Need to present a research report on ?Role Based Access Control with a word count of 70-110 words(not more than the count provided) and should provide a URL reference link too . Note : N
Need to present a research report on Role Based Access Control with a word count of 70-110 words(not more than the count provided) and should provide a URL reference link too .
Note : NO PLAGIARISM STRICTLY
I need this research report in two ways with different information on both.
And the content should be in a general words with no technical jargons.
This question is from a cyber security subject so that the matter should relate to cyber security for sure and should connect to readers.
Deadline January 21, 2023 1:00PM CST
Security in Computing, Fifth Edition
Chapter 2: Toolbox: Authentication, Access Control, and Cryptography
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
1
1
REFRESHER
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
2
REFRESHER
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
3
NIST = National Institute of Standards and Technology
Controls/Countermeasures – REMINDER
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
4
This representation shows the three dimensions by which a control can be categorized. Thinking about controls in this way enables you to easily map the controls against the threats they help address.
4
Objectives for Chapter 2
Survey authentication mechanisms
List available access control implementation options
Explain the problems encryption is designed to solve
Understand the various categories of encryption tools as well as the strengths, weaknesses, and applications of each
Learn about certificates and certificate authorities
5
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Authentication
The act of proving that a user is who she says she is
Methods:
Something the user knows (know)
Something the user is (are)
Something user has (have)
6
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Something You Know
Passwords
Security questions
Attacks on “something you know”:
Dictionary attacks
Inferring likely passwords/answers
Guessing
Defeating concealment (storage or kb)
Exhaustive or brute-force attack (example)
Rainbow tables
7
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Distribution of Password Types
8
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Although this data is from an old study, more recent studies have reaffirmed the results. The vast majority of passwords used on the Internet are extremely easy to crack.
8
Password Storage
Plaintext
Concealed
9
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Passwords should never be stored in plaintext but rather should always be concealed. We talk more about proper password storage later.
9
Biometrics: Something You Are
10
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Handprints and fingerprints are two among many examples of biometrics.
10
Problems with Biometrics
Intrusive
Expensive
Single point of failure (Sarah)
Sampling error
False readings
Speed
Forgery
Legal ramifications
11
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Recent advances in smartphones have begun to make biometrics cheaper and easier to use. Biometrics are still inadequate for extremely sensitive applications, but their convenience makes them a great alternative to weak passwords.
11
Tokens: Something You Have
12
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
An RSA SecurID with a code that changes every 60 seconds. Physical possession of the token should be necessary for successful authentication.
12
Federated Identity Management (Ch 8)
13
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
A federated identity management scheme is a union of separate identification and authentication systems. Authentication is performed in one place, and separate processes and systems determine that an already authenticated user is to be activated. Federated identity management is discussed in much greater detail in Chapter 8.
13
Single Sign-On
14
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Single sign-on lets a user log on once per session but access many different applications/systems. It often works in conjunction with federated identity management, with the federated identity provider acting as the source of authentication for all the applications.
14
Access Control
15
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
15
Access Policies (Authorization)
Goals:
Check every access
Enforce least privilege (SharePoint – configured, else no access)
Verify acceptable usage (need to know / separation of duties)
Approve users’ access
Enforce at appropriate granularity
Use audit logging to track accesses
16
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Implementing Access Control
Reference monitor
Access control directory
Access control matrix
Access control list (ACL)
Privilege list
Capability
Procedure-oriented access control
Role-based access control
17
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Many of these items are shown in more detail in the following slides. Access control directories, matrixes, and lists are shown in self-explanatory visual representations.
17
Reference Monitor (Ch 5)
18
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
A reference monitor is the primary access control enforcement mechanism of the operating system. It is discussed in more detail in Chapter 5. Subjects vs. Objects
18
Access Control Directory
19
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Read, Write, Delete, Execute, Owner
19
Access Control Matrix
20
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Access Control List
21
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Authentication & Access Summary
Authentication is?
22
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Authentication & Access Summary
Authentication is?
Proof of identity.
23
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Authentication & Access Summary
Authentication is?
Proof of identity.
Access Control (Authorization) is?
24
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Authentication & Access Summary
Authentication is?
Proof of identity.
Access Control (Authorization) is?
Constrains what a user can do.
25
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Authentication & Access Summary
Authentication is?
Proof of identity.
Access Control (Authorization) is?
Constrains what a user can do.
Both are to ensure C, I, or A?
26
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Authentication & Access Summary
Authentication is?
Proof of identity.
Access Control (Authorization) is?
Constrains what a user can do.
Both are to ensure C, I, or A?
