| Real Threats | Security Techniques |
|---|---|
| Messages can be read by anyone on the internet. | Various symmetric encryption techniques to make sure only sender and receivers can understand the message. Examples: – Advanced Encryption Standard(AES) – Data Encryption Standard(DES) |
| Unencrypted or encrypted messages can be altered by anyone on the internet. | Various Integrity protection techniques like Hash based solutions to detect alteration in messages. Examples: – SHA256 MAC |
| Stealing encryption key on the internet and calculating fixed key | Public private key infrastructure based techniques make sure that keys used for encrypting the message are not fixed and random for each session. Along with it, it also makes sure that message encryption key cannot be steal by anyone by using asymmetric public and private key concepts. Examples: – Rivest, Shamir and Adleman (RSA) – Elliptic Curve Cryptography (ECC) |
| Unauthorized access and illegal control of network and system resources | Authentication and Authorization techniques to make sure only authenticated users with valid credentials are allowed to enter into networks. Along with it, an adequate permission mechanism to set various authorization levels like admin, super admin, user level access, group level access, role based access control (RBAC) and attributes based access control (ABAC). Example: – oAuth (Open Authorization) |
| Physical attacks of devices computing, memory and storage devices | In build security techniques to make sure you have a secure run time execution environment, secure RAM or ROM and Secure storage for any physical attacks. |
IoT – Implementation of various security techniques to address real threats
Technology 