Final Flashcards
Risk
likelihood that a chosen action or activity
(including the choice of inaction) will lead to a
loss (un undesired outcome)
Risk Management
identification, assessment,
and prioritization of risks followed by coordinated
use of resources to monitor, control or minimize
the impact of risk-related events or to maximize
the gains.
examples: finances, industrial processes, public health
and safety, insurance, etc.
one of the key responsibilities of every manager within
an organization
Risks in Info. Security
risks which arise from an
organization’s use of info. technology (IT)
related concepts: asset, vulnerability, threat
Asset
anything that needs to be protected because it
has value and/or contributes to the successful
achievement of the organization’s objectives
Threat
any circumstance or event with the potential
to cause harm to an asset and/or result in harm
to organization
Vulnerability
a weakness in an asset that can be
exploited by threat and cause harm the
asset and/or the organization
Risk
probability of a threat acting upon a vulnerability
causing harm to an asset
Security Risk Management
process of identifying vulnerabilities in an organization’s info. system and taking steps to protect the CIA of all of its components. two major sub-processes: Risk Identification & Assessment 12 Security Risk Management Risk Control (Mitigation)
Risk Identification
Identify the Risk Areas Assess the Risks
Identify & Prioritize Assets Identify & Prioritize Threats Identify Vulnerabilities between Assets and Threats (Vulnerability Analysis)
Risk Assessment
Calculate Relative Risk ($$$)
of Each Vulnerability
Risk Control (Mitigation)
Re-evaluate the Risks Implement Risk Management Actions Develop Risk Management Plan
Identifying Hardware, Software (& Networking Assets)
Can be done automatically (using specialized software)
or manually.
Needs certain planning – e.g. which attributes of each
asset should be tracked, such as:
name – tip: naming should not convey critical info to potential attackers
asset tag – unique number assigned during acquisition process
IP address
MAC address
software version
serial number
manufacturer name
manufacturer model or part number
Identifying People, Procedures and Data Assets
Not as readily identifiable as other assets – require that experience and judgment be used. Possible attributes: people – avoid personal names, as they may change, use: ∗ position name ∗ position number/ID ∗ computer/network access privileges procedures ∗ description ∗ intended purpose ∗ software/hardware/networking elements to which it is tied ∗ location of reference-document, … data ∗ owner ∗ creator ∗ manager ∗ location,
Asset Ranking
Assets should be ranked so that most valuable assets
get highest priority when managing risks.
Questions to consider when determining asset value/rank:
1) Which info. asset is most critical for the overall operation
and success of organization?
Example: Amazon’s ranking assets
Amazon’s network consists of regular desktops and web servers.
Web servers that advertise company’s products and receive orders
24/7 - critical.
Desktops used by customer service department – not so critical.
Assets should be ranked so that most valuable assets
get highest priority when managing risks
Threat Identification
Now that assets are known, we should see if there are any known potential threats/dangers for our company that exist out there … Once we identify potential threats, next step will be to see whether they really apply to our assets …
Any organization faces a wide variety of threats.
• To keep risk management ‘manageable’ …
realistic threats must be identified and further investigated,
while unimportant threats should be set aside
Example: government surveys of types of threats/attacks
Threat Modeling/Assessment
practice of building
an abstract model of how an attack may proceed and
cause damage [attacker-, system-, or asset- centric]
Attacker-centric
starts from attackers, evaluates their
motivations and goals, and how they might achieve them
through attack tree
System-centric
starts from model of system, and
attempts to follow model dynamics and logic, looking
for types of attacks against each element of the model.
Asset-centric
starts from assets entrusted to a system,
such as a collection of sensitive personal information, and
attempts to identify how CIA security breaches can happen.
Questions used to prioritize threats:
Which threats present a realistic danger to organization’s
assets in its current environment? ( ‘pre-step’ )
Goal: reduce the risk management’s scope and cost.
Examine each category from CSI/FBI list, or as identified
through threat assessment process, and eliminate any that
do not apply to your organization.
Which threats represent the most severe danger … ?
Goal: provide a rough assessment of each threat’s potential
impact given current level of organization’s preparedness.
‘Danger’ might be a measured of:
1) probability that the threat attacks organization
2) severity, i.e. overall damage that the threat could create
Other questions used to assess/prioritize threats:
How much would it cost to recover from a successful
attack?
Which threats would require greatest expenditure
to prevent?
• Once threats are prioritized, each asset should be reviewed
against each threat to create a specific list of vulnerabilities.
