02-Threats and attacks on security_print.pdf

download 02-Threats and attacks on security_print.pdf

of 4

Transcript of 02-Threats and attacks on security_print.pdf

  • 8/9/2019 02-Threats and attacks on security_print.pdf

    1/41

    1

    Threats & Attacks

    on security

    CS405-Computer Security

    By:

    Dilum Bandara

    Dept. of Computer Science & EngineeringUniversity of Moratuwa

    © Dilum Bandara - CSE 2

    Outline

    p Attacks

    p Vulnerabilities

    p Threats

    n Interception

    n Interruption

    n Modification

    n Fabrication

    p Controls

    © Dilum Bandara - CSE 3

     Attacks

    p When testing a system for functionalityn Identify how the system can malfunction

    n Improve the design to withstand problems

    p When analysing a system for security

    n Identify ways in which system’s security canmalfunction

    n Enforce necessary controls

    © Dilum Bandara - CSE 4

    Terminology

    pVulnerabilities

    n Is a weakness in the security system

    pThreats

    n Is set of circumstances that has thepotential to cause loss or harm

    © Dilum Bandara - CSE 5

    Water

    Vulnerability

    © Dilum Bandara - CSE 6

    Terminology

    p Attacksn A human or another system can exploit

    vulnerabilities to initiates an attack

    p Control

    n Is an action, device, procedure or techniquethat removes or reduces the vulnerabilities

    n Example: the finger of the man can control awater leak

  • 8/9/2019 02-Threats and attacks on security_print.pdf

    2/42

    © Dilum Bandara - CSE 7

    A threat is blocked by controlof a vulnerability

    © Dilum Bandara - CSE 8

    Security Threats

    Info.

    Source

    Info.

    Desti.

    Data

    Normal flow

    © Dilum Bandara - CSE 9

    Security Threats cont…

    p Interception

    p

    Interruption

    S D

    ²

    S D

    ²

    © Dilum Bandara - CSE 10

    Security Threats cont…

    p Modification

    p Fabrication

    S D

    S D

    A

    A

    © Dilum Bandara - CSE 11

    Interception

    pAn unauthorized part gain an accessto asset

    pThis is an attack on

    nConfidentiality

    pReally hard to detect a silentinterceptor

    © Dilum Bandara - CSE 12

    Interception cont…

    p Approachesn Eavesdropping

    n Link monitoring

    n Packet capturing

    n System compromisation

    p Can’t be avoidedn In wireless communication, broadcast,

    multicast

    n Sore-and-forward approach in protocols

  • 8/9/2019 02-Threats and attacks on security_print.pdf

    3/43

    © Dilum Bandara - CSE 13

    Interruption

    p

    An asset of a system is destroyed,unavailable or unusable

    pThis is an attack on

    n Availability

    pEasily detected by a single party orboth parties

    © Dilum Bandara - CSE 14

    Interruption cont…

    p

    ApproachesnDestruction of hardware

    n Physical damages to communicationlinks

    n Introduction of noise

    nRemoval of routing

    n Erase of a program or a file

    nDoS attacks

    © Dilum Bandara - CSE 15

    Modification

    p Unauthorized parties gain access as wellas tamper with asset

    pThis is an attack on

    n Integrity

    p Can be detected if proper measure aretaken in advance

    p Can be detected by both partiesn Digital signature

    n Checking ones own work

    © Dilum Bandara - CSE 16

    Modification cont…

    pApproaches

    nChanging a record in a database

    n System compromisation

    nMaking use of delays in communication

    n

    Modify hardware

    © Dilum Bandara - CSE 17

    Fabrication

    p An unauthorized party inserts counterfeit(fake) object into the system

    p Pretends it was send by an authorizedparty

    pThis is an attack on

    n Authenticity

    p Also related to the non-repudiation

    © Dilum Bandara - CSE 18

    Fabrication cont…

    pApproaches

    n Adding a new record to a database

    n Insertion of new network packet

    pMake use of IP spoofing

    n Spurious e-mails or web sites

    pE-mail from [email protected]

    pSimilar domain names www.yaho.com

  • 8/9/2019 02-Threats and attacks on security_print.pdf

    4/44

    © Dilum Bandara - CSE 19

     Attacks - Passive attacks

    p Goal is to obtain information

    p Two types of attacks1. Traffic analysis

    p Detects the source & destination

    p Frequency of transmission & length ofmessages

    2. Release of message contentp To gain personal advantages

    p Blackmailing parties involved incommunication

    © Dilum Bandara - CSE 20

    Passive attacks cont…

    p Harder to detect

    p Prevention is the better than detection

    Passive threats

    Interception

    Traffic analysisRelease of message

    content

    © Dilum Bandara - CSE 21

     Attacks - Active attacks

    p Interruption, modification & fabrication

    p Four categories:

    1. Masquerading1. Pretends to be some one else

    2. Replay

    1. Retransmission of passive captured data3. Modification

    4. DoS

    © Dilum Bandara - CSE 22

     Active attacks cont…

    p Easily detectable

    p Harder to prevent

    p Can recover from destruction

    Active threats

    Modification FabricationInterruption