Confidentiality (protects)
27
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Problems Addressed by Encryption
Suppose a sender wants to send a message to a recipient. An attacker may attempt to
Block the message
Intercept the message
Modify the message
Fabricate an authentic-looking alternate message
28
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Encryption Terminology
Sender
Recipient
Transmission medium
Interceptor/intruder
Encrypt, encode, or encipher
Decrypt, decode, or decipher
Cryptosystem
Plaintext
Ciphertext
29
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Encryption/Decryption Process
30
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
The basic process of encrypting and then decrypting data.
30
Symmetric vs. Asymmetric
31
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
The critical difference between symmetric and asymmetric is that symmetric uses a single key for both encryption and decryption, whereas asymmetric uses complementary keys.
31
Symmetric vs. Asymmetric
32
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Single Key
Complementary Keys
The critical difference between symmetric and asymmetric is that symmetric uses a single key for both encryption and decryption, whereas asymmetric uses complementary keys.
32
Stream Ciphers
33
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
In stream ciphers, each byte of the data stream is encrypted separately. This is as opposed to block ciphers, which are shown on the next slide.
33
Block Ciphers
34
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Unlike a stream cipher, a block cipher encrypts a group of plaintext symbols as a single block. The pros and cons of each model are discussed on the next slide.
34
Stream vs. Block
35
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
DES: The Data Encryption Standard
Symmetric block cipher
Developed in 1976 by IBM for the US National Institute of Standards and Technology (NIST)
36
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
AES: Advanced Encryption System
Symmetric block cipher
Developed in 1999 by independent Dutch cryptographers
Still in common use
37
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
37
DES vs. AES
38
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
AES has become the dominant symmetric encryption algorithm in use today. We discuss DES in this book both for historical purposes and because it is a relatively simple algorithm to use to explain how cryptographic primitives work.
38
Public Key (Asymmetric) Cryptography
Instead of two users sharing one secret key, each user has two keys: one public and one private
Messages encrypted using the user’s public key can only be decrypted using the user’s private key, and vice versa
39
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Secret Key vs. Public Key Encryption
40
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Symmetric and asymmetric algorithms have complementary strengths and weaknesses and are therefore used both for different purposes and in concert with each other.
40
Public Key to Exchange Secret Keys
41
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
This is a great example of asymmetric and symmetric encryption being used together. We need asymmetric to perform the initial exchange securely, but thereafter we can benefit from the speed of a symmetric algorithm.
41
Key Exchange Man in the Middle *
42
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
This exchange is the same as on the previous slide, but with an attacker in the middle. This attack can be defeated using the simple tweak described on pp. 107–108 of the textbook. This is an interesting problem to have students brainstorm or work on for homework.
42
Error Detecting Codes
Demonstrates that a block of data has been modified
Simple error detecting codes:
Parity checks – faster error checking
Cyclic redundancy checks (CRC) – polynomial division, accurate, good for preventing random errors
Cryptographic error detecting codes:
One-way hash functions
Cryptographic checksums
Digital signatures
43
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Parity Check
44
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
One-Way Hash Function
45
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
MD5 or SHA-1/SHA-2
Inverse function; MD4, MD5 or SHA/SHS Secure Hash Algorithm or Standard
45
Digital Signature
46
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Unforgeable and authentic + not alterable or reusable
46
Certificates: Trustable Identities and Public Keys
A certificate is a public key and an identity bound together and signed by a certificate authority.
A certificate authority is an authority that users trust to accurately verify identities before generating certificates that bind those identities to keys.
47
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Certificate Signing and Hierarchy
48
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Chain of trust
Diana’s certificate is made using Edward’s signature. Delwyn’s certificate includes Diana’s certificate so that it can effectively be tied back to Edward, creating a chain of trust.
48
Cryptographic Tool Summary
49
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Summary
Users can authenticate using something they know, something they are, or something they have
Systems may use a variety of mechanisms to implement access control
Encryption helps prevent attackers from revealing, modifying, or fabricating messages
Symmetric and asymmetric encryption have complementary strengths and weaknesses
Certificates bind identities to digital signatures
50
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
50
image2.png
image3.png
image4.emf
image5.emf
image6.png
image7.png
image8.tif
image9.emf
image10.emf
image11.emf
image12.png
image13.png
image14.emf
image15.png
image16.emf
image17.emf
image18.emf
image19.emf
image20.emf
image21.emf
Microsoft_Word_Document.docx
Stream |
Block |
|
Advantages |
Speed of transformation. Low error propagation. |
High diffusion. Immunity to insertion of symbol. |
Disadvantages |
Low diffusion. Susceptibility to malicious insertions and modifications. |
Slowness of encryption. Padding. Error propagation. |
image22.png
Microsoft_Word_Document1.docx
Form |
Operation |
Properties |
Strength |