Vulnerability
flaw or weakness in an info. asset, its design, implementation or security procedure that can be exploited accidentally or deliberately by a threat a known threat is a real ‘threat’ to an organization only if there is an actual vulnerability it can exploit sheer existence of a vulnerability does not mean harm WILL be caused – threat agent is required vulnerability that is easy to exploit is often a high-danger vulnerability
TVA Worksheet
at the end of risk identification procedure, organization should derive threats-vulnerabilities-assets (TVA) worksheet this worksheet is a starting point for risk assessment phase TVA worksheet combines prioritized lists of assets and threats prioritized list of assets is placed on x-axis, with most important assets on the left prioritized list of threats is placed on y-axis, with most dangerous threats at the top resulting grid enables a simplified prioritybased vulnerability assessment
Watermarking
Common Applications
verify the owner of a digital object - copyright protection
placing a (unique) watermark = placing a (unique) signature
identify illegal ‘theatrical release’ copies of a movie:
watermark prior to release to prevent movie piracy
copy control in DVD and Blu-ray player
>forensics and piracy deterrence
content filtering
Digital Fingerprinting
process of embedding unique information for each user-
-copy of a digital object in order to be able to identify
entities involved in illegal distribution of the digital object
if object with Alice’s ID is found on Bob’s computer =>
copy is illegal AND likely provided by Alice
Spheres of Information Use
information can accessed directly (people accessing hard-copies) and/or indirectly by means of computer systems (if data in digital form) Introduction multiple layers on ‘technology’ side of access sphere imply that one or more access stages may be required example: to access info stored on a system (database), the user must access / log-into the database-server example: to access info via Internet, the user must ‘go through’ local network (e.g., pass a firewall) and then access the system that hosts the info
Spheres of Protection
between each layer of use there must exist a layer of protection to prevent access to next inner layer shaded bands in the figure … (Avoidance) controls that can be applied to humans! (Avoidance) controls that can be applied to technology!
Access Controls
selective restriction of access to a physical place, computer system or other resource the act of ‘accessing’ may mean entering, using, consuming …
Stages of Access Controls = I / A / A
identification – obtain identity of an entity requesting access to a logical or physical area (obtain credentials) authentication – confirm identity of the entity seeking access … making sure user’s credentials are not false – the user ‘is’ who they claim to be authorization – determine whether the authenticated entity is permitted to access a particular system (e.g., OS, firewall, router, database, …) and its resources (e.g., system’s files) typically implemented by means of access control lists / rules
Basic steps in access control
‘Authorization profile’ of the user is matched against
‘Access profile’ of a specific/requested object.
Just because a user can authenticate to a system
it does not mean they are given access to anything and everything.
Authorization ensues that the requested object or activity on an
object is possible based on the privileges assigned to the subject.
Identification
mechanism that provides info about an unverified entity – aka supplicant – that wants to be granted access to a logical or physical area must be a unique value that can be mapped to one and only one entity within the administered domain in most organizations, identification = name OR (initial + surname)
Authentication
process of validating a person’s (supplicant’s) purported identity types of authentication mechanisms: 1) something you know password or passphrases 2) something you have cryptographic tokens or smart cards 3) something you are - static biometrics fingerprints, palm prints, iris scans, … 4) something you produce - dynamic biometrics pattern recognition of voice, signature / handwriting, typing rhythm
Authentication: Something you know
Something you know … authentication mechanisms based on use of passwords/pins and passphrases password – combination of characters that only the user should know challenge: should be simple enough to remember, and complex enough for cracking bad examples: name of spouse, child, pet passphrase – plain-language phrase typically longer but stronger than a password, from which a virtual password is derived examples: Linksys, Windows 7 and up Authentication: Something you know … CPIMFF = Cheese Pizza Is My Favorite Food
Password cracking speed
Password cracking is becoming very trivial with the vast amount of computing power readily available for anyone who desires so. At a current rate of 25$ per hour, an AWS p3.16xlarge nets you a cracking power of 632GH/s (assuming we’re cracking NTLM hashes). This means we’re capable of trying a whopping 632.000.000.000 different password combinations per second!
Authentication: Something you have
objects used for purpose of user authentication
are called ‘tokens’
token + PIN/password provides significantly
greater security than password alone
an adversary must gain physical possession of
the token (or be able to duplicate it) in addition
to ‘cracking’ the password
types of tokens:
static tokens
dynamic synchronous (one-time password) tokens
dynamic asynchronous (challenge-response) tokens
Authentication: Something you have
e.g.: swipe card, smart card, RFID tags
swipe cards - ID and ATM cards
aka ‘dumb cards’, transmit same credential
every time – the credential (base secret) is
impractical to memorize
PIN/password not on the card – ATM encrypts
PIN provided by user and sends it to a database for verification …
smart card - swipe cards with a chip
chip contains a CPU, memory blocks (RAM,
ROM, …) and on-chip encryption module
stores 100x data stored on magnetic strip:
encrypted PIN & other info about card holder
card checks user’s PIN & generates a certificate
to authorize transaction process …
Authentication: Something you have …
Synchronous (One-Time Password) Tokens
small LCD device that generates a
unique new password periodically
(e.g., every 60 seconds)
token combines ‘base secret’ with a clock
to generate new password
token and authentication server must have
their clocks synchronized – which is often
a challenge!
Asynchronous (Challenge-Response) Tokens
instead of time, token uses a challenge/nonce provided by the system to generate the password e.g., token can generate the password by 1) applying a unique hash function to (user’s base secret + nonce) 2) encrypting nonce using user’s/token’s public key
Something you are (Static / Standard Biometrics)
authentication mechanisms that takes advantage of users’ unique physical characteristics, including fingerprints facial characteristics retina iris in contrast to password/token authentic., biometric systems do not look for a 100% match – person’s characteristics are inherently ‘noisy’ pattern recognition must be involved very effective but costly if a large number of biometric readers need to be installed!
