 The initial topic I want to just introduce to some terminology and some very basic concepts of what do we mean by security. Security in terms of computer systems and computer networks. Some definitions taken from different sources, so different people's view of what is security. What is computer security? The protection afforded to an automated information system in order to attain the applicable objectives of preserving integrity, availability and confidentiality of information system resources. So there's a definition from some standards organisation of what they define as computer security. Protecting information systems, computer systems, systems that store and maintain information with objectives of preserving something called integrity, availability and confidentiality. We'll describe, we'll see those words come up more throughout this topic and other topics. Integrity is making sure that information, one example is making sure information is not modified. When we have stored some information on a computer system someone should not be able to change that information without it being noticed, especially in a malicious manner. Availability when we have a computer system it's built and designed for some purpose usually to be used by some users. Availability is making sure that that system is available to the users to use in its normal intended purpose. A problem would be if that system becomes unavailable and the normal users cannot use it. That would be considered some attack on the computer security. Confidentiality is making sure that the information on the system can only be accessed by the intended people. That is, unintended people cannot see the information that should be hidden, it should be confidential. That is about computer security. More specific about network and internet security, so computer security may be the security of my laptop, it doesn't have to be related to a computer network, the security of information on a single computer but nowadays we're often dealing with networks. It's not just a single computer that we care about, we usually store and manage information on many computers. In a business you can think of the information for that business to be managed by multiple computers and they connect it in some network. Network and internet security, and this comes from the textbook, measures to deter, prevent, detect and correct security violations that involve transmission of information. Because we're talking about a network or an internet, we're talking about sending information across the network, transmitting information and the security is the techniques or the things that we have available to deter security violations, that is stop people from starting some attack that violates the security of the information, violates the confidentiality, the availability, the integrity, prevent them from doing performing attacks, if someone is doing something bad on the network, detect that they're doing it and if we can detect something we may be able to correct it and stop them from doing it in advance. So some very general definitions of computer and network security. Those three terms here, integrity, availability and confidentiality are considered key parts of system security, where we've said confidentiality, making sure the information is private, confidential, secret, integrity, making sure the information cannot be changed without being noticed. Availability, making sure the data and system is available to the normal users. If we build a computer for all the students to use, it's not very good if some security attack performs such that the students cannot log in. So we make sure the system is available. We'll see the other terms come up when we talk about security, authenticity, making sure the information and the users are authentic, for example the real people or people are who they say they are, and accountability, especially in businesses, making sure that we can keep track of who's doing what, who's accountable for different actions. We'll give some more clearer definitions and examples of these three terms in a moment. If you want to provide security for a computer or a network system, imagine some organization, a business, SIT. What happens if the computer or network system, the security of that system is breached and attack is performed and it's no longer secure? What are the consequences or potential consequences? What happens if someone gets into the SIT network and accesses the database of student records? What happens if in a company someone accesses information about the trade secrets or private information of that company or modifies that information? Some of the things that can happen or the consequences for a business or an organization is that the operations of that organization are reduced, the effectiveness are reduced. An example may be SIT has an IT server and that IT server is intended for students to use for different courses, for Moodle, for running commands on that server. It hosts a website, it hosts some email lists as well. If, for example, some malicious user could get access to that server and stop it from working correctly, how would that affect SIT? Well, SIT would not be effective or would not be fully effective in performing its normal operation. Students would no longer be able to use Moodle. You may think that's a good thing, but that's a bad thing in that we cannot do our normal operations of providing a service to students. So one consequence of a security breach may be that the operations of that organization