The secure internet application for business education on the website The 85 th SIEC/ISBE...
-
Upload
darcy-watson -
Category
Documents
-
view
217 -
download
1
Transcript of The secure internet application for business education on the website The 85 th SIEC/ISBE...
The secure internet application for business education on the website
The 85th SIEC/ISBE International Conference 2013 in Berlin, Germany, August 5-9, 2013
Sok Hwan Cho, Ph D.(KAIM, South Korea)Sok Pal Cho, Ph. D.(Sungkyul University, South Korea)
Index
1. Network Concept1.1 Network Component1.2 Network Interconnection1.3 Internet1.4 Paradigm Shifts of B.E
2. Threats in Internets2.1 Vulnerabilities of terminals on the Internet2.2 Network Vulnerabilities2.3 Preventing from external attackers
3. Secure Internet Application3.1 Information Ambiguity (Ambiguousness) 3.2 Firewall or Demilitarized Zone
3.3 Secure Channels -
4. Conclusion
A network is the interconnection of a set of terminals capable of communication. In this definition, a device can be a host such as a large computer, desktop, laptop, workstation, cellular phone, or security system. A terminal in this definition can also be a connecting device such as a router a switch, a modem that changes the form of data, and so on.
1. Network
An internet is two or more networks that can communicate with each other. It is composed of thousands of interconnected networks.
1.3 The Internet
Understanding about terminals.
The basic components of network>
1.4 Paradigm Shifts of education on the network
Teacher oriented education learner oriented education
Group education,
Community education,
Uniformed education
Distributed education,
Individual ordered education,
Lifelong education
Network
Off-line education : physical classroom education , On-line education : website education; distance learning, e-m-u-/learning
2. Threats of Internet
a kind of threats;– Unauthorized access.
– Malicious software; Virus, Worm, Trojan Code
– Software failure.
– Denial of service.
– Modification by unauthorized person.
– Calamity.
– Interception by unauthorized person.
– Etc.
Annoying learning activities
2.1 Vulnerabilities of Terminal on the Internet
Hardware
Interception (Theft)
Interruption (Denial of Service)
Modification Fabrication (Substitution)
Software
Interruption (Deletion)
FabricationModification
Interception data
Interruption (Loss)
Interception
ModificationFabrication
2.3 Network Vulnerabilities1
Target Vulnerability
Authentication failures
-Impersonation-Eavesdropping -Spoofing-Session hijacking
Programming flaws
-Buffer overflow-Addressing errors-Parameter modification, time-of-check to time-of-use errors-Malicious active code: Java, Active-Malicious code: virus, worm, Trojan horse
• If A1 send a message to B3(A1 B3), it may be routed hosts C or D. Host C may provide acceptable security, but not D.
Figure Uncertain Message Routing in a Network
Network BNetwork A
Host C
Host D
Host B3
Host A1
2.3.2 Network Vulnerabilities(Uncertain Message)
In an impersonation(imitate), an attacker has several choices:Guess the identity and authentication details of the target.Pick up the identity and authentication details of the target
from a previous communication or from wiretapping. Circumvent or disable the authentication mechanism at
the target computer.Use a target that will not be authenticated.Use a target whose authentication data are known.
2.3.4 Network Vulnerabilities(Impersonation)
• A malicious middleman intercepts the response key and can then eavesdrop on, or even decrypt, modify, and re-encrypt any subsequent communications between two terminals.
2.3.6 Network Vulnerabilities(Interception)
User 1
Key Distributor
Malicious Interceptor
Figure Key Interception by a Man-in-the-Middle Attack
User 2
• Web Site Defacement(damage)– One of the most widely known attacks is the web site
defacement attack.
– Web sites are designed so that their code is downloaded, enabling an attacker to obtain the full hypertext document and all programs directed to user in the loading process.
– The download process essentially gives the attacker the blueprints to the web site.
2.3.7 Network Vulnerabilities (Website vulnerabilities)
Hypertext:
• Echo-Chargen (connection flooding)– Chargen is a protocol that generates a stream of packets;
– The attackers sets up a Chargen process on host A, and if host A sends a packet to destination host B, B reply to A with echo packet;
– Namely host A produces a stream of packets continuously to host B and host B reply to A, then A and B puts in an endless loop.
send a stream of packet
echo packet
Host A
Set up “Chargen”
Host B
Endless loop
2.3.8 Network Vulnerabilities(Denial of Service)
2.3.10 Distributed Denial of Service(DDoS)
To perpetrate a distributed denial-of-service(or DDoS) attack, an attacker does two things. ① The attacker plants a Trojan horse on a target machine.
That Trojan horse does not cause any harm to the target machine.The Trojan horse file may be named for a popular editor or entered into
the list of processes(daemons)activated at startup.
② The attacker repeats this process with many targets. Each of these target systems becomes what is know as a zombie. The target systems carry out their normal work, unaware of the resident
zombie.
Ref)Trojan horse 에 대한 유래 설명
• Cryptosystem is a system for encryption and decryption.
encryption decryption
Original plaintextplaintext ciphertext
3.1.2 Cryptosystem
3.2.1 Introduction of I&A (Individual I&A)• Individual I&A determines the individual learner or user
interacting with a process. In example is logging on a computer as shown figure.
I&A
system
Which of the learner that I know are you?
Individual identification and authentication representation
3.2.2 I&A Procedure• I&A service is requested by a using function, which has
the responsibility of passing information to the I&A service to determine an identifier and authenticators.
Using function
I&A service
Learn
er, User
Request I&A service
I&A result
Request ID, authenticatorClaimed ID, authenticator
Generic interaction model of I&A service
Permit
3.2.3 Type of I&A
• Three general strategies exist to satisfy I&A requirements: automated I&A, physical I&A and procedural I&A.
- Physical and procedural I&A includes measures such as a human guard reviewing ID badges, or a sign-in procedure.
- Automated I&A design encompasses computer-based measures such as user IDs and password.
Firewall or DMZ
B.E
Application Server
B.E State Server
B.E DB server
B.E Web server
Cache
Memory
Attacker
3.3 Protecting using a firewall or DMZ
A packet filter firewall intercepts all traffic coming and going from a port P and inspects its packets
- Data from coming or going to mistrusted address are rejected.
request requestPacket filter firewall
External host Local hostP
Internet
3.3.1 Packet filter firewall
3.4 Secure Internet Application for business education
• Secure Channels; for sensitive communication across a public network, create encrypted secure channels to ensure that data remains confidential in transit.
• Demilitarized zone; separates the business functionality and information from the Web servers.
• -Protection Reverse Proxy; protects the server software at the level of the application protocol.
• Known partners; identify partner by Identification and Authentication.
Users (Learner, Teachers, etc.)
I&A with E/D
1st step: E/D: Encryption/Decryption
2nd step: Firewall(Packet, Proxy, State full)
2nd step: I&A: Identification & Authentication
ISP: Information Service Provider
E/D
E/D
E/D Learning Contents
3.4.1 Secure Internet 1
4. Conclusion
▣ Secure internet channel provides;
Protecting user from attackers on the cyber space
Better securing the e, m, u-learning systems that store, process, or transmit the information of learning contents
More learning opportunities
Improving interactions.
Improving higher quality
Enabling well-informed LMS(Learning Management System)