In password-based authentication, an exact (100%) match
is required
enrollment & authentication in biometric syst.
A sample of biometric reading is captured. The sample is processed into feature set. Feature set is converted into a template. enrolment stage in biometric systems is much more involved !!! it is hart if not impossible in some type of biometrics to achieve 100% match
In biometric-based authentication,
an approximate match
is required
Biometric Modality
different types of biometric
information / measurements that can be used to
discriminate between different individuals
an ideal biometric modality / information should have
the following properties
Universality – all individuals must be characterized by this
information
• Uniqueness / Distinctiveness – this information must be
as dissimilar as possible for two different individuals
• Permanency / Stability – this information should be
present during the whole life of an individual
• Collectability / Measurability – this information should be
measured in an easy manner
• Performance – this information can be used to build
accurate, fast and robust biometric/authentication systems
• Acceptability – how willing individuals are to have this
biometric information captured and assessed
Performance – this information can be used to build
accurate, fast and robust biometric/authentication systems
an ideal biometric modality / information should have
the following properties:
Resistance to Attack – how easy it is for this information
to be forged
iris scanner
Iris scanner Authentication: Something you are … IRIS - colored section of an eye scan = 2 seconds of near IR imaging subject can be at some distance alcohol consumption changes iris
Retina scanner
RETINA - cannot be seen by naked eye - the
network of blood vessels
most reliable biometrics, aside from DNA
but can be affected by eye-disease
scan = 15 seconds of low-energy IR scanning
subject has to be close to scanner
Extraction of biometrics features
many biometric systems are
based on image processing
Types of Biometric Systems
1) systems for IDENTIFICATION
perform 1:n comparison to identify a user from a database of n users
2) systems for AUTHENTICATION
perform 1:1 comparison to check whether a user matches his profile
Authentication: Something you are …
Types of Biometric Systems
something you know – to identify the user
Biometric Accuracy / Performance
in all biometrics schemes, some physical
characteristic of the individual is mapped
into digital representation
however, physical characteristics may change
facial contours and color may be influenced by
clothing, hairstyle, facial hair, …
the results of fingerprint scan may vary as a
function of: finger placement, finger swelling and
skin dryness …
multiple mappings may have to be taken
in order to create a (statistically) useful
biometric representation / profile
a biometric sensor must be able to adapt
to a broad range of appearances
Biometric Accuracy
statistical distribution of ‘match score’ between user’s new scan and user’s stored profile/record unfortunately, range of scores/features for any particular user is likely to overlap with scores/ /features of other users by moving the ‘decision threshold’, sensitivity of biomet. system changes move t to left ⇒ system more tolerant to noise , but also system more likely to accept wrong person
False Reject Rate (FRR), aka False Negative
% of authorized users who are denied access
false negatives do not represent a threat to security
but an annoyance to legitimate users
False Accept Rate (FAR), aka False Positive
% of unauthorized / fraudulent users who are allowed
access to system
represent serious security breach
\convenience
1-FR
the higher the FR, the less
convenient an application is
because more subjects are
incorrectly rejected …
security
1-FA
the lower the FA, the fewer
imposter users (adversaries) are
incorrectly accepted into the
system
Crossover Error Rate (CER), aka Equal
Error Rate
point at which FRR = FAR – Operating Point of choice
for most biometric systems – provides balance between
sensitivity & performance (i.e., convenience & security)
techniques with 1% CER superior to 5% CER
as threshold moves to the left, system
becomes ‘less sensitive’ and
the value of FRR decreases but the
value of FAR increases
as threshold moves to the right, system
becomes ‘more sensitive’ and
the value of FRR increases but the
value of FAR decreases
Example: biometric accuracy
Assume a system where each airport passenger is
identified with a unique frequent flyer number and
then verified with a fingerprint sample.
The systems false reject (FR) rate for finger is:
0.03 (= 3%).
5000 people / hour are requesting access to the
airport during a 14 hour day.
How many people will fail to be verified in a day?
# rejected passengers =
= (5000 * 0.03) [rejects / hour] * 14 [hours] =
= 150 [rejects / hour] * 14 [hours] =
= 2100 [rejects]
Something you produce: Dynamic Biometrics
authentication mechanisms that makes
use of something the user performs or
produces:
signature recognition
voice recognition
keystroke recognition
less costly than ‘what you are’ systems,
but not as reliable
signature, voice, keystroke pattern may change
significantly with time and under different
circumstances
Dynamic / behavioral biometrics
Authentication that examines normal actions performed by the user, e.g. keystroke dynamics. measure/observe various time-related parameters during a user’s interaction with a keyboard
keystroke dynamics
With keystroke dynamics the biometric template used to identify an individual is based on the typing pattern, the rhythm and the speed of typing on a keyboard. The raw measurements used for keystroke dynamics are dwell time and flight time.
Dwell time is the time duration that a key is pressed
Flight time is the time duration in between releasing a key and pressing the next key
When typing a series of characters, the time the subject needs to find the right key (flight time) and the time he holds down a key (dwell time) is specific to that subject, and can be calculated in such a way that it is independent of overall typing speed. The rhythm with which some sequences of characters are typed can be very person dependent. For example someone used to typing in english will be quicker at typing certain character sequences such as ‘the’ than a person with french roots.
