In this video, you will learn to describe who are the primary actors in cybercrime and what are the motives of each. So what is security? Within the principles of security, certainly, we'll hear about CIA. That talks about confidentiality, integrity, and authentication. So it's actually a little wider than that, right? So confidentiality, is a major principle. This is where only the sender and the receiver, can understand the message. So if it is intercepted midway, we'll take a look at some diagrams for that, that those intercept doors will not be able to understand the message. So fundamentally, the sender, which would be Bob right in the literature, sends the encrypted message. Alice on the other end, receives and decrypts the message. Associated with this is authentication, where the two senders Alice and Bob in our example, need to confirm the identity of each other, before sending a message. Equally important for authentication, is integrity, that the sender and receiver, Alice and Bob, want to have some assurances that the message has not been changed, right? Whether this is going to be in transit or whether it's going to be in some intermediate stage on the receiver's end. Most importantly, has it been changed and they want to be able to ascertain if it's been changed without detection. We will look at several mechanisms for that to happen. Last, is the access and availability, right? So that the security services, the IT services that are available in the enterprise, have the correct access control mechanisms in place and also has significant availability to allow the enterprise to operate according to spec. I'm a big fun of Sun Tzu. The Art of War teaches us not to rely on the likelihood, the enemy is not common, but our own readiness to receive him. Not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. So this speaks to that principle of a well, it couldn't happen to me. Largely, you need to be ready. I'll follow onto this, the combination of space, time, and strength. They must be considered as the basic elements of this theory of defense, makes us a fairly complicated met. Consequently, it's not easy to find a fixed point of departure, right? So security is a complex field that's dynamic and changing. Before we jump into the dynamics and the interaction with cryptography, let's take a look at the playing field, so that we can get the lexicon, the terms defined, and the actors. Well, so Alice, Bob, and Trudy, you'll see this throughout cryptography literature. So it's A, B, and T, are the actors back in the 60's in a few papers. These were given names; Alice, Bob, and Trudy and they continue today. So Bob and Alice want to communicate securely. They can be for any reason, or personal reason, or business reason. Trudy, who is the interceptor, desires to intercept, delete, add messages, change messages; effectively a bad actor. So we take a look at the diagram here on Slide 7. We see Alice on the right-hand side and Alice has some data. This could be an email, it could be a note, could be a Web page, number of elements for that. She secures this message, moving from clear text to ciphertext, transmits it across a channel. Now, the channel can be any form of transmission that we can consider. So certainly, email, direct transfer, file transfer, protocol. It could be a text message these days. Back in the Napoleonic period, this would be a letter that a young naval midshipmen may carry between Whitehall and other parts of London. So the channel, right? Is the transmission mechanism. Within the channel, is the data. This is the payload, right? Control messages, who is it going to? How long is it good for? What's the address of the recipient Bob in this case? Obviously, in the Internet world, we look at IP addresses. We look at mac addresses. In the manual world, we think about the Napoleonic era, when British intelligence started its ascendancy. This would be a name and a physical mailing address. So physical mailing addresses are manual interpretations of control messages. So Bob receives the message, decodes it, and has the clear text that Alice sent to him. Trudy has the ability to intercept these messages on the channel. But because of the secure nature of the encryption, the protection for that, cannot read, delete, alter those message. So who could Bob and Alice be? Well, they could be Bob and Alice. There's no reason it's not real people. But that also could be a client-server relationship, right? Client servers in banking elements, DNS servers communicating with clients during the IP lease phase. Certainly, network routers, right? Exchanging information with other routers and updating tables. There's other examples, such as firewalls communicating with security intelligence systems, security intelligence systems communicating with database protection. So we have the sender and the receiver, many instantiations of that. So our next slide, nine right now, the NIST group from the US government, right? Has a very reliable computer security practice. I have a definition for computer security that's been provided. The protection afforded to an automated information system, in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources. It includes hardware, software, firmware, information data, and telecommunications. So taking a look in reverse order, right? The scope of computer security is the OSI protocol stack that starts with applications on the top, moves down to the presentation and the session, down through the transport layers, down into the physical layers. All of those are within scope of computer security. You'll notice, that this is the protection provided to an automated information system. So this is protection for not only the platforms, the host, software, but the information that these systems are processing.
