Research report on Role Based Access Control (Cyber security)

Are you pressed for time and haven’t started working on your assignment yet? Would you like to buy an assignment? Use our custom writing services for better grades. Even if your deadline is approaching fast, our writers can handle your task right when you need it. Our writers will complete your order from scratch and make sure it’s completely unique.


Order a Similar Paper Order a Different Paper

Need to present a research report on  Role Based Access Control with a word count of 70-110 words(not more than the count provided) and should provide a URL reference link too .

Note : NO PLAGIARISM STRICTLY 

I need this research report in two  ways with different information on both.

And the content should be in a general words with no technical jargons.

This question is from a cyber security subject so that the matter should relate to cyber security for sure and should connect to readers.

Deadline January 21, 2023 1:00PM CST

Security in Computing,
Fifth Edition

Chapter 2: Toolbox: Authentication, Access Control, and Cryptography

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

1

1

REFRESHER

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

2

REFRESHER

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

3

NIST = National Institute of Standards and Technology

Controls/Countermeasures – REMINDER

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

4

This representation shows the three dimensions by which a control can be categorized. Thinking about controls in this way enables you to easily map the controls against the threats they help address.

4

Objectives for Chapter 2

Survey authentication mechanisms

List available access control implementation options

Explain the problems encryption is designed to solve

Understand the various categories of encryption tools as well as the strengths, weaknesses, and applications of each

Learn about certificates and certificate authorities

5

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Authentication

The act of proving that a user is who she says she is

Methods:

Something the user knows (know)

Something the user is (are)

Something user has (have)

6

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Something You Know

Passwords

Security questions

Attacks on “something you know”:

Dictionary attacks

Inferring likely passwords/answers

Guessing

Defeating concealment (storage or kb)

Exhaustive or brute-force attack (example)

Rainbow tables

7

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Distribution of Password Types

8

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Although this data is from an old study, more recent studies have reaffirmed the results. The vast majority of passwords used on the Internet are extremely easy to crack.

8

Password Storage

Plaintext

Concealed

9

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Passwords should never be stored in plaintext but rather should always be concealed. We talk more about proper password storage later.

9

Biometrics: Something You Are

10

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Handprints and fingerprints are two among many examples of biometrics.

10

Problems with Biometrics

Intrusive

Expensive

Single point of failure (Sarah)

Sampling error

False readings

Speed

Forgery

Legal ramifications

11

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Recent advances in smartphones have begun to make biometrics cheaper and easier to use. Biometrics are still inadequate for extremely sensitive applications, but their convenience makes them a great alternative to weak passwords.

11

Tokens: Something You Have

12

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

An RSA SecurID with a code that changes every 60 seconds. Physical possession of the token should be necessary for successful authentication.

12

Federated Identity Management (Ch 8)

13

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

A federated identity management scheme is a union of separate identification and authentication systems. Authentication is performed in one place, and separate processes and systems determine that an already authenticated user is to be activated. Federated identity management is discussed in much greater detail in Chapter 8.

13

Single Sign-On

14

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Single sign-on lets a user log on once per session but access many different applications/systems. It often works in conjunction with federated identity management, with the federated identity provider acting as the source of authentication for all the applications.

14

Access Control

15

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

15

Access Policies (Authorization)

Goals:

Check every access

Enforce least privilege (SharePoint – configured, else no access)

Verify acceptable usage (need to know / separation of duties)

Approve users’ access

Enforce at appropriate granularity

Use audit logging to track accesses

16

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Implementing Access Control

Reference monitor

Access control directory

Access control matrix

Access control list (ACL)

Privilege list

Capability

Procedure-oriented access control

Role-based access control

17

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Many of these items are shown in more detail in the following slides. Access control directories, matrixes, and lists are shown in self-explanatory visual representations.

17

Reference Monitor (Ch 5)

18

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

A reference monitor is the primary access control enforcement mechanism of the operating system. It is discussed in more detail in Chapter 5. Subjects vs. Objects

18

Access Control Directory

19

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Read, Write, Delete, Execute, Owner

19

Access Control Matrix

20

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Access Control List

21

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Authentication & Access Summary

Authentication is?

22

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Authentication & Access Summary

Authentication is?

Proof of identity.

23

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Authentication & Access Summary

Authentication is?

Proof of identity.

Access Control (Authorization) is?

24

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Authentication & Access Summary

Authentication is?

Proof of identity.

Access Control (Authorization) is?

Constrains what a user can do.

25

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Authentication & Access Summary

Authentication is?

Proof of identity.

Access Control (Authorization) is?

Constrains what a user can do.