There exists software which combines keystroke dynamics with other interactions the user has with the computer, such as mouse movements (acceleration time, click frequency).
Biometrics accuracy vs. acceptance
Organizations implementing biometrics must carefully balance
a system’s effectiveness against its perceived intrusiveness and
acceptability to users …
Attacks on password-based authenticat. systems
breaking (try to ‘get into’ the system by using a legitimate password) disabling (prevent legitimate user from getting into the system)
Standard vs. Targeted DoS Attacks
Standard DoS Attack Attacker’s goal is to prevent victimserver from providing access/service to all legitimate user. Targeted DoS Attack Attacker’s goal is to prevent one particular victim-user from obtaining access/service from a server. Most systems ‘lock-out’ a user after multiple login attempts using false password ….
Single- and multi- factor authentication
Systems that use one authentication credential (e.g. something
you know) are known as one-factor authentication systems.
Most computer systems / applications are one-factor
authentication systems – they rely on passwords only.
Systems that require strong protection typically combine
multiple authentication mechanisms – e.g. something you
have and something you know. They are known as two-factor
authentication systems.
For example, access to a bank’s ATM requires a banking
card + a personal identification number (PIN).
Attacks on biometrics-based authenticat. systems
Spoof biometric data
as someone else.
Modify the signal
processing unit to
(e.g.) cause DoS on
legitimate users.
Spoof the signal between the sensor and signal processing unit. (e.g. replay voice)
Alter the content of
the template
database.
Alter the matching
process / software.
Password
a secret word/string of characters used to
authenticate a user into a system
critical (often only) defense against intruders
ideal password: easy to remember, hard to
‘crack’
Google frequently releases lists of common
password types which are insecure as they
are too easy to guess / get off social media
name of a pet, child, family member, spouse
names of birthplaces, favorite sports teams
birthdays, anniversary dates
overly complex passwords are as dangerous
as very simple ones
the user likely to write it down or to reuse it
How are passwords stored
in a computer/system???
\storing in plane text is bad idea
passwords in a system
in most systems, passwords are stored in a protected (hash) form ⇒ snooper that gains internal access to system cannot easily retrieve/steal passwords every time a user logs in, password handling software runs the hash algorithm if (new hash = stored hash), access is granted
account creation stage:
storing hash instead
of password
logging into an existing account:
testing a password against stored hash
online cracking
try every password at login prompt in real time
very slow!
8-character password of 76 possible characters
(upper & lower case, digits, common symbols) =
1.1x1015 possibilities
2 to 3 passwords a second ⇒ 5,878,324 years
to guess a password
extremely noisy!
most systems block the victim account after
several failed login attempts
off-line cracking
assumes the possession of passwd/hash file
Password Management Windows
password hashes are stored in Security Account Manager (SAM) file stored in C:\Windows\System32\config or HKEY_LOCAL_MACHINE\SAM registry - neither of them can be opened/copied on normal boot-up of the OS (i.e., while computer running) – file used by OS
Accesing SAM windows
Accessing SAM – requires administrative privileges
File in Windows to be copied / dumped
SAM file
Copy of SAM file is now stored on C drive as a file named ‘sam’. However, this file is encrypted using SysKey!!! So, a dump of SYSTEM hive/file is also needed!
SAM and sys key
The SAM file is encrypted with the SysKey which is stored in
%SystemRoot%\system32\config\system file.
During the boot-time of Windows the hashes from the SAM file get decrypted using the
SysKey and these hashes are then loaded to the registry and used for authentication
purpose.
Both system and SAM files are unavailable (i.e., locked by kernel) during Windows’
runtime.
Tools like mimikatz (on Windows) and samdump2 (on Linux) can be used
to extract hashes from SAM
Accessing Hash file in unix
text file: /etc/shadow (/etc/passwd)
readable by system administrator
(root) only
getent shadow admin
When a new user is created in Linux it affects 4 files
/etc/passwd
/etc/group
/etc/shadow
/etc/gshadow
/etc/passwd file is essentially the user account database in which Linux stores
valid accounts and related information about these accounts; typically has file
system permissions that allow it to be readable by all users of the system
When a new user is created in Linux it affects 4 files
/etc/passwd
/etc/group
/etc/shadow
/etc/gshadow
/etc/shadow file contains hashed passwords and bookkeeping information;
accessible only by the super user
structure of passwd file
etc/passwd Format
From the above image:
Username: It is used when user logs in. It should be between 1 and 32 characters in length. Password: An x character indicates that encrypted password is stored in /etc/shadow file. Please note that you need to use the passwd command to computes the hash of a password typed at the CLI or to store/update the hash of the password in /etc/shadow file. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups. Group ID (GID): The primary group ID (stored in /etc/group file) User ID Info (GECOS): The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes / Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell. For example, sysadmin can use the nologin shell, which acts as a replacement shell for the user accounts. If shell set to /sbin/nologin and the user tries to log in to the Linux system directly, the /sbin/nologin shell closes the connection.
structure of shadow file
Username : It is your login name.
