According to Garfinkel [Simson Garfinkel, "PGP: Pretty Good Privacy," O'Reilly & Associates Ateş, Inc.., 1995. ]
1. Privacy / Confidentiality
ü Definition: keeping information from people who are not entitled to access.
ü Privacy: is more toward the data private nature, eg e-mail a user (the user) should not be read by the administrator.
ü Confidentiality: associated with the data supplied to other parties for certain purposes and only allowed for certain purposes such.
ü Example: a data-private data (such as name, place of birth dates, social security number, religion, marital status, who have suffered illness, credit card number, etc.) must be protected in the use and distribution.
ü Forms of attack: wiretapping efforts (with sniffer programs).
ü The efforts that can be done to improve the privacy and confidentiality is to use cryptographic technology.
2. Integrity
ü Definition: the information should not be changed without permission from the owner of the information.
ü Example: e-mail in the intercept in the middle of the road, changed it, and then forwarded to the destination address.
ü Forms of attack: The existence of viruses, trojan horses, or other user to change the information without permission, "man in the middle attack" where a person put themselves in the middle of the conversation and masquerading as someone else.
3. Authentication
ü Definition: a method to declare that the information truly original, or people who access or provide information is really the person in question.
ü Support:
ü The Tools to prove the authenticity of documents, can be done with Digital watermarking technology (to protect "intellectual property", ie the marking of documents or the work of the "signature" creator) and digital signatures.
ü Access control, namely those related to restrictions that can access the information. Users must use a password, biometric (characteristics of people), and the like.
4. Availability
ü Definition: relating to the availability of information when needed.
ü Examples of barriers:
ü "denial of service attack (DoS attack), where the server sent a request (usually false) that repeatedly or unexpected demand that cannot serve other requests or even down, hangs, crashes.
ü mailbomb, where a user sent an e-mail address repeatedly (say thousands of e-mail) with a large size so that the user can not open an e-mail or difficulty accessing e-mails.
5. Access Control
ü Definition: how to access the settings to the information. related to the problem
ü Authentication and privacy
ü Method: using a combination of userid / password or by
ü Using other mechanisms.
6. Non-repudiation
ü Definition: this aspect of keeping a person cannot deny a deal has been done. Support for electronic commerce.
No comments:
Post a Comment