17/02/2016

1

CSC9UT4 (Managing Information) Computer Security, Lecture 1

Nadarajen Veerapen http://www.cs.stir.ac.uk/~nve

nve@cs.stir.ac.uk

Based on slides by Jingpeng Li

Reference

Charles P. Pfleeger, Shari L. Pfleeger: Security

in Computing. 4th Ed. Prentice Hall

Professional, 2006

Available at the library as an e-book

2

17/02/2016

2

Motivation

Computer systems handle sensitive information

Medical data

Financial data

Personal data

Business data

Data is valuable

Digital vandalism/terrorism

Data breaches often in the news

3

Motivation

The news give more and more examples of the

effects of computer security in our daily life.

Computing entails serious risks to the privacy

and integrity of your data, or the operation of

your computer.

4

17/02/2016

3

Motivation

The news give more and more examples of the

effects of computer security in our daily life.

Computing entails serious risks to the privacy

and integrity of your data, or the operation of

your computer.

5

Motivation

The news give more and more examples of the

effects of computer security in our daily life.

Computing entails serious risks to the privacy

and integrity of your data, or the operation of

your computer.

6

17/02/2016

4

This Lecture

What does “secure” mean?

The properties of secure computing

Traditional: Confidentiality, Integrity & Availability

Additional: Audit

Vulnerabilities, threats & controls

Caesar cipher example

7

What does “Secure” Mean?

How do we protect our most valuable assets? One

option is to place them in a safe place like a bank.

Bank robbery was, for a time, considered to be a

profitable business. Protecting assets was difficult and

not always effective.

Today asset protection is easier. Very sophisticated

alarm and camera systems silently protect secure

places, genetic material (DNA), fingerprints, retinal

patterns, voice, etc.

8

17/02/2016

5

Protecting Money vs. Protecting Information

9

System

Attacker Alice

General Picture

Security is about Honest user (e.g., Alice, Bob, …)

Dishonest Attacker

How the Attacker • Learns information intended for Alice only (Confidentiality)

• Disrupts honest user’s use of the system (Integrity, Availability)

10

17/02/2016

6

Network Security

Network Attacker Intercepts and controls network communication

Alice

System

11

Web Security

Web Attacker

Sets up malicious site visited by

victim; no control of network

Alice

System

12

17/02/2016

7

Operating System Security

OS Attacker

Controls malicious files and

applications

Alice

13

Desired Outcome

System

Attacker Alice

Confidentiality: Attacker does not learn Alice’s secrets

Integrity: Attacker does not undetectably corrupt system’s function for

Alice

Availability: Attacker does not keep system from being useful to Alice

14

17/02/2016

8

Goals of Security for Data

prevents unauthorised

disclosure of a data

item.

prevents unauthorised modification

prevents denial of

authorised access

15

16

Availability

Authentication

Identifying an individual as being genuine and not an imposter

Achieved by checking something a user Knows: PIN, pswd, DOB

Has: key, card, uniform

Is: face, fingerprint, iris scan

Combine two or more for more secure systems

Authorisation

Concerned with what an user is allowed to do

Computer system levels User: create/edit files in

their local space, cannot install software

Manager: edit files in project workspaces

Administrator: install software, configure printers, manage accounts

17/02/2016

9

Additional Property

Confidentiality, Integrity, Availability are related to prevention

Other important property of security is audit, related to taking actions after an attack.

Audit: the ability to conduct a methodological and thorough review of a system

Rely on logging/recording actions of system and users

May prevent attack and dissuades the attacker due to audit trail left behind (skilled hackers may find ways of covering trails)

17

These three characteristics can be independent, can overlap,

and can even be mutually exclusive.

Challenge: finding the right

balance among the goals,

which often conflict.

E.g. We can preserve an

asset’s confidentiality by

preventing everyone from

reading it. But then it is not

available!

18

Challenge

Confidentiality

Availability Integrity

Secure

17/02/2016

10

Characteristics of Computer Intrusion

The computing system is a collection of hardware, software, data, and people that an organisation uses to perform computing tasks.

Any part of a computing system can be the target.

19

Sometimes, we assume that

parts of a computing system

are not vulnerable to an

outsider, but often we are

mistaken.

Any system is most

vulnerable at its weakest

point.

A computer system has three separate but valuable

components: hardware, software and data.