Password : It is your encrypted password. The password should be minimum 8-12 characters long including special characters, digits, lower case alphabetic and more. Usually password format is set to $id$salt$hashed, The $id is the algorithm used On GNU/Linux as follows:
$1$ is MD5
$2a$ is Blowfish
$2y$ is Blowfish
$5$ is SHA-256
$6$ is SHA-512
Last password change (lastchanged) : Days since Jan 1, 1970 that password was last changed
Minimum : The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
Maximum : The maximum number of days the password is valid (after that user is forced to change his/her password)
Warn : The number of days before password is to expire that user is warned that his/her password must be changed
Inactive : The number of days after password expires that account is disabled
Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.
longer allowed size of the
password => more
combinations have to be tried
In the case of brute-force password cracking, there is no particular strategy when generating password guesses. The entire possible space of passwords is explored.
Password cracking (guessing)
a method of gaining unauthorized access to a computer system by trying different passwords cracking difficulty ∼ size of password space & ‘diversity’ of password characters
brute force password cracking
aka exhaustive password search entire password space is ‘tried’ starts by using simple combinations of characters, and then gradually moves to more complex/longer ones (may be) effective for passwords of small size, but too time consuming for long passwords examples of brute-force crackers Cryptool Cain and Able John the Ripper Ophcrack
What is Password Search Space in Brute-Force Attacks?
a) On 26-letter alphabet, password of length exactly 1/2/n
S1-Letter= 261 S2-Letter= 26*26 = 262 Sn-Letter= 26*26*…*26 = 26n
b) On A-character alphabet (lett. + numb.), passw. of length n:
Sn-character= A^n = 36^n
c) On A-character alphabet, passwords up-to n characters
Brute-Force Password Search Space
Tina has to create a password for the security of a software program file. She wants to use a password with 3 letters. How many passwords are allowed if no letter is repeated and the password is not case sensitive? L1 L2 L3 : A (B-Z) (C-Z) 26*25*24 = 15,600 Password Cracking (cont.) 26 25 24
Brute-Force Password Search Space (3)
A system allows passwords consisting of 4 lower-case letters followed
by 3 digit numbers.
How many passwords are possible if there are no restrictions.
L1 L2 L3 L4 D1 D2 D4
264 *103 = 456,976,000
Biased attack
the search space is further reduced by focusing on most likely combinations of words and/or numbers … Attack Example: Biased Attack on 4-Digit Pins Assume a system requires that access passwords be comprised of 4 digits. Total unbiased search space: Many people use some important personal dates to generate 4-digit passwords. Biased search space: any number between 0000 – 9999 (10,000) only 366 possible combinations!
Dictionary Attack
users often create passwords using
common dictionary words
instead of trying every password, dictionary
attack probes only common dictionary words
faster than brute force, as it uses smaller
(more likely) search space
still might take considerable time, and might
fail in the end
Dictionary Attacks in Real World
Many studies on effectiveness of dictionary attack have been
conducted.
Not 100% effective, but enough passwords were cracked to make
the use of this attack worthwhile.
Pre-Computed Dictionary Attacks
achieves TIME-SPACE tradeoff by pre-computing a list of hashes of dictionary words pre-computed hashes are compared against those in a stolen password file rainbow tables 1) pregenerated sets/lists of hashes – n*Gbyte size!!! 2) allow extremely rapid searching
Password Salting
adding a unique random value to each password before hashing both the hash and salt are stored does not fully prevent against password cracking, but makes it harder / more time consuming
It is hard, if not impossible, to prevent users from choosing ‘weak’ passwords So, ideally, the system would additionally ‘strengthen’ user passwords.
hello Found in most attack
dictionaries and rainbow
tables!
hello3ab9
Cannot be found in
common dictionaries or
rainbow tables
account creation stage
storing hash & salt
instead of password
logging into an existing account:
testing a password against stored hash
Attack on salted passwords
For every word in a dictionary (or an ‘extended’ dictionary):
1) add the User’s salt
2) hash
3) compare
Password Salting Benefits
in case of a compromised
Password File
(simple) dictionary and rainbow attacks impossible to perform
prevents duplicate passwords from being visible in password file
becomes impossible to find out whether a person has used the
same password on multiple systems
Password policies – which one is better?!
Company A requires that its employees pick 6-character passwords
made up of combinations of lowercase letters, uppercase letters, and
digits (62 possibilities). No other characters are allowed, and a given
user’s password must not use any character twice.
Example: ab98CD
Company B requires that its employees pick 12-character passwords,
where each of the 12 can be any of 100 possible characters. Unlike for
Company A, Company B’s employees can reuse characters in their
passwords. However, Company B finds that users often make mistakes
with these long passwords, so if an authentication attempt fails, the
login server helps the user by telling them how many of the initial letters
were correct. For example, if a password entered was ‘abcdefgij’ and the
server replies “Wrong, but the first 4 letters were correct”, then ‘abcd’
are correct, ‘e’ is wrong, and nothing is revealed about the correctness
of the letters after ‘e’.
Suppose an attacker is trying to guess/crack the password of user
U1 at Company A, and user U2 at Company B. Both usernames are valid
at the respective companies, and the users have chosen passwords that
conform with the policy.
a) Write down an expression for the # of attempts the attacker
needs for guessing the password of user U1 at Company A.