are reduced. We cannot work as well as we should be able to. That's a small thing in some cases. Maybe if our server is compromised then I need to spend a day to fix that server and that means it's a day less that I can spend on teaching or on research, so my effectiveness is reduced if there's some breach. Another thing may be financial loss. If a computer system is breached then that organization may lose money because of that. Amazon, for example, Amazon is a company that has a website and many other systems and they make money by selling things through the website. If someone can attack that website, Amazon's website, and stop it from working for even one hour during the day, Amazon will lose a lot of money because they get money on a regular basis through that people accessing that website. So a security attack on some computer system can lead to a financial loss. That's not good. There may be physical damage to assets, to hardware and other systems in some cases. So the security of a control system for controlling a factory, for example, then if someone can break into that and cause the robots and the objects in the factory, the conveyor belts to do the wrong thing, then something may happen inside the factory and objects will collide and we get damage to objects or assets of that company. That's another consequence of a breach. In some cases there may be harm to individuals, physical harm. For example, the security of a nuclear facility, if someone can compromise the security and cause a shutdown of the nuclear reactor and that may cause harm to individuals working there in the surrounding area. So there can be significant consequences of security breaches. And the levels of impact may change. There may be small, that is we may lose a small amount of money or we may lose millions of dollars. So there are different organisations that have tried to measure and tried to develop ways to measure the level of impact so you can determine how much effort you put in to try and prevent it from happening. The larger the consequence and the larger the significance of that consequence, then the more important it is that you prevent it from happening so you don't lose money so there's no harm to individuals. To design a computer system or a computer network that is secure, what do you do? Well people have tried to come up with methodologies that others can follow such that when they design a system it will be secure. OSI, you may have heard of OSI last semester when we talked about the layered stacks we went through a five layer stack. OSI is a set of standards which defines standards for data communications including standards for security, communication security. And there's an architecture defined by them that tries to define the ways for securing systems. We're not going to go through that architecture, we're just going to pull some terminology from it and use that terminology through the course. There's defined by ITU, that's a standards organisation, there's this X800 security architecture. It defines a set of ways to provide security to define the requirements and approaches for satisfying those requirements. That is for an organisation or a computer network, what do you require in terms of security and what techniques do you have available to implement that security? Let's just look at some of the terminology that comes from that architecture. There are different aspects that are defined in this architecture, three of them. Security attacks, security mechanisms and security services. We'll go through each of those and list the key types of attacks, key mechanisms available and the security services that we want to provide. Some terminology that we may use or come from the architecture, a threat is a potential violation of security. Something that can potentially happen is considered a threat. An attack is an actual assault on a system, so a threat is something that may happen. We want to identify what the threats are so that attacks do not occur. An attack is something that happens, it's just some terminology. Let's look at what do we mean by a security attack, mechanism and service, which will be the main focus or the main thing that you want to get out of this lecture. A security attack. Any action that attempts to compromise the security of information or facilities. We have information stored on a computer system, we have facilities, we have the hardware and software in that computer system. Some actions that attempt to compromise the security of that information or facilities is considered an attack, a security attack. As we saw before, a threat is a potential violation. An attack is some actions that violates. A security mechanism, a method or a set of methods for preventing, detecting or recovering from an attack. So if we have threats which may become attacks on a security system, firstly we'd like to prevent attacks. We don't want them to happen, that's the best approach. But sometimes we cannot prevent attacks and it's naive to assume that you can prevent all attacks on a computer system. So the other thing to do is to detect attacks happening. If I want to make my laptop secure when it's connected to the internet so that no one can access the exam answers on my laptop. I try my best to prevent attacks by configuring the software that runs on it, using special software to prevent attacks. But I'm not 100% sure or certain that I can prevent all attacks. Well another thing I may want to do is to have something that will be able to detect when an attack