ABSTRACT
With the rapid growth of networking and Internet-dependent activities in our daily lives, security has become an important issue. The security concerns are manifold: If the computer is viewed as a trustworthy box containing only legitimate software, then security concerns relate to data in transit. The main concern here is that almost all these communications take place over public networks, and these networks are accessible to anyone. So how do we prevent an eavesdropper from stealing sensitive data, like our credit card numbers or social security numbers that may be in transit over a public network? How can we preserve the secrecy of a sensitive conversation between two agencies over a public network? These concerns relate to data security. Another aspect questions the trustworthiness of the machines that we work with. Data thieves constantly attack our computing equipment by sending virus and worms, which intrude our systems and compromise the software or the operating system — as a result the integrity of our machines becomes a suspect. Spywares steal our sensitive data. Trojan horses, in the disguise of carrying out some useful task, indulge in illegitimate activities via the backdoor. These concerns relate to system security. This chapter primarily addresses data security — only a brief discussion of system security appears towards the end. Data security requirements. There are six major requirements in security. These are:
Confidentiality. Secure data must not be accessible to unauthorized persons. Integrity. All modifications must be done via authorized means only. Data consistency should
never be compromised. Authentication. The identity of the person performing a secure transaction must be established
beyond doubt. Authorization. The user’s actions must be consistent with what he or she is authorized to do.
