Doman’s CSCI 101 SectionsDoman’s CSCI 101 Sections
http://www.flickr.com/photos/selvin/2762032143/
Computer CrimeMaking and Spreading Viruses
Stealing Corporate Data
Destroying Corporate Data
Stealing Personal Data
Credit card or bank fraud
Identity theft
Denial of Service Attackyou can shut down cnn.com by quickly hitting it
with thousands of bogus requests
Legal Issues
Consequences of computer crimeOr.. 4 bad things that can happen...
Someone gains access to something they are not allowed. - Unauthorised Disclosure
Someone pretends to be someone else to get something they are not allowed. - Deception
Prevent someone from doing their work or prevent the system from doing its work. - Disruption
Something gains control of a system, data or functions for which it is not authorized. - Usurption Copyright: Dave Bremer
Otago Polytechnic, N.Z.©2008, Prentice Hall
Assets – What to secure
Computer Security TriadThree key objectives are at the heart of
computer security
Data and
services
Availability
Confidentiality
Integrity
Threats to Physical SecurityTheftDamage to hardware
Accidental Fire, flood, and earthquake
Destructive Accident Act of terrorism
Unauthorized accessSnooping
Example of Snooping:Wardriving / Warwalking, Warchalking,
Wardriving/warwalking -- driving/walking around with a wireless-enabled notebook looking for unsecured wireless LANs
Warchalking -- using chalk markings to show the presence and vulnerabilities of wireless networks nearbyE.g., a circled "W” -- indicates a
WLAN protected by Wired Equivalent Privacy (WEP) encryption
[Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
[Picture from Wikipedia]
Physical protection measuresRestrict physical access to sensitive
network equipment
Guards, security cameras
Backup copies and archives
Cables and locks (e.g., for notebooks)
Authentication policies
Authentication: Password-Based
Determines if user is authorized to access the system
Determines privileges for the userWhat makes a good password?
Authentication : Biometrics Something the individual is
Static Biometrics: Fingerprint, faceSomething the individual does
Dynamic Biometrics: handwriting, voice recognition, typing rhythm
Threats to Software and DataNatural and man-made disaster protection
Fire, flood, and earthquake protectionAccident and terrorism protection
Threats from authorized personnel
Malware
Protection from disasters
Backup copies and archives
Computer CrimeMost corporate computer crime
is done by employees 58% unauthorized employees 24% authorized employees 13% outside hacker 5% other
Legal Issues
Access ControlDictates what types of access are permitted,
under what circumstances, and by whom.
Protection from authorized users
Role Based Access Control
Role: Cat
Role: Dog
Role: Bird
Malware == Harmful SoftwareGeneral term for any Malicious softWare
Software designed to cause damage Or use up the resources of a target computer.
Some malware is parasiticContained within other software
Some malware is self-replicating, others require some other means to propogate.
Logic BombOne of the oldest types of program threat,
predating viruses and worms, is the logic bomb.
Explodes when certain conditions are metPresence or absence of certain filesParticular day of the weekParticular user running application
Malware
Malware
usually destroys files copies itself ex - a MSWord macro sent via email
Viruses
Virus
Objective: gain control of network and computer Zombie is the infected computer
Attackers access lists of zombie PCs and activate them to help with other bad things or sometimes just with games
Launch attacks that are difficult to trace to bot’s creator
Collection of bots is a botnet
BOTS or ZOMBIES
Malware
Attacker attempts to prevent legitimate users from accessing information or services.
1. select target
2. break into hosts around the network (see botnet)
3. send packets to target from compromised hosts
target
Introduction 1-24
MalwareDenial of Service DoS
Most common: flooding a network with information
Malware
objective: steal information personal information (bank account info, …) passwords e.g. monitor and transmit your keyboard
input AdWare
Spyware
TrapdoorSecret entry pointUseful for programmers debugging
But allows unscrupulous programmers to gain unauthorized access.
Backdoor –
Malware - How they get in
Trojan HorseUseful program that contains hidden code
that when invoked performs some unwanted or harmful function
Replicates itselfThe really bad ones wait for a particular date
Not a virus, but a means to transport viruses
Malware - How they get in
Email is not secure
There are some products and adds-on to make it secure or encrypted.
Email is permanent
Email Security
Email is not secure
Anti-Virus Software looks for known viruses and common virus formats
Anti-Spyware Software
Keep operating system and protection programs updated with latest fixes.
If you notice anything odd, like your computer seems to slow down or crash for no apparent reason,
Run your anti-virus and anti-spyware programs!