does happen. If I could detect that someone has accessed my computer who shouldn't, then I may be able to respond and recover from that. I may be able to pull out the cables so that no one has network access. Or maybe I'll turn off the computer in this simple example. So detecting attacks is also useful. And to some extent if I can detect attacks very well, it's unlikely if someone knows that I can detect them attacking me, then it's unlikely they'll perform an attack. If you as students know that I'll be able to detect if you try and access the exams on my computer, then you're unlikely to try and access those exams because you know if I detect that you can, then you'll get other punishment. So being able to detect attacks is also a way to prevent future attacks. And if we can detect, we'd like to be able to recover, fix things or prevent the attack in the future. So the mechanisms are the things that allow us to prevent, detect and recover from attacks. A security service uses the different mechanisms we have available to enhance the security of our information facilities. So we stop attacks. So they're related with each other. Let's go through those three, giving examples or lists of each. So attacks, classify types of attacks, general types of attacks, then list the main security services and then the main security mechanisms we have available. Attacks on a computer or network system, we can classify into two different types, passive and active. A passive attack does not affect the system resources. When we say a system here, let's say a computer network or a single computer, if we talk about computer security, but the network or computer that we're trying to protect. A passive attack does not affect the system resources, whereas an active attack does affect and alter the system's resources and operation. The difference between the two will make sense as we, after we go through specific types of attacks, it'll become clearer. So we'll return to this slide after we go through some of the types. Because with passive attacks, there are two main types. Releasing the message context or traffic analysis. And with active attacks, four types that we'll go through. And we use this example scenario to illustrate those six types of attacks. Here's a network or a communication system. There are two normal users in this case, Bob and Alice. So they're using some computer on the network. There's some communications network. And Bob and Alice communicate with each other across some network. And we're going to have a third user in this case, Darth. And he's going to be the malicious user in this example, the bad person. An illustration of the attack of releasing the message contents. Bob sends messages to Alice, for example, in the normal operation. Alice is the secretary in the school. Bob is a lecturer. Bob creates exams. Sends the exams to the secretary to print them for the students. So Bob has sent an exam to Alice. And Alice is going to print that. Darth is a student who's taking the subject of the exam that's just been sent. When Bob sends the message to Alice, Bob wants to make sure that no one else can see the contents of that message. If this third user, Darth, can read the contents of the message that Bob sent to Alice, then this malicious user has performed an attack on the system. If I send an exam to the secretary across the network and a student can intercept that, can receive a copy of that message, and see the contents of the exam, then my system is not secure, because the exam should be confidential. So that's a simple case and the most obvious form of a security attack. That is someone seeing the contents of a message that they should not be able to. Releasing the contents of the message. We'll see that the primary way to stop that from happening is to use encryption. Bob creates an exam, encrypts that exam using some algorithm, sends it across the network to the secretary to print. The secretary, Alice, has a special key such that she can decrypt the exam and get the original copy and print it. Whereas Darth, the student, even though they may receive the message, they can intercept the message in the network, they see the encrypted message. Because they don't have the key, they cannot decrypt and get the original contents of that message. So by applying encryption, we can prevent such attacks from happening. So the attack is the ability to release the message contents. It's a passive attack in that, assume there's no attack. Assume Darth is not there. Then what happens? Bob sends a message. Alice receives that message. That's assuming no attack. Now assume that the attack takes place. From the perspective of Bob and Alice, the normal users, nothing has changed. Bob sends a message. Alice receives a message. From the normal operation of the system, when the attack occurs, nothing changes. The system resources do not change. Bob still sends one message. Alice still receives one message. That's considered a passive attack because by performing the attack from the perspective of Bob and Alice, nothing has changed. Alice still receives the message, but it also turns out Darth receives the message. We said, or I said that in this case one, the main way to stop this attack is to encrypt the information. Bob encrypts it before he sends it so that anyone who can intercept and receive a copy see something but they do not see the original message. They see an encrypted form and they cannot get the original contents back. Traffic analysis is an attack where even if we use encryption, some malicious user, Darth in this case, may still be able to get some useful information about what's happening. Let's say, what's an example? Alice is married. Alice is married to Darth in this case, okay? And Alice has told Darth that happily in love, everything's fine, but turns out that someone's sending messages to Alice late at night. 