Technical terms: Difference between revisions

From miki
Jump to navigation Jump to search
(Created page with '== Signals == * Rising edge * Falling edge == Security == === Security Services === * Availability * Confidentiality * Integrity ** Authenticity ** Freshness ** Correctness *Non…')
 
 
(One intermediate revision by the same user not shown)
Line 28: Line 28:
* replay attacks
* replay attacks
* cloning attacks
* cloning attacks

=== Attacker ===
* ''Marvin'': malicious attacker


=== Miscellaneous ===
=== Miscellaneous ===
Line 172: Line 175:
Topic
Topic
Objective
Objective

* Accuracy: correct results
* Sensitivity: identified positives (True Positive Rate)
* Specificity: identified negatives (True Negative Rate)
* Precision: correct positive results (Positive Predictive Value)
* Miss Rate: correct negative results (False Negative Rate)
* False Discovery Rate: incorrect positive results
* False Omission rate: incorrect negative results

Latest revision as of 09:09, 5 December 2022

Signals

  • Rising edge
  • Falling edge

Security

Security Services

  • Availability
  • Confidentiality
  • Integrity
    • Authenticity
    • Freshness
    • Correctness
  • Non-repudiation
Authentication
Ensures that the card is the entity claimed. Typically provided by digital signatures.
Nonrepudiation
Makes the actions performed by the cardholder in an electronic transaction nonrevocable so that they are legally binding. Typically provided by digital signatures.
  • Data integrity
Ensures that the information exchanged in an electronic transaction is not alterable without detection. Typically provided by digital signatures.
  • Confidentiality
Keeps the data involved in an electronic transaction private. Typically provided by encryption.

Attacks

  • replay attacks
  • cloning attacks

Attacker

  • Marvin: malicious attacker

Miscellaneous

  • Security Objectives = What we want
  • Security Requirements = What we need to achieve
  • Security Services / Mechanisms = How we do it

reference: Authentication and Identification - by Stephen Downes

Identification
Act of claiming a given identity, where an identity is a set of one or more signs signifying a distinct entity.
Authentication
Act of verifying that identity, where a verification consists in establishing, to the satisfaction of the verifier, that the sign signifies the entity.


reference: ADAPID project - Authentication and identification

Identification
Identification is the process of using claimed or observed attributes of an entity to deduce who the entity is.
Also sometimes referred to as "entity authentication"
Authentication
Authentication is the corroboration of a claimed set of attributes or facts with a specified, or understood, level of confidence. Authentication serves to demonstrate the integrity and origin of what is being pretended.
Data Authentication
Data authentication is the corroboration that the origin and integrity of data is as claimed.
Entity Authentication
  • Entitiy authentication is the corroboration of claimed (partial) identity of an entity and a set of its observed attributes
  • A process whereby one party is assured of the identity of a second party involved in a protocol, and the second has actually participated.
  • (from Handbook applied crypto) the procses whereby one party is assued (through acquisition of corroborative evidence) of the identity of a second party involved in a protocol, and that the second has actually participated (i.e., is active at, or immediately prior to, the time the evidence is acquired)
Data Integrity
(from Handbook applied crypto) the property whereby data has not been altered in an unauthorized manner since the time is was created, transmitted, or stored by an authorized source.
Data origin authentication
(from Handbook applied crypto) type of authentication whereby a party is corroborated as the (original) source of specified data created as some (typically unspecified) time in the past. (by definition, this includes data integrity)

4-Step Security Model (firewall)

  1. Authentication (who are you)
  2. Authorization (what are you allowed to do)
  3. Availability (Is the data accessible)
  4. Authenticity (Is the data intact)

→ may had step 0) Admissibility (Network admission / source endpoint control to determine that the device is free of malware, like keylogger)

Tamperproofness model

  • Prevent
  • Detect
  • React
  • Remediate model

Lifecycle

  • Initialisation
  • Manufacturing
  • Deployment
  • Registration
  • Utilisation
  • Activation
  • Maintenance
  • Termination
  • Dismantlement
  • Diagnostics

Generation Distribution Maintenance


Miscellaneous

Resource Contention

Break-out parallel discussion

process corroborate completeness pairing evidence soundness model assurance impersonation threat model assured transferability monitoring protocol implementation participated legacy constraints verifier power claimant cost maintenance protocol algorithm parameter initialization utilisation set-up immunity confidentiality integrity message integrity authentication source authentication origin authentication target authentication confusion injection input injection dispersion diffusion actuator

Administration Management


Differentiating Benefits Enable new market Product differentiator Cost-effective solution Innovative step Gap compared to competition


Vertical / Horizontal project


Low Power Power-wise (efficient = low ratio energy / operation) Energy-wise (the whole protocol must be efficient)


Policy making Consultation Mechanisms Definitions Distinctions Safeguards


Biometrics

   Technique commonly known as the automatic identification and verification of an individual by his or her physiological characteristics.

Domain

   Cluster
   Pie
   Sector
   Area
   Topic
   Objective
  • Accuracy: correct results
  • Sensitivity: identified positives (True Positive Rate)
  • Specificity: identified negatives (True Negative Rate)
  • Precision: correct positive results (Positive Predictive Value)
  • Miss Rate: correct negative results (False Negative Rate)
  • False Discovery Rate: incorrect positive results
  • False Omission rate: incorrect negative results