written 6.1 years ago by | modified 6.1 years ago by |
When we say Security, it is concerned with various aspects like Computer security, Network security, Database security etc.
Multimedia security deals with securing multimedia data such as text, image, audio and video.
Need for Security
Protect data during their transmission.
Guarantee that data transmission are authentic.
Consider following examples:
User A transmits a sensitive information file to user B. The unauthorized user C is able to monitor the transmission and capture a copy of the file during its transmission.
While transmitting the message between two users, the unauthorized user intercepts the message, alters its contents to add or delete entries, and then forwards the message to destination user.
Interception means to prevent someone or something from continuing to a destination
Security comes with the sense of preventing:
$\hspace{1.5cm}$ Message Confidentiality
$\hspace{1.5cm}$ Message Integrity
$\hspace{1.5cm}$ Message Authentication
$\hspace{1.5cm}$ Message Nonrepudiation
$\hspace{1.5cm}$ Entity Authentication
$\hspace{1.5cm}$ Message Availability
Message Confidentiality
Confidentiality is the best security policy.
It assures that data is accessed by authorized entities only. No unauthorized party can have access to the data.
Accessing the data means to read, to print or just to know the existence of data.
If an unauthorized party succeeds in accessing the message, confidentiality is no more maintained.
To achieve confidentiality the message must be encrypted at the sender and decrypted at the receiver.
Example: confidential message sent by A (Gowardhan) to B (Mayuri), which is accessed by C (Prashant) without the permission or knowledge of A and B. This type of attack is called as 'Interception".
Message Integrity
Integrity means data must reach the receiver exactly as it was sent.
Only an authorized person can modify or update the data.
Integrity is achieved when not even single change made in the file.
Example: Suppose bob writes a will. Now the will is made public i.e. people have to be told about the will but no one should be allowed to change the will. Therefore in this case we do not need confidentiality but we need integrity.
Integrity can be achieved using Hash Functions on plain text to get Message Digest.
Message Authentication
Authentication is the process of determining whether someone is in fact, who or what it is declared to be.
In this the receiver needs to be sure of the senders identity i.e. the receiver must be sure that the message is not being send by an imposter.
It is concerned with the proof of identities.
Authentication principle fails when the entity pretends to be another.
E.g. User C (Prashant) sends a message over the network to user B (Govardhan) here, the problem is that user C(Prashant) had posed as user A (Mayur) when he sent this message to user B(Govardhan). How would user know that the message has come from user C (Prashant), who is posing user as A(Mayur)?
Message Nonrepudiation
There are situations where a user sends a message and latter on refuses that he had sent that message.
Message Nonrepudiation means sender must not be able to deny sending a message he or she did send.
Nonrepudiation does not allow the sender of message to refuse the claim of not sending that message.
Message Nonrepudiation can be obtained by using Digital Signatures.
Example:
Entity Authentication
Entity Authentication: This means that the entity (user) should be verified before giving it access to the system resources.
This can be implemented in the following ways:
Passwords : The user must login by providing a password before he/she is given access to the system resources.
Challenge Response: In this case each entity has a unique function which is known only by the entity and the system. The system sends a challenge to the entity which is a random number. The entity applies function to this number and sends back the answer given by the function, as the response. Now the system checks the answer; if the answer is correct the entity is given access to the system resources.
Message Availability
The principle of availability states that resources should be available to authorized parties at all times. The information created and stored by an organization needs to be available to authorized entities.
Information is useless if it is not available. The unavailability of information is just as harmful for an organization.
Example: The situation can be difficult for a bank if the customer could not access their accounts for transactions.