1587: COMMUNICATION SYSTEMS 1 Introduction to Security
description
Transcript of 1587: COMMUNICATION SYSTEMS 1 Introduction to Security
![Page 1: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/1.jpg)
1587: COMMUNICATION SYSTEMS 1Introduction to Security
Dr. George Loukas
University of Greenwich, 2014-2015
![Page 2: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/2.jpg)
![Page 3: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/3.jpg)
Sep-3
9Jan
-40
May-40Se
p-40Jan
-41
May-41Se
p-41Jan
-42
May-42Se
p-42Jan
-43
May-43Se
p-43Jan
-44
May-44Se
p-44Jan
-45
May-45
0100000200000300000400000500000600000700000800000
Shipping lost to u-boats (in tons)
![Page 4: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/4.jpg)
Sep-3
9Jan
-40
May-40Se
p-40Jan
-41
May-41Se
p-41Jan
-42
May-42Se
p-42Jan
-43
May-43Se
p-43Jan
-44
May-44Se
p-44Jan
-45
May-45
0100000200000300000400000500000600000700000800000
Shipping lost to u-boats (in tons)
![Page 5: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/5.jpg)
NCZW VUSX PNYM INHZ XMQX SFWX WLKJ AHSH NMCO CCAK UQPM KCSM HKSE INJU SBLK IOSX CKUB HMLL XCSJ USRR DVKO HULX WCCB GVLI YXEO AHXR HKKF VDRE WEZL XOBA FGYU JQUK GRTV UKAM EURB VEKS UHHV OYHA BCJW MAKL FKLM YFVN RIZR VVRT KOFD ANJM OLBG FFLE OPRG TFLV RHOW OPBE KVWM UQFM PWPA RMFH AGKX IIBG
FORCED TO SUBMERGE DURING ATTACK, DEPTH CHARGES.LAST ENEMY LOCATION 08:30, NAVAL GRID AJ 9863, 220 DEGREES, 8 NAUTICAL MILESI AM FOLLOWING THE ENEMYBAROMETER 1014 MILLIBAR TENDENCY FALLING, NORTH NORTH EAST 4, VISIBILITY 10.
![Page 6: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/6.jpg)
AHXR VUSX PNYM INHZ XMQX SFBX BLKJ AHSH NMCO CCAK UQPM KCSM HKSE INJU SBLK IOSX CKUB HMLL XCSJ USRR DVKO HULX TCCB GVLI YXEO BCZA HKKF VDRE CEZL XOBA FGYU JQUK GRTV UKAM EURB VEKS UHHV OYHA BCJU MAKL FKLM YFVN RIZR VVRT KOFD ANJM OLBG FFLE OPRG TFLV RHOM OPBE KVJM UQFM PLPA RMFH AGKX IIBG ABLT STIE ANFQ LOTZ LPTR OURE JVMR SDAL PITC ZSET LGSO HPIY QTLF HCOT PATG HUVX LOUS MEAP DLEF NSQZ MYTR OIFD HGYC SPGO ZEOP GJSL BNDM TYLA FSLV ZBJA
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
![Page 7: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/7.jpg)
![Page 8: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/8.jpg)
![Page 9: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/9.jpg)
Sep-3
9Jan
-40
May-40Se
p-40Jan
-41
May-41Se
p-41Jan
-42
May-42Se
p-42Jan
-43
May-43Se
p-43Jan
-44
May-44Se
p-44Jan
-45
May-45
0100000200000300000400000500000600000700000800000
Shipping lost to u-boats (in tons)
![Page 10: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/10.jpg)
500 BCSkytale 9th century
Al-Kindi1918
(enigma machine)
1976(Public-Key
cryptography)
CRYPTOGRAPHY
Cryptography
![Page 11: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/11.jpg)
Single-key cryptographyAlso known as symmetric cryptography.
A binary message is encrypted and decrypted using the same secret key.The simplest type of binary encryption/decryption is to XOR each bit of the message with the secret key.
XOR =XOR =XOR =
logicalXOR
Message 1010100101010011010110 Key 0110011001010100110001
Encrypted message 1100111100000111100111
XOR
![Page 12: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/12.jpg)
Cryptographic exerciseXOR =XOR =XOR =
logicalXOR
The hacker is looking for the solutions to the mock test. She knows the approximate format of the URL because that’s what George uses most of the time: http://staffweb.cms.gre.ac.uk/~lg47/lectures/COMP1587/COMP1587-MockTest2014-XXXX.docx She found the XXXX part but encrypted: 00010000 00010100 00011011 00010010 The encryption function is XOR. What is the XXXX part if the key is 01110101?