Solution:
Example: ab98CD
Total # of allowed characters = 26 + 26 + 10 = 62
Total # of possible passwords = 6261605958*57 =
= 4.4 * 1010
Example: Password policies – which one is better?!
b) Write down an expression for the # of attempts the attacker
needs for guessing the password of user U2 at Company B.
Solution:
The key for this part of the problem is that the attacker can use
feedback provided by the login process to speed up the ‘cracking’
process.
To start, the attacker can try 100 passwords that each differ in
their first character. One of these must succeed. In addition, when
it succeeds, in the worst case the attacker is told that the second
character in the attempted password is incorrect. Therefore, once
the attacker learns that the first character is correct, they also can
eliminate 1 of the possibilities for the second character.
Password: bszi1289AMLK
1st round of 100 guesses: aa, ba, ca, da, …
2nd round of 99 guesses: bba, bca, bda, bea, …, bsa, bta, …
At this point, they make another 100 − 1 = 99 guesses, each of
which uses the first character learned in the previous step, and
tries a different second character (excluding the character that the
attacker has already learned is not correct for the second
position).
This process continues until they try candidates for all 12
positions, requiring at worst a total of:
# of possible passwords = 100+99+99+ … + 99 =
= 100 + 99 · 11 = 1189 38
Password Example (cont.)
b is correct, a is not.
In the next round, do
not check a
Summary of Vulnerability Analysis
Damage
must be
quantifiable!
Threat has
to be real
(probable)!
Threat Vulnerability Asset People Procedure Data Software Hardware Networking Act of human error or failure Deliberate act of trespass Deliberate act of extortion Deliberate act of sabotage Deliberate software attacks Technical software failures Technical hardware failures Forces of nature Etc
sheer existence of a vulnerability
does NOT mean there is an actual
RISK (i.e., harm will be caused
Risk Assessment
provides relative numerical risk ratings/scores for each vulnerability in risk management, it is not the presence of a vulnerability that really matters, but the associated risk!
(Security) Risk – quantifies:
1) possibility that a threat acts upon a vulnerability
AND is successful
2) how severe the consequences would be
R = P * V
P = probability of risk-event occurrence V = value lost / cost to organization
Extended Risk Formula v.1.
R = Pa ⋅ Ps ⋅ V
Pa = probability that an attack/threat (against a
vulnerability) takes place
Ps = probability that the attack successfully exploits
the vulnerability
V = value lost / cost to organization
Extended Risk Formula v.2.
R = Pa ⋅ (1-Pe) ⋅ V Pe = probability that the system’s security measures effectively protect against the attack (reflection of system’s security effectiveness) R = Pa ⋅ (1-Pe) ⋅ V Ps Ps = probability that the attack is successfully executed (i.e., system defences are NOT effective) Pe = probability that the attack is NOT successfully executed (i.e., system defences are effective)
Extended Whitman’s Risk Formula *
R = P ⋅ V – CC ⋅ (P ⋅ V) + UK ⋅ (P ⋅ V)
LE = Loss Expectancy
(i.e. Potential Loss / Risk before Control is Applied)= P ⋅ V ⋅ [ 1 – CC + UK ]
P = probability that certain vulnerability (affecting a
particular asset) gets exploited – equivalent to Pa
V = value of information asset ∈ [1, 100]
CC = current control = percentage/fraction of risk already
mitigated by current control
UK = uncertainty of knowledge = fraction of risk that is not
fully known
Risk determination
Asset A
Has a value of 50.
Has one vulnerability, with a likelihood of 1.0.
No current control for this vulnerability.
Your assumptions and data are 90% accurate.
Asset B
Has a value of 100.
Has two vulnerabilities:
* vulnerability #2 with a likelihood of 0.5, and
a current control that addresses 50% of its risk;
* vulnerability #3 with a likelihood of 0.1 and
no current controls.
Your assumptions and data are 80% accurate.
Which asset/vulnerability should be dealt with first ?!
Example: Risk determination
The resulting ranked list of risk ratings for the three
vulnerabilities is as follows:
Asset A:
Vulnerability 1 rated as 55 = 50 * 1 * (1.0 - 0 + 0.1)
Asset B:
Vulnerability 2 rated as 35 = 100 * 0.5 * (1 - 0.5 + 0.2)
Asset B:
Vulnerability 3 rated as 12 = 100 * 0.1 * (1 – 0 + 0.2)
• Documenting Results – 5 types of documents of risk assesment
ideally created
1) Information asset inventory worksheet
2) Weighted asset worksheet
3) Weighted threat worksheet
4) TVA worksheet
5) Ranked vulnerability risk worksheet
extension of TVA worksheet, showing only the assets
and relevant vulnerabilities
assigns a risk-rating ranked value for each uncontrolled
asset-vulnerability pair
Risk Control Strategies
Once all vulnerabilities/risks are evaluated, the company has to decide
on the ‘course of action’ – often influenced by
1) risk level ($$$)
2) cost of treatment ($$$) …
Basic Strategies to Control Risks
Avoidance
do not proceed with the activity or system that creates this risk
Reduced Likelihood (Control) - implement
by implementing suitable controls, lower the chances of the
vulnerability being exploited
Transference
share responsibility for the risk with a third party
Mitigation
reduce impact should an attack still exploit the vulnerability
Acceptance - do not implement
understand consequences and acknowledge risks without any
attempt to control or mitigate
Avoidance
strategy that results in complete abandonment of activities or systems due to overly excessive risk usually results in loss of convenience or ability to preform some function that is useful to the organization the loss of this capacity is traded off against the reduced risk profile
• Avoidance – strategy that results in complete
abandonment of activities or
systems due to overly excessive risk
usually results in loss of convenience or
ability to preform some function that is
useful to the organization
the loss of this capacity is traded off
against the reduced risk profile
Recommended for vulnerabilities with
very high risk factor
that are very costly to fix.