Both are to ensure C, I, or A?

26

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Authentication & Access Summary

Authentication is?

Proof of identity.

Access Control (Authorization) is?

Constrains what a user can do.

Both are to ensure C, I, or A?

Confidentiality (protects)

27

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Problems Addressed by Encryption

Suppose a sender wants to send a message to a recipient. An attacker may attempt to

Block the message

Intercept the message

Modify the message

Fabricate an authentic-looking alternate message

28

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Encryption Terminology

Sender

Recipient

Transmission medium

Interceptor/intruder

Encrypt, encode, or encipher

Decrypt, decode, or decipher

Cryptosystem

Plaintext

Ciphertext

29

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Encryption/Decryption Process

30

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

The basic process of encrypting and then decrypting data.

30

Symmetric vs. Asymmetric

31

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

The critical difference between symmetric and asymmetric is that symmetric uses a single key for both encryption and decryption, whereas asymmetric uses complementary keys.

31

Symmetric vs. Asymmetric

32

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Single Key

Complementary Keys

The critical difference between symmetric and asymmetric is that symmetric uses a single key for both encryption and decryption, whereas asymmetric uses complementary keys.

32

Stream Ciphers

33

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

In stream ciphers, each byte of the data stream is encrypted separately. This is as opposed to block ciphers, which are shown on the next slide.

33

Block Ciphers

34

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Unlike a stream cipher, a block cipher encrypts a group of plaintext symbols as a single block. The pros and cons of each model are discussed on the next slide.

34

Stream vs. Block

35

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

DES: The Data Encryption Standard

Symmetric block cipher

Developed in 1976 by IBM for the US National Institute of Standards and Technology (NIST)

36

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

AES: Advanced Encryption System

Symmetric block cipher

Developed in 1999 by independent Dutch cryptographers

Still in common use

37

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

37

DES vs. AES

38

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

AES has become the dominant symmetric encryption algorithm in use today. We discuss DES in this book both for historical purposes and because it is a relatively simple algorithm to use to explain how cryptographic primitives work.

38

Public Key (Asymmetric) Cryptography

Instead of two users sharing one secret key, each user has two keys: one public and one private

Messages encrypted using the user’s public key can only be decrypted using the user’s private key, and vice versa

39

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Secret Key vs. Public Key Encryption

40

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Symmetric and asymmetric algorithms have complementary strengths and weaknesses and are therefore used both for different purposes and in concert with each other.

40

Public Key to Exchange Secret Keys

41

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

This is a great example of asymmetric and symmetric encryption being used together. We need asymmetric to perform the initial exchange securely, but thereafter we can benefit from the speed of a symmetric algorithm.

41

Key Exchange Man in the Middle *

42

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

This exchange is the same as on the previous slide, but with an attacker in the middle. This attack can be defeated using the simple tweak described on pp. 107–108 of the textbook. This is an interesting problem to have students brainstorm or work on for homework.

42

Error Detecting Codes

Demonstrates that a block of data has been modified

Simple error detecting codes:

Parity checks – faster error checking

Cyclic redundancy checks (CRC) – polynomial division, accurate, good for preventing random errors

Cryptographic error detecting codes:

One-way hash functions

Cryptographic checksums

Digital signatures

43

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Parity Check

44

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

One-Way Hash Function

45

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

MD5 or SHA-1/SHA-2

Inverse function; MD4, MD5 or SHA/SHS Secure Hash Algorithm or Standard

45

Digital Signature

46

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Unforgeable and authentic + not alterable or reusable

46

Certificates: Trustable Identities and Public Keys

A certificate is a public key and an identity bound together and signed by a certificate authority.

A certificate authority is an authority that users trust to accurately verify identities before generating certificates that bind those identities to keys.

47

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Certificate Signing and Hierarchy

48

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Chain of trust

Diana’s certificate is made using Edward’s signature. Delwyn’s certificate includes Diana’s certificate so that it can effectively be tied back to Edward, creating a chain of trust.

48

Cryptographic Tool Summary

49

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Summary

Users can authenticate using something they know, something they are, or something they have

Systems may use a variety of mechanisms to implement access control

Encryption helps prevent attackers from revealing, modifying, or fabricating messages

Symmetric and asymmetric encryption have complementary strengths and weaknesses

Certificates bind identities to digital signatures

50

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

50

image2.png

image3.png

image4.emf

image5.emf

image6.png

image7.png

image8.tif

image9.emf

image10.emf

image11.emf

image12.png

image13.png

image14.emf

image15.png

image16.emf

image17.emf

image18.emf

image19.emf

image20.emf

image21.emf

Microsoft_Word_Document.docx

Stream

Block

Advantages

Speed of transformation.