Protection from malware
University and Industry security research
Honeypot System or network designed to attract
malwareWhen discovered, the malware is
researched An antidote is written
Protection from malware
WormsObjective is to destroy the network (not your
PC)
Use network connections to spread from system to system, replicating itself
Email virus has elements of being a worm (self replicating)But normally requires some intervention to
run, so classed as a virus rather than worm33
Malware
Network Security ThreatsQ: What can a “bad guy” do?A: A lot!
eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source
address in packet (or any field in packet)hijacking: “take over” ongoing connection
by removing sender or receiver, inserting himself in place
denial of service: prevent service from being used by others (e.g., by overloading resources)
Starting to think about network security
Protection for Network SecurityWe need to ensure:1.Messages get to destination without being altered 2.Only the persons we want will read our messages3.We need to ensure that source of message is who/what you think it is4.Sender and receiver are not being impersonated
Message Digests
Encryption
Digital Signatures
Certification Authorities
We need to ensure messages get to destination without being altered
Message Digests
Protection for Network Security
42
Message IntegrityAllows communicating parties to verify
that received messages are authentic.Content of message has not been altered
Achieved with1.Message digests2.Digital signatures3.Certification Authorizations
43
Message DigestsFunction that uses the
actual message data to come up with a short code or ID. This is called a : “message signature”
Attach that to the message
MACMessage
(Message Authentication Code)
44
Compare Message Authentication Code (MAC) to ensure message integrity
mes
sage
Message Digest Function
MAC
mes
sage
mes
sage
compare
Message Digest Function
MAC MAC
MAC
MAC
We need to ensure only the persons we want will read our messages
Encryption
Protection for Network Security
46
Simple encryption schemesubstitution cipher: substituting one thing for another
monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbc
E.g.:
Key: the mapping from the set of 26 letters to the set of 26 letters
Encryptionsymmetric key encryption1 encryption key
public key encryption2 encryption keys
49
Symmetric (Shared) key cryptography
symmetric key crypto: Bob and Alice share same (symmetric) key: K
e.g., key is knowing substitution pattern in mono alphabetic substitution cipher
Q: how do Bob and Alice agree on key value? Symmetric (shared) key exchange video
ciphertext
K S
encryptionalgorithm
decryption algorithm
S
K S
K (m)S
Uses key to decode message
Uses key to encode message
50
Public Key Cryptographysymmetric key cryptorequires sender,
receiver know shared secret key
Q: how to agree on key in first place (particularly if never “met”)?
public key cryptography sender, receiver do not
share secret key public encryption key
known to all private decryption key
known only to receiver
51
Public key cryptography
ciphertextencryptionalgorithm
decryption algorithm
Bob’s public key
K B+
Bob’s privatekey
K B-
Uses PUBLIC key to encode message
Can not decode message!
Uses PRIVATE key to decode message
We need to ensure that source of message is who/what you think it is
Digital Signatures
Protection for Network Security
Transfer $1Mfrom Bill to Trudy
Transfer $1M fromBill to Trudy
Playback attack – Who really sent this?
54
Digital Signatures
Cryptographic technique analogous to hand-written signatures.
Sender (Bob) digitally signs document, establishing he is document owner/creator.
Simple digital signature for message m:Bob signs m by encrypting with his
PRIVATE key, creating “signed” message.
We need to ensure that the sender or receiver is not being impersonated
Certification Authority
Protection for Network Security
56
Public-key certificationMotivation: Trudy plays pizza prank on Bob
Trudy creates e-mail order: Dear Pizza Store, Please deliver to me four pepperoni pizzas. Thank you, Bob
Trudy signs order with her private keyTrudy sends order to Pizza StoreTrudy sends to Pizza Store her public key, but
says it’s Bob’s public key.Pizza Store verifies signature; then delivers four
pizzas to Bob.Bob doesn’t even like Pepperoni
57
Certification AuthoritiesCertification authority (CA): binds public key to
particular entity, Bob.Bob(person, router) registers its public key
with CA.Bob provides “proof of identity” to CA. CA creates certificate binding Bob to its public key.certificate containing Bob’s public key digitally signed
by CA – CA says “this is Bob’s public key”Bob’s public
key
Bob’s identifying
information
certificate for Bob’s
public key, signed by
CA
58
Certification AuthoritiesWhen Alice wants Bob’s public key:
gets Bob’s certificate (Bob or elsewhere).apply CA’s public key to Bob’s certificate,
get Bob’s public key
Bob’s public
key
Firewalls
FirewallsPrevent access to the network by
unauthorized usersComposed of software and/or hardware
61
SSL: Secure Sockets LayerWidely deployed security protocol using
Encryption (especially credit-card numbers) Server authentication
Provides Confidentiality Integrity Authentication
Identified by the prefix https://
62
Virtual Private Networks (VPNs)Institutions often want private networks
for security. Costly!
With a VPN, institution’s inter-office traffic is sent over public Internet instead. But inter-office traffic is encrypted before
entering public Internet
Client must sign in to VPN to access the network
Protection via Security PolicyHardware security
Lock desktopsLaptops, phones,
etcLog off!!
Password SecurityPassword strengthChanging password
Encryption
Resource SecurityFilesMark document as
finalPassword protectCopyright
Top Related