Reduced Likelihood (Control)
Risk control strategy that attempts to prevent exploitation of vulnerability by means of following techniques: application of technology implementation of security controls & safeguards, such as: anti-virus software, firewall, secure HTTP and FTP servers, etc. policy e.g. insisting on safe procedures training and education change in technology and policy must be coupled with employee’s training and education Likelihood (Control) Recommended for vulnerabilities with high risk factor that are moderately- to low- costly to fix.
Transference
risk control strategy that attempts
to shift risk to other assets, other
processes or other organizations
if organization does not have adequate
security experience, hire individuals or
firms that provide expertise
‘stick to your knitting’!
e.g., by hiring a Web consulting firm, risk
associated with domain name registration,
Web presence, Web service, … are passed
onto organization with more experience
Recommended for vulnerabilities with
high risk factor that are moderately costly to fix
if employing outside expertise.
Mitigation
Risk control strategy that attempts to
reduce the significance of impact caused
by a vulnerability – includes 3 plans:
Risk Control Strategies (cont.)
• Mitigation – risk control strategy that attempts to
reduce the significance of impact caused
by a vulnerability – includes 3 plans:
Recommended for vulnerabilities that are
low (but not zero) risk and moderately to high costly to fix
Acceptance
assumes NO action towards protecting an
an information asset – accept outcome …
should be used only after doing all of the
following
assess the probability of attack and likelihood
of successful exploitation of a vulnerability
approximate annual occurrence of such an attack
estimate potential loss that could result from
attacks
perform a thorough cost-benefit analysis
assuming various protection techniques
determine that particular asset did not
justify the cost of protection!
steps
to be
discussed
Risk Control Strategies (cont.)
Recommended when vulnerability risk «_space;cost of any control.
Risk Tolerance
Risk that organization is willing to
accept after implementing risk-
mitigation controls
Residual Risk
Risk that has not been completely removed, reduced or planned for, after (initial) risk-mitigation controls have been employed goal of information security is not to bring residual risk to 0, but to bring it in line with companies risk tolerance risk-mitigation controls may (have to) be reinforced until residual risk falls within tolerance
Risk Assessment
‘Spotting’ the most significant
vulnerabilities in the sea of potential vulnerabilities.
Quantitative Risk Analysis
predicts level of monetary loss for each threat, and monetary benefit of controlling the treat each element is quantified and entered into equations, e.g.: asset value threat likelihood/frequency/probability severity of vulnerability damage impact safeguard cost
Challenges of – define likelihood & impact values
in a manner that would allow the same scale to be used across multiple risk assessments Quantitative Analysis
Quantitative risk analysis
is the standard way of measuring risk in
many fields, such as finance and insurance, but it is not commonly used
to measure risk in information systems.
Two of the reasons claimed for this are:
1) the difficulties in identifying and assigning a value to assets, and
2) the lack of statistical information that would make it possible to
determine frequency.
Thus, many of the risk assessment tools that are used today for
information systems are measurements of qualitative risk.”
Qualitative Risk Analysis
scenario based approach - uses
labels & relative values (high/low)
rather than numbers; blends in
experience & personal judgment
Example: threat likelihood/frequency (i.e., vulnerability
exploitation) categories
Qualitative Analysis
• Requires simple (if any) calculations. • Considers hands-on opinions of individuals who know the process best
Quantitative Analysis
Easier to automate and evaluate. • Very useful in performance tracking - enables credible cost/benefit analysis.
Cost-Benefit Analysis
aka economic feasibility study - quantitative decision-making process in which for each high-risk vulnerability: determine the loss in value if the asset (with this vulnerability) remained unprotected determine the cost(s) of protecting the asset using various approaches compare available alternatives and arrive at a decision with best financial outcome …
Company should not spend more
to protect an asset than the asset is worth!
Asset Value (AV)
combination of the following: cost of buying/developing hardware, software, service cost of installing, maintaining, upgrading hardware, software, service cost to train and re-train personnel as well as the direct profit gained from the utilization of the asset !
Exposure Factor (EF)
Exposure – percentage loss that would occur from
a given vulnerability being exploited
by a given threat
Factor (EF)
Single Loss
Expectancy
(SLE)
most likely loss (in value) from an attack
SLE = AV * EF
Example: A Web-site’s SLE due to a DDoS Attack
Estimated value of a Web-site: AV = $ 1,000,000.
A DDoS on the site would result in 10% losses of the site
value (EF=0.1).
SLE for the site: AV * EF = $ 100,000.