2 a.m., someone's sending a lot of messages to Alice when Alice told her husband, Darth, that I'm at home at sleep at 2 a.m., nothing's happening. Bob, who's sending those messages to Alice, is encrypting those messages. If there was no encryption, what Darth could do would read those messages and find out what's happening between the two. But if there's encryption, then what can happen is that Bob sends messages to Alice, they encrypt it. Darth can intercept those messages, but cannot see the contents. He doesn't know what Bob is saying to Alice, but he does know that Bob is sending messages to Alice at 2 a.m. And by analyzing the communications, Bob, sorry, Darth may be able to determine something's gone wrong or something's happening. So traffic analysis involves analyzing the communication patterns, and from that, gaining some extra information. Not analyzing the contents of the messages, but the fact that the parties are communicating. Another example is if Alice is a known terrorist, the law enforcement agency knows about Alice, that she's a terrorist, and the law enforcement agency is intercepting all the communications to Alice, and that law enforcement agency, Darth in this case, finds that this person, Bob, is sending many messages to Alice, and that may give the law enforcement agency some motivation to find out who Bob is, and maybe to follow up in some other way to try and find out what's going on. So by analyzing the communications pattern, the user here, the malicious user in this case, or the attacker can find out some information that would not be able to be learned otherwise. So that's considered an attack. Again, it's passive. If there was no attack, Bob sends a message to Alice, Alice receives a message. If there is an attack, Bob sends a message to Alice, Alice receives a message. Nothing changes from their perspective, so it's considered passive. Any questions on the first two types of attacks? First two example attacks? Both passive attacks? First one, finding the contents of the message. Second one, analyzing the communication traffic. Nothing difficult so far. Now let's look at four other types of attacks, and these are active attacks. Masquerade attack. Pretend to be someone else. Alice is the finance officer for SIT. She determines how much every faculty member gets paid. She puts the money into their bank accounts. Bob is the director of SIT. He sends a message to Alice every month saying, this person should be paid ex-bar. And that's the normal operation. Darth, some malicious faculty member, creates a message and sends an email to Alice saying, increase the salary of Steve by 10,000 bar. And signs that message so it looks like it came from Bob, the director. Alice thinks the message came from Bob, the director, and therefore increases my salary. So this is a case where someone else, Darth, is pretending to be a normal user, Bob in this case. As a result, things can go wrong. So masquerade means to pretend to be someone else in this case. Masquerade as someone else. Note that this is an active attack. If there was no attack, then Bob sends no message. Alice does not receive a message, if there was no attack. When there is an attack, Bob sends no message, but Alice receives a message. Something has changed. That's what we define as an active attack. The system resources have been changed because of the attack taking place. And a common cartoon, an old cartoon, is on the internet nobody knows if you're a dog, because how do you know the person you're communicating with on the internet, at the other computer? How do you know who they are? They could be someone pretending to be someone else. So you need some way to authenticate who that person is, to be sure who they are. How can we solve this problem with the masquerade attack where the malicious user sends an email to Alice saying increase Steve's salary by 10,000 baht and pretending it's from the director, Bob? Is it possible? Is it possible for, for example, me to send an email to someone and that person think that it came from someone else? Yes, it's very easy. After the break we'll give a quick demonstration but it's very easy to change at least the from address in email. So when I receive an email, the from address says it's from someone who didn't actually send it. That's easy and without any other checks then that could mean that Alice would believe because the from message matches Bob would believe it came from Bob. So we need some other ways to authenticate and we'll cover them in this course. A replay attack. Bob, the real director, sends a message to Alice saying increase Steve's payment by 10,000 baht this month. He's got a pay rise, all fine, that's the normal operation. Darth intercepts that message and shortly later, one day later, sends it again to Alice. So from Alice's perspective, she's received two messages saying increase Darth's payment by 10,000 baht. So she increases it by 10,000 baht two times because it's a replay. She doesn't know that it's the same as the other one. She just thinks that Bob has sent, okay, sent it increased by 10,000 and then sent it again because Bob thinks that should increase it two times. In this