Low error propagation.

High diffusion.

Immunity to insertion of symbol.

Disadvantages

Low diffusion.

Susceptibility to malicious insertions and modifications.

Slowness of encryption.

Padding.

Error propagation.

image22.png

Microsoft_Word_Document1.docx

Form

Operation

Properties

Strength

DES

Encrypt with one key

56-bit key

Inadequate for high-security applications by today’s computing capabilities

Double DES

Encrypt with first key; then encrypt result with second key

Two 56-bit keys

Only doubles strength of 56-bit key version

Two-key triple DES

Encrypt with first key, then encrypt (or decrypt) result with second key, then encrypt result with first key (E-D-E)

Two 56-bit keys

Gives strength equivalent to about 80-bit key (about 16 million times as strong as 56-bit version)

Three-key triple DES

Encrypt with first key, then encrypt or decrypt result with second key, then encrypt result with third key (E-E-E)

Three 56-bit keys

Gives strength equivalent to about 112-bit key about 72 quintillion (72*1015) times as strong as 56-bit version

image23.png

image24.png

Microsoft_Word_Document2.docx

DES

AES

Date designed

1976

1999

Block size

64 bits

128 bits

Key length

56 bits (effective length); up to 112 bits with multiple keys

128, 192, 256 (and possibly more) bits

Operations

16 rounds

10, 12, 14 (depending on key length); can be increased

Encryption primitives

Substitution, permutation

Substitution, shift, bit mixing

Cryptographic primitives

Confusion, diffusion

Confusion, diffusion

Design

Open

Open

Design rationale

Closed

Open

Selection process

Secret

Secret, but open public comments and criticisms invited

Source

IBM, enhanced by NSA

Independent Dutch cryptographers

image25.png

Microsoft_Word_Document3.docx

Secret Key (Symmetric)

Public Key (Asymmetric)

Number of keys

1

2

Key size (bits)

56–112 (DES), 128–256 (AES)

Unlimited; typically no less than 256; 1000 to 2000 currently considered desirable for most uses

Protection of key

Must be kept secret

One key must be kept secret; the other can be freely exposed

Best uses

Cryptographic workhorse. Secrecy and integrity of data, from single characters to blocks of data, messages and files

Key exchange, authentication, signing

Key distribution

Must be out-of-band

Public key can be used to distribute other keys

Speed

Fast

Slow, typically by a factor of up to 10,000 times slower than symmetric algorithms

image26.emf

image27.emf

image28.png

Microsoft_Word_Document4.docx

Original Data

Parity Bit

Modified Data

Modification Detected?

0 0 0 0 0 0 0 0

1

0 0 0 0 0 0 0

1

Yes

0 0 0 0 0 0 0 0

1


1
0 0 0 0 0 0 0

Yes

0 0 0 0 0 0 0 0

1


1
0 0 0 0 0 0

1

No

0 0 0 0 0 0 0 0

1

0 0 0 0 0 0

1


1

No

0 0 0 0 0 0 0 0

1

0 0 0 0 0

1


1


1

Yes

0 0 0 0 0 0 0 0

1

0 0 0 0

1


1


1


1

No

0 0 0 0 0 0 0 0

1

0

1
0

1
0

1
0

1

No

0 0 0 0 0 0 0 0

1


1


1


1


1


1


1


1


1

No

image29.emf

image30.png

image31.emf

image32.emf

image33.png

Microsoft_Word_Document5.docx

Tool

Uses

Secret key (symmetric) encryption

Protecting confidentiality and integrity of data at rest or in transit

Public key (asymmetric) encryption

Exchanging (symmetric) encryption keys

Signing data to show authenticity and proof of origin

Error detection codes

Detect changes in data

Hash codes and functions (forms of error detection codes)

Detect changes in data

Cryptographic hash functions

Detect changes in data, using a function that only the data owner can compute (so an outsider cannot change both data and the hash code result to conceal the fact of the change)

Error correction codes

Detect and repair errors in data

Digital signatures

Attest to the authenticity of data

Digital certificates

Allow parties to exchange cryptographic keys with confidence of the identities of both parties

Writerbay.net

Do you need help with this or a different assignment? Even when your task is complicated and the deadline is in less than 2 days, you still have every chance to get a good grade for it. How? By completing the order form, you will get the finest custom-written assignment at an affordable price. We also deliver a number of services for free (e.g., revisions, editing, checking the text for authenticity). Use our paper writing service to receive effective help with your homework.


Order a Similar Paper Order a Different Paper