- Classification of cryptographic algorithms and protocols: symmetric encryption, asymmetric encryption, data integrity algorithms, authentication protocols
1.1 Computer security concepts
- Definition (from NIST): For an automated information system, protective measures are taken to ensure the integrity, availability, and confidentiality of information system resources (including hardware, software, firmware, information/data, and communications) [CIA Triplet].
① Lack of confidentiality is defined as the unauthorized disclosure of information
② Lack of integrity is defined as unauthorized modification and destruction of information
③ Lack of availability is the interruption of access to and use of information and information systems
In addition: authenticity and traceability
1.2 OSI Security Framework
To effectively evaluate an organization's security needs, and to evaluate and select various security products and policies
1.3 Security attacks
Category: passive attack and active attack
- Passive attack: Eavesdropping and monitoring of transmissions. Including information security leakage and traffic analysis.
- Active attack: modify or forge data flow
- Classification of active attacks: masquerading, replay, message modification, denial of service
1.4 Security services
Definition: [X.800] - A service provided by the protocol layer of a communication open system to ensure sufficient security of the system or data transmission [
RFC 4949] - It is a process or process provided by the system for special protection of system resources. Communication services and security services implement security policies through security mechanisms.
- Authentication: Ensure communication authenticity
- Access control
- Data confidentiality
- data integrity
- non-repudiation
- Availability service