurious message in network. Interruption:- An asset is destroyed or made unusable. This is an attack on availibility. this attack can be on a static assent or a dynamic asset. An example could be cutting a communication line or making the router so busy that a user cannot use a server in a network
  • 7.
  • 8.
  • 9.
  • 10. Forcenturies,informationsecurity was synonymous with secrecy. The art of keeping a message secret was to encrypt the message and thus hide from others getting to know of it. Thereare six types component of information security are as follows: 1) Confidentiality 2) Availability 3) Integrity 4) Non-repudiation 5) Authorization 6) Trust 7) Accounting
  • 11. Confidentiality (privacy):- isthe property where the information is kept secret so that unauthorized person cannot get at the information. integrity:- Integrity is to ensure the integrity of the message. Authorization:- It deals with privileges(authority). In any transaction, there is a subject (a person) and an object(data items or file).The subject wants some function to be performed ononthe objects.
  • 12. Availability (obtainment):- media management is not within the scope of security protocols and algorithms. Media management is needed to ensure a availability of service. Trust :- Trust involves developing a security trust-based security management is necessary. Trust involves developing a securitypolicy,assigningcredentials(identity card) toentities,verifyingthat the credentials fulfill the policy.
  • 13. Accounting :- It is the process by which the usage of the service is metered. Based upon the usage, the service provider collects the feeeitherdirectly from the customer or through the home network.
  • 14.
  • 15. In a symmetric key cryptography, the same key is used for both encryption and decryption. This is like a lock where the same key is used to lock and unlock In this type of encryption , the key is secret and known only to the encrypting (sender) and decrypting(receiver) parties. Therefore, it is also known as a secret key algorithm. Some authors refer to symmetric key cryptography as shared key...because the same key is shared between the sender and the receiver of the message.
  • 16. In a symmetric cryptography, there are four components. 1) plaintext, 2) encryption/decryption algorithm, 3) secret key (key for encryption and decryption), 4)ciphertext.
  • 17. The most popular symmetric key algorithms are: 1) DES : Data Encryption Standard, this algorithm is the most widely used, researched and has had the longest life so far. 2) 3DES: This is the modification DES. In This algorithm, DES Is used 3 times in succession 3) AES: Advances Encryption Standard, this is the current accepted standard for encryption by FIPS(Federal Information Processing Standards) of USA. 4) Skip jack: this is a token-bases algorithm used by defense personnel in the US.
  • 18. In symmetric key encryption we use the same key for both encryption and decryption. In public key cryptography we use the different keys, one key for encryption and a different key for decryption. As there are two different keys used, this is also called asymmetric key cryptography. Public key cryptosystem is based on mathematical functions rather than permutation and substitution.
  • 19. There are six components: 1) plain Text: This is the human readable message or data given to the public key algorithm as input for encryption 2)Ciphertext:- This is a unique data and depends only on the unique key used for encryption. 3) Encryption Algorithm :- This is the algorithm that does computation and various transformation on the inputpalintext. 4) Decryption algorithm :- This algorithm does the reverse function of the encryption algorithm. 5) Public key :- This is one of the keys from the key pair. This key is made public for anybody toaccess.Thiskey is either used for encryption and decryption. 6) Private key :- This is called the privatekey,becausethe key is secret..
  • 20. Hashing function are one-way functions used for message digests. Hash function takes input data of any size and give the output of the fixed size. The outputs are collision (clash)free. This means that two different inputs will not produce the same output. The most commonly used hash functions are MD5 AND SHA-1.
  • 21. MD5 MD5 is stands for Message Digest version 5. The MD5 algorithm is an extension of the MD4 message – digest algorithm and is slower than MD4. The algorithm can also 512 bits of the input message in blocks.
  • 22. SHA Algorithm SHA stands for Secure Hash Algorithm. It was developed by the NIST(National Institute of Standard and Technology). SHA was first published in 1993. Later in, 1995, a revised version of the algorithm was published as SHA-1. SHA processes input in 512 bits block and produces 160 bits of output. Like MD5 ,SHA-1 is also based on MD4 algorithm.
  • 23. MAC stands for Message Authentication Code. it is used to integrity check the message. A secret key is used to generate a small fixed size data block from the message. Both the sender and the receiver share the same secret key for MAC. When the sender has a message to be sent to the receiver, the message is sent along with the MAC. The receiver receives themessage;andcalculate the MAC from the message and the shared key. The receiver checks the MAC received from the sender. if they are the same, the message is considered to be in perfect state.
  • 24. Security Protocol We need to device protocols that will use these algorithms in such a fashion that vulnerabilities are eliminated and security is ensured. There are many protocols for secured communication.
  • 25. The most popular protocol is SSL(Secure Socket Layer). SSL was originally developed by Netscape. The Internet standars for TLS (Transport Layer Security) and WTLS(wireless Transport Layer Security) have been derives from the SSL protocol.
  • 26.
  • 27. Security Socket Layer (SSL) SSL protocol is used to provide security of data over public networks like Internet. it runs above the TCP/IP protocol layer and below higher level protocols such as HTTP. SSL allows both machines(server and client) to establish a secured encrypted channel
  • 28. •Public-key encryption provides better authentication techniques. •Symmetric key encryption is much faster than the public key encryption. •An SSL session begins with SSL handshake. •SSL handshake allow the server to authenticate itself to the client using public-key techniques.
  • 29. •SSL handshake also allow the client o authenticate itself to the server. •It then allows the client and server to cooperate in the creation of symmetric key. •It then uses this shared key for payload encryption, decryption and tamper detection the session that follows.
  • 30.
  • 31. TLS Transport Layer Security or TLS in short is a security protocol to offer secure communication at the transport layer. TLS protocol is the Internet standard and based on the SSL 3.0 protocol specification. The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications. At the lower levels, TLS uses TCP transport protocol. The TLS protocol is composed of two layers: the TLS Handshake protocol and the TLS Record Protocol.
  • 32. WTLS oThe transport layer security protocol in the WAP architecture is called the Wireless Transport Layer Security. oWTLS provide functionality similar to TLS 1.0 and in corporates new feature such as datagram support, optimized handshake and dynamic key refreshing. oThe WTLS layer operates above the transport protocol layer similar to TLS.
  • 33. oWTLS provides an interface for creating and terminating secure connections. oThe primary goal of the WTLS layer is to provide, data integrity and authentication between two communicating applications.