case, the malicious user has replayed a previously sent message, resend a message in the network. Similar to here, but in fact, in this case with Masquerade, there wasn't an original message. Darth generated the new message. Whereas the replay, there's some message and Darth just copies that and sends it again. We'll see that when we look at the techniques for preventing Masquerade attacks and the security techniques, then sometimes it's easier to copy and replay a message than it is to generate a new message that will be believed. So replay attacks are possible. For example, no, no more examples there. Yep? Can you copy the message that I did in, I'm sorry, I said you're wrong. Again? The next one modification, okay? In this case, the replays one message is sent and the malicious user Darth sends the exact same message, a copy of that message, okay? Let's say that message is, let's say it is from some automatic telemachine from a bank and it's sending it because what happens in an ATM, you do some operations on the ATM and the ATM sends the data to the central office of the bank and it changes the amount in your account, okay? So when you put 10,000 baht into your account at the ATM, then that would send some information to the central office, some server there which would increment your account balance by 10,000 baht, okay? If we could intercept that message and send it again sometime later, that message from the ATM to the office, then the office just received two copies of that message and will increase the account balance twice, 10,000 and then another 10,000 which would be an attack on the system in that case. So this is just replaying the same message, no changing the message. The next one is changing the message, modification attack. Bob sends a message to Alice saying, decrease Darth's salary by 10,000 baht. He hasn't performed well. I want you to decrease his salary. Darth intercepts that message before it gets to Alice. Darth changes the word decrease to increase and sends it on to Alice. Alice receives a message from Bob, increase the salary by 10,000 baht, okay? So if we can modify the message, we can perform an attack on the system and this involves intercepting the message before it gets to Alice. So the question is, okay, Bob sends a message to Alice. Darth intercepts that message and modifies it. Then we say that's a modification attack, that the second message that Alice receives is different from the first one, it's been modified. Replay, Alice receives two messages, both of them are identical, they're the same. We can perform similar things, though, that is that we can perform the similar types of attacks. So pretend to be someone else, masquerade attack, replay messages, modify messages. They're the three main, and these are all active attacks, three main active attacks. Why are they active? Again, if the attack didn't take place, in this case, Bob sends a message, if there was no attack, Bob sends a message, Alice receives that exact message. If there is an attack, Bob sends a message, Alice receives a different message. Something has changed because of the attack. We say the system resources have changed, therefore we classify it as active. Last one, and slightly different from all the other ones we've seen. It's not so much about the messages now, it's about the availability of our system. We have a server. Normal users can access that server. Bob's a normal user, he usually accesses that server every day to perform some operation. In a denial of service attack, some malicious user performs some operations like send some messages to the server, such that that server can no longer be accessed by Bob. The attacker denies the normal users the use of the service, the use of the server. We deny access to the service, a denial of service attack. Coming back to, for example, Amazon. Amazon makes their money from people accessing the website, but a web server can only handle so many accesses at a time. It may overload and therefore it will crash, for example, a simplistic example. If some competitor of Amazon performs a denial of service attack, that is they generate a lot of traffic to the Amazon website such that the website crashes, then Amazon starts to lose money and the competitor, all the customers start going to the competitor. So that's an example of a denial of service attack, stopping the service being available to the normal users. So we've gone through six types of attacks. First two were considered passive and the last four active. Coming back, release message contents, traffic analysis. With passive attacks, nothing changes. Because nothing changes, it's hard to detect, because you cannot see that something's happening. From the normal user's perspective, everything's the same. Hard to detect. But generally easier to prevent than the others. So prevention is the main way to stop these attacks. Encryption to stop the release of message contents and to stop traffic analysis, you can introduce, for example, random messages such that it's hard for an attacker to analyze your patterns, hide the patterns of your communications. With active attacks, where the system is modified by the attack, hard to prevent them, but because the system is modified, something changes, it's easier to detect. For example, here, release the message contents, it's hard to know, it's almost impossible to know that DARTH has got a copy of the message. Okay, so it's hard to detect that's happening. With, for example, a modification attack, Bob sends a message, Alice