A vulnerability is a weakness in the security system that

might be exploited to cause loss or harm.

A threat is a possible danger to the system.

The danger might be a person (a system cracker or a spy), a thing

(a faulty piece of equipment), or an event (a fire or a flood).

We use a control as a protective measure.

A control is an action, device, procedure, or technique that

removes/reduces a vulnerability.

20

Vulnerabilities, Threats & Controls

17/02/2016

11

Relationship among threats, controls, and vulnerabilities

A threat is blocked by control of a vulnerability.

To devise controls, we must know as much about threats

as possible.

• The water is a threat to the

man (get wet, hurt,

drowned)

• A small crack in the wall -

a vulnerability that

threatens the man’s

security. If the water rises

to the level of the crack, it

will exploit the vulnerability.

21

Vulnerabilities, Threats & Controls

22

Vulnerabilities

Hardware: adding/removing devices, intercepting the traffic to them, or flooding them with traffic until they can no longer function.

Software: replacing, changing or destroying software maliciously or accidentally (e.g. virus, information leaks).

Data: data have a definite value, even though that value is often difficult to measure.

Example 1: confidential data leaked to a competitor

may narrow a competitive edge

Example 2: flight coordinate data used by an airplane that is guided partly or fully by software

Can cost human lives if modified

17/02/2016

12

Threats

• Interception: unauthorised access to an asset. Eg. Illicit copying of program or data files, wiretapping to obtain data in a network.

• Interruption: an asset becomes lost, unavailable, or unusable. Eg. Malicious destruction of hardware, erasing programs or data files.

• Modification: an asset is tampered by an unauthorised party. Eg. Changing values in a database, alter programs to perform additional computation.

• Fabrication: an unauthorised party creates counterfeit objects. Eg. Adding records to a database, spurious transactions in a network.

23

Controls Available

Encryption: ‘scrambling’ data

Software controls: programs must be secure to prevent outside attack. Internal controls (access limitations), operating systems and network controls, independent control programs (virus scanner, intrusion detection)

Hardware controls: several devices such as smart card encryption, locks or cables, firewalls, devices to verify identity, intrusion detection systems

Policies and procedures: agreed among users such as frequent changes of passwords, training to enforce importance of security

Physical controls: door locks, guards at entry points, backup of software and data

24

17/02/2016

13

Controls Available: Encryption

The formal name for the scrambling process.

Take data in their normal, unscrambled state, called plaintext, and transform them so that they are unintelligible to the outside observer (ciphertext).

Addresses the need for confidentiality of data.

It can be used to ensure integrity: data that cannot be read generally cannot easily be changed in a meaningful manner.

25

Caesar Cipher

Method familiar to the emperor Julius Caesar

(ignoring 2,000 years of progress in encryption).

Replacing A → D, B → E, C → F

… (shift of a fixed length).

26

17/02/2016

14

Consider performing arithmetic on the "letters" of a message Expressions such as A + 3 = D or K - 1 = J have

their natural interpretation.

Modular arithmetic: performed as if the alphabetic table were circular

• Result of an arithmetic operation is between 0 and 25

• Ex. Y + 3 = B (and B – 3 = Y)

Two simple forms of encryption: Substitutions: one letter is exchanged for another

Transpositions: the order of the letters is rearranged

27

Caesar Cipher

Cryptanalysis of Caesar’s Cipher Suppose you are given the plaintext

wklv phvvdjh lv qrw wrr kdug wr euhdn

1) The break between two words is preserved

2) English has relatively few short words, such as am, is, to,

do, he, we, and, you, she, etc.

3) There is strong clue in the repeated r of the word wrr, such

as see, too, add, odd, off, …

4) Since wr is also a word, it is likely to be to, of, etc. Then

the message probably is wklv phvvdjh lv qrw wrr kdug wr euhdn

T--- ------- -- -OT TOO ---- TO -----

Cryptanalysts have list of common prefixes, suffixes and words having particular patterns, such as word sleeps for pattern abccda.

28

17/02/2016

15

Summary

Attempts to ensure the confidentiality, integrity, availability of computing systems' components.

3 pieces of commuting system are subject to attack: hardware, software, data, together with communications among them.

4 kinds of attacks to computing systems: interception, interruption, modification, and fabrication

Controls can be applied at all levels: encryption (data), software, hardware, policies and procedures, physical controls

29