02-Threats and attacks on security_print.pdf

8/9/2019 02-Threats and attacks on security_print.pdf

1/41

1

Threats & Attacks

on security

CS405-Computer Security

By:

Dilum Bandara

Dept. of Computer Science & EngineeringUniversity of Moratuwa

© Dilum Bandara - CSE 2

Outline

p Attacks

p Vulnerabilities

p Threats

n Interception

n Interruption

n Modification

n Fabrication

p Controls


Attacks

p When testing a system for functionalityn Identify how the system can malfunction

n Improve the design to withstand problems

p When analysing a system for security

n Identify ways in which system’s security canmalfunction

n Enforce necessary controls


Terminology

pVulnerabilities

n Is a weakness in the security system

pThreats

n Is set of circumstances that has thepotential to cause loss or harm


Water

Vulnerability


Terminology

p Attacksn A human or another system can exploit

vulnerabilities to initiates an attack

p Control

n Is an action, device, procedure or techniquethat removes or reduces the vulnerabilities

n Example: the finger of the man can control awater leak


2/42


A threat is blocked by controlof a vulnerability


Security Threats

Info.

Source

Info.

Desti.

Data

Normal flow


Security Threats cont…

p Interception

p

Interruption

S D

²

S D

²


Security Threats cont…

p Modification

p Fabrication

S D

S D

A

A


Interception

pAn unauthorized part gain an accessto asset

pThis is an attack on

nConfidentiality

pReally hard to detect a silentinterceptor


Interception cont…

p Approachesn Eavesdropping

n Link monitoring

n Packet capturing

n System compromisation

p Can’t be avoidedn In wireless communication, broadcast,

multicast

n Sore-and-forward approach in protocols


3/43


Interruption

p

An asset of a system is destroyed,unavailable or unusable


n Availability

pEasily detected by a single party orboth parties


Interruption cont…

p

ApproachesnDestruction of hardware

n Physical damages to communicationlinks

n Introduction of noise

nRemoval of routing

n Erase of a program or a file

nDoS attacks


Modification

p Unauthorized parties gain access as wellas tamper with asset


n Integrity

p Can be detected if proper measure aretaken in advance

p Can be detected by both partiesn Digital signature

n Checking ones own work


Modification cont…

pApproaches

nChanging a record in a database

n System compromisation

nMaking use of delays in communication

n

Modify hardware


Fabrication

p An unauthorized party inserts counterfeit(fake) object into the system

p Pretends it was send by an authorizedparty


n Authenticity

p Also related to the non-repudiation


Fabrication cont…

pApproaches

n Adding a new record to a database

n Insertion of new network packet

pMake use of IP spoofing

n Spurious e-mails or web sites

pE-mail from [email protected]

pSimilar domain names www.yaho.com


4/44


Attacks - Passive attacks

p Goal is to obtain information

p Two types of attacks1. Traffic analysis

p Detects the source & destination

p Frequency of transmission & length ofmessages

2. Release of message contentp To gain personal advantages

p Blackmailing parties involved incommunication


Passive attacks cont…

p Harder to detect

p Prevention is the better than detection

Passive threats

Interception

Traffic analysisRelease of message

content


Attacks - Active attacks

p Interruption, modification & fabrication

p Four categories:

1. Masquerading1. Pretends to be some one else

2. Replay

1. Retransmission of passive captured data3. Modification

4. DoS


Active attacks cont…

p Easily detectable

p Harder to prevent

p Can recover from destruction

Active threats

Modification FabricationInterruption

02-Threats and attacks on security_print.pdf

Documents

Transcript of 02-Threats and attacks on security_print.pdf