receives a different message, something's changed, we've got ways that it's relatively easy to Alice to check whether that message has been changed or not. So there are ways to, we'll go through in this course of how to check at the receiver that the message has changed or not. And therefore we can detect that attack took place. Easy to detect, hard to prevent from happening in this case. You need to remember those six types of attacks and be able to classify them as active or passive. What about security services? So we have attacks on a system, we have mechanisms to try and stop, to prevent or detect those attacks, and we combine mechanisms together to provide some service, some service to the users. What is a service? Maybe the second one is some process, it's the second definition here, maybe a bit easier to follow. Some processing or communication service that is provided by a system to give a specific kind of protection to system resources, some service to protect the system. There are, people have different views of what the real, what security services are. In this course, and coming from the textbook, we'll define six types of security services listed here. Authentication. Authentication service is to make sure that we know who we're communicating with. That is to make sure if someone sends me a message, and it says it's from Bob, that it really is from Bob, it's not from Darth pretending to be Bob. Authenticate the sender of the message is the authentication service. Make sure it comes from the person who they say it is. If we can provide an authentication service, then we can stop the masquerade attack. We can, we'll be able to detect if a masquerade attack happens, if we can provide the authentication service. Sometimes we want to authenticate not just the peer entity, the other person communicating, but actually the data, that the data is in fact true. Another service, access control. Control who accesses our computer system. So our computer system or our network provides some resources to the users. Access control is the services about controlling who can access. For example, a good example is a firewall. A firewall controls who can access a computer. You run a firewall maybe on your laptop or your home computer. What does it do? It controls what other computers on the internet can access particular servers and software running on your computer. So it provides access control. That's needed in some cases. Data confidentiality. Protect the data, the message contents from being released. So from unauthorized disclosure. So I have a message. I don't want anyone else to read it except one person. Then a service that, or if that's provided, then we say that's the data confidentiality service or simply the confidentiality service. Keeping things confidential. Another word you'll hear or other words, keeping things private or secret. But it's better to use because we see privacy and secrecy in other terminology elsewhere in this course we use confidentiality. Keeping the data confidential. Data integrity. Making sure the data has not been changed. We saw with a modification attack. Bob sent a message. Darth modified it. It changed the message. The data integrity service, if we provide such a service, then Alice should be able to detect that the message has been modified. If we have data integrity, then we can detect changes. So if we send a message, we need a way to detect that the one that we receive is the same as what was sent. If we have such a mechanism, then we have data integrity. Number six, the last one. This one's a bit different. Availability. Make sure our computer system is available to the normal users. And the attack that this tries or this stops is the denial of service attack. Denial of service attack makes a system unavailable to the users. If we can stop that from happening, then we can say that we've provided the availability service. We make the system available to the users, the intended users. Last one, or number five, non-repudiation. And we haven't seen examples of this one. Prevent people from denying something's happened. Provide some form of, say, electronic receipt. When you buy something, then you go to a shop and to give some evidence that you've paid the money for it, they give you a receipt, okay? Do a similar thing in communications across a network. You send me your assignment via email, okay? And you need to submit by a deadline. If you don't submit by the deadline, then you get zero for that assignment. So you send me an email with the assignment. You would like, ideally, to get some receipt to say that I've received it. Some confirmation that I've received it by the deadline. Because if, and I don't see why, but if I deny that I received your assignment, what can you do? I said, no, I didn't receive it. You got a zero, okay? Then to prevent that from happening, we should have some form of receipt where you send the assignment and I send back some confirmation. Then if I deny that I receive your assignment, you've got some evidence. You've got this receipt saying, ah, you did receive it at this time and number and someone else, maybe the head of school, can come along and say, no, you did receive it. They can confirm that you did send the assignment. So confirming or protecting that against the denial of communications, prevent the receiver from denying that they've received a message or prevent the sender from denying that they've sent the message. That's the service of non-repudiation. Especially important for business