01101110 0110011101110101 01110101 01110101 01110101XOR00010000 00010100 00011011 00010010
01100101
e01100001
a s ya = 01100001 f = 01100110 k = 01101011 p = 01110000 u = 01110101 z = 01111010b = 01100010 g = 01100111 l = 01101100 q = 01110001 v = 01110110
ASCII TABLE OF CHARACTERS
c = 01100011 h = 01101000 m = 01101101
r = 01110010 w = 01110111
d = 01100100 i = 01101001 n = 01101110 s = 01110011 x = 01111000e = 01100101 j = 01101010 o = 01101111 t = 01110100 y = 01111001
![Page 13: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/13.jpg)
Confidentiality
CONFIDENTIALITY
![Page 14: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/14.jpg)
IntegrityJan. 2010: Spanish PM’s website defaced
June 2010: Stuxnet
CONFIDENTIALITY INTEGRITY
A computer program that altered the motor speeds of an Iranian nuclear facility’s centrifuges.
A common method is to use Cross-site Scripting (XSS)
<script>document.body.background="http://your_image.jpg";</script>
![Page 15: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/15.jpg)
Availability2004: US businessman hires hackers to launch Denial of Service attacks against competitors. $2 million in losses.
2002: UK teenager disables Port of Houston web systems accidentally, while trying to take cyber-revenge over a girl.
2000: Canadian teenager knocks offline Amazon, yahoo, CNN, eBay ….
2008: Georgia accuses Russia of coordinated availability attacks, coinciding with military operations in South Ossetia.
2007: Estonian parliament, newspapers and banks are knocked offline by Russian hacktivists over a political issue
CONFIDENTIALITY INTEGRITY AVAILABILITY
Lately: The group Anonymous have been launching availability attacks for political purposes
A Denial of Service attack (DoS) is any intended attempt to prevent legitimate users from reaching a specific network resource.G. Loukas and G. Oke. Protection Against Denial of Service Attacks: A Survey. Comp. Journal, 53(7): 1020-1037, 2010
![Page 16: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/16.jpg)
Example DoS: Reflector attack• Send packets to
several computers pretending to be the target
• When they reply, they all send ACK packets to the target
G. Loukas and G. Oke. Protection Against Denial of Service Attacks: A Survey. Comp. Journal, 53(7): 1020-1037, 2010
A Denial of Service attack (DoS) is any intended attempt to prevent legitimate users from reaching a specific network resource.
CONFIDENTIALITY INTEGRITY AVAILABILITY
![Page 17: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/17.jpg)
Availability Attack Countermeasures
CONFIDENTIALITY INTEGRITY AVAILABILITY
• Replace network components with greater capacity ones
• Redundancy and diversity (more servers, links, nodes etc.)
• Detect attack traffic and filter it out
• Honeypots (to redirect attack to fake targets)
![Page 18: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/18.jpg)
Common countermeasures
CONFIDENTIALITY INTEGRITY
Detect unauthorised access
Detect and remove malicious software
Block/filter connections to critical systems
Protect real users by attracting attacks to fake users
Set strict rules for users to reduce security breaches
![Page 19: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/19.jpg)
Cyber-physical attacks
![Page 20: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/20.jpg)
Underlying causes of security failures Monopolies present juicy targets. A single vulnerability affects
millions of people
Deficit of computer security experts in the market
Strong at Windows, Linux and network technologiesAbility to think adversariallyAbility to adapt/learn constantlyWriting well-structured and clear reportsWorking in teams
![Page 21: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/21.jpg)
Job adverts
online today
____________
Malware analysisJoanna Rutkowska, Invisible Things Lab
White hat hacker, Google“Security Princess” Parisa Tabriz
Director of Technology StrategyJames Lyne, Sophos
![Page 22: 1587: COMMUNICATION SYSTEMS 1 Introduction to Security](https://reader033.fdocuments.in/reader033/viewer/2022061509/56816631550346895dd99a4c/html5/thumbnails/22.jpg)