communications, okay? Exchanging money, performing some business communications between two different companies, provide evidence that they've communicated in some way to ensure that no one denies that happens in the future. So they are the six services that we try to provide or that we may provide in some system. Depending upon our requirements of the system, we may not provide them all. With me sending an email to the secretary containing the exam, I probably should provide confidentiality encrypt my message so no one can see the contents of the exam. But the other services may not be so important. So it depends upon what the users require as to what services should be implemented, depending upon your system. So we have a tax, we have services and to implement these services to provide confidentiality, to provide non-repudiation, we have mechanisms. They are the techniques that we use to prevent, detect and recover from attacks. And we combine mechanisms to provide services. There's no single mechanism that provides all services. There are different mechanisms available. Most mechanisms that we use use cryptographic techniques. And that's why we spend a lot of time in this course explaining what is cryptography and what are these cryptographic techniques. Encryption is the main one. Some example security mechanisms. Encryption, listed here is encipherment, but we'll call it encryption, encrypting data. Digital signatures, and we'll explain them after the midterm, giving some signatures so no one can deny that they've communicated. Firewalls and access control. Authentication exchange, so to make sure that you're communicating with the person who you think you're communicating with, perform some exchange to confirm their identity. So there are ways to provide authentication. And some others. We're gonna spend the course going through those techniques. So we're not going to describe them now. The next five or six topics describe those techniques. This tries to give some mapping between different techniques and the services, although the terminology is slightly different from the previous slide. Just to give an example that there are different mechanisms. They are combined to provide different services. We will go through those mechanisms in this course. So, any questions on attacks and services? You need to remember those six attacks, which ones are passive and active, and you need to remember those six services. Guaranteed questions on each one. To finish, before we have a break, we'll introduce some simple model for network or internet security. The most common form of communications and how we secure those communications. They're variations, but we'll see this quite commonly. Just to introduce some terminology to get started. A common security mechanism that we use is encryption. We have a source computer. We saw in our examples, we had Bob sending to Alice. So, we have a source computer on this side, and we have the destination computer or user on this side. So, Bob and Alice. Bob wants to send a message to Alice, and between the two users is the communications channel or network represented here. It may be a single link, maybe a wireless link. It may be the entire internet. They could be on the other side of the world, or they could be five metres away from each other. But we have some communications channel where we send our message via. And we have our opponent or attacker or malicious user, Darth in the examples. We assume, this model assumes that the opponent can see and read anything that is sent across the information channel. So, whenever there's a message sent from source to destination, we assume the attacker can get a hold of that message and read the contents. That's the assumption we'll make in all our analysis. So, if we want to provide confidentiality, unless we do something, the attacker will always be able to read the message under this assumption. So, what we may do is we have an original message to send from source to destination. We modify that message in some way. We transform it. And we'll see that's what encryption does it. Transforms this original message into a secure message. Usually using some secret information that only the source and destination know. We don't send the original message across the channel. We send the secret message. We send it. The destination will receive this secret message. So will the opponent, the attacker. They can also receive this message. We can provide security if the recipient can from the secret message perform some transformation and get the original message back. If they can do that, then A has got the message to B. And importantly, the opponent should not be able to do that. The opponent, if they receive the secret message, should not be able to get the original message from that. If that happens, then we've provided some form of confidentiality or security. And that's the main form of security that we'll see at least in the first few lectures. Encryption is how we perform this transformation. How do we take some message, get a secure message such that the recipient can get the original message back, but the opponent cannot? That's the challenge. And we'll see that most cases it relies upon using some secret information, a key, where the recipient has the key or the secret information, but the opponent does not. Without the key, you cannot get the original message back. The recipient has the key, the opponent does not, so that should work in that case. We'll see that's the basic model for encryption and most, many of the security services use this model. Sometimes we'll see that there's another entity involved. What's called a trusted third party. So another user that the source and destination trust, they believe anything they say. We'll see that that trusted third party is sometimes used to support different security mechanisms. The trusted third party may have the secret information, but we trust them not to give it to anyone else. So that's a common model of a system that we'll use when we go through our different security mechanisms. A different one, which covers other cases if we want to consider network access, something like a firewall. Let's not try and describe that. I think it will confuse. We'll come back to that when we look at access control and talk about firewalls, I think in the last few topics, malicious software. Questions, this is our introduction to security. What we're going to do this afternoon also is introduce classical encryption techniques and give a few examples about those attacks. Any questions so far on the topic on introduction to security? Okay, question about traffic analysis, where are we? Let's assume that the message sent from Bob to Alice is encrypted. That means Darth can receive the message, but they cannot see the contents. They cannot read the contents of the real message. So they cannot release the message contents. What can they do with traffic analysis? Really, by observing the patterns of communications, they may be able to get information, not about the contents of the message, but about something that's happening. That's the idea here. The example, the terrorist example, that is if you're monitoring some known terrorist and so the law enforcement agency is monitoring and they know from past experience that if someone sends many messages in a short period of time to this person, maybe that's an indicator that some physical attack is about to happen in the future and therefore they may take some action, not on, they may take some separate action in that case. Another one is some companies. So a company has some trade secrets. A company, the way that it designs its software is kept private because that's where they make their money from. And they do some contracting work, that is they contract out to other companies. So this one company communicates with their contractor, some other software company to do work for them. Maybe a competitor can analyse that they're communicating in certain patterns to work out that they are doing work, who is doing work for the larger company. So here's a larger company, for example, and they want to, maybe a better example, Apple, okay, Apple makes iPads and so on, iPhones. They contract out to many other smaller companies to make the screen, to make the chips, the memory and so on, okay. So, and then competitors may want to know what Apple's plans for making the next iPad. They want to know how big it's going to be, who's going to make the chips. And from that information, they may be able to get some advantage and predict what Apple will do and maybe come up with a different product that beats it. So by this competitor analysing the communications between Apple and other companies, the subcontractors, they may be able to learn about what's the new iPad going to be made from. By monitoring that Apple is talking to a company that uses a 4K high definition display or a company that has some advanced hardware, then this competitor can work out that Apple may use that company in the new iPad. Maybe that's another example. Without knowing what the contents of the messages are, you can still sometimes work out some useful information just based upon the fact that people are communicating. There was a question, another one. Easy to prevent. Passive attacks, easier to prevent. Hard to detect because nothing changes. Easier to prevent generally compared to the others because using encryption we'll see. We simply encrypt the message in this case. It's quite easy to prevent this from happening in that we encrypt the message such that even though they can get the encrypted message, they cannot get the original message out of it if we have appropriate encryption techniques. So that's very easy to do nowadays. Similar traffic analysis, sometimes one way to prevent the traffic analysis is to add in some fake messages in the communications. So normally we send some messages between Bob and Alice. Darth analyzes that traffic to work out based upon the patterns. Well, if we add in some fake messages between Bob and Alice, then Darth may not be able to recognise what the pattern of communications is, okay? So that's a way to prevent such an attack. Active encryption doesn't help. It helps or we'll see it does help in some of these cases but not all of them. Replay attack, Bob sends an encrypted message to Alice. It's encrypted. There's nothing to stop Darth from intercepting and taking a copy of that encrypted message. Even though Darth cannot see the contents, they can still replay it so they can still perform that attack even when encryption is implied. So encryption does not solve all the problems there. We'll see that forms of encryption are used to help with the detection of these attacks. That's later. Any other questions? The model. Question about this model. Question is briefly explain it. No, I will explain it when we go through classical ciphers. We'll see some more detailed examples of this model in using some real ciphers to demonstrate that. So I will explain that later again, okay? Let's have a break.