Quantitative Risk Analysis (cont.)
Would it be worth investing in anti-DDoS system that costs
$150,000 a year?
Annulized Rate of Occurence (ARO)
indicates how often an attack is expected to successfully occur in a year (e.g., 2x a year => ARO=2) if an attack occurs once every 2 years ⇒ ARO = 0.5
Annualized Loss
Expectancy
(ALE)
Annualized Loss – overall loss incurred by an attack (i.e. by exploiting a vulnerability) in each year Expectancy (ALE)
Example: Determining ALE to Occur from Risks
A widget manufacturer has installed new network servers,
changing its network from P2P, to client/server-based network.
The network consists of 200 users who make an average of
$20 an hour, working on 200 workstations.
Previously, none of the workstations involved in the network
had an anti-virus software installed on the machines. This was
because there was no connection to the Internet and the
workstations did not have USB/disk drives or Internet
connectivity, so the risk of viruses was deemed minimal.
One of the new servers provides a broadband connection to
the Internet, which employees can now use to send and receive
email, and surf the Internet.
Example: Determining ALE to Occur from Risks (cont.)
- 200 employees
- 200 workstations
- $20 hour
One of the managers read in a trade magazine that other widget companies have reported an annual 75% chance of virus infection after installing T1 lines, and it may take up to 3 hours to restore the system. A vendor will sell licensed copies of antivirus for all servers and the 200 workstations at a cost of $4,700 per year. The company has asked you to determine the annual loss that can be expected from viruses, and whether it is cost effective to purchase licensed copies of anti-virus software.
Based on the provided data:
Very simplistic scenario. Other losses
could be: erased (IP) documents, lost
emails, impact on reputation, etc.
ARO = 0.75
SLE = 200 user * ($ 20 / user-hour)
* 3 hours = $ 12,000
ALE = ARO * SLE = $ 9,000
ACS = $ 4,700
Because the ALE is $9,000, and the cost of the software that
will minimize this risk is $4,700 per year, this means the
company would save $4,300 per year by purchasing the
software ($9,000 - $4,700 = $4,300).
Cost-Benefit Analysis Formula
– expresses cost benefit of a
safeguard – i.e., determines
whether a particular control
is worth its cost
safeguard is justified
if it results in
NRRB>0
GROSS risk reduction benefit
NRRB = [ALE(prior) - ALE(post)] – ACS
NET Risk Reduction Benefit
(money saved)
ALE(prior) – ALE before implementing control
ALE(post) – ALE after implementing control
ACS – annual cost of safeguard
Example: Determining NRRB
Your organization has decide to centralize anti-virus support on a
server which automatically updates virus signatures on user’s PCs.
When calculating risk due to viruses, the annualized loss expect.
(ALEprior) is $145,000. The cost of this anti-virus countermeasure
Is estimated to $24,000/year, and it will lower the ALEpost to
$65,000.
Is this a cost-effective countermeasure? Why or why not?
ALE (prior) = $145 k
ALE (post) = $65 k
ACS = $24 k
NRRB = ALE (prior) – ALE (post) – ACS =
= $145 k - $65 k - $24 k =
= $56 k, so there are + cost benefits of this solution
Example: Cert. Info. Sys. Sec. Prof. (CISSP) Exam
ALE (prior) = AVEFARO = $106 0.10.2 = $20,000
ALE (post) = $0 (best case scenario - safeguard 100% eff.)
ACS = ?
For NRRB ≥ 0, safeguard of up to $20,000 acceptable.
Example
Cost-benefit analysis in case of 100% effective safeguard Quantitative Risk Analysis (cont.) Time ALE ALE(prior) before safeguards GRRB gross risk reduction benefit ALE(post) after safeguards ACS annual. cost of safeguards NRRB net risk reduction benefit
Other Feasibility Measures
• Quantitative cost-benefit analysis determines whether
a security control measure is feasible economically.
• Other factors and ‘measures of feasibility’, when
evaluating a security control, should be considered:
NRRB = [ALE(prior) - ALE(post)] – ACS
=AROpost
*AVpost
*EFpost
Organizational Feasibility
– examines how well a proposed security control will contribute to organization’s strategic objectives e.g. a firewall might be a good security safeguard, but may prevent effective flow of multimedia data
Behavioral Feasibility
– examines user’s and management’s acceptance and support of a proposed security control e.g. if users do not accept a new policy/ technology/program, it will inevitably fail most common methods for obtaining user acceptance are: communication – affected parties must know the purpose and benefits of the proposed change education – affected parties must be educated on how to work under the new constraints involvement – affected parties must be given a chance to express what they want and what they will tolerate from the system
Technical Feasibility
– determine whether organization has or can acquire technology and/or necessary technical expertise to implement and support a control e.g. use of VPN may require special software hardware support / installation on all computers
Political
– determines what can and cannot be done based on consensus and relationship between different departments … IT and Info. Sec. department might have to compete for same resources Feasibility
Relative Risk Analysis
Rather than using quantitative or qualitative risk analysis
an organization may resort to relative risk analysis of a
control, including:
• Benchmarking – study practices used in other
organizations that obtain results
you would like to duplicate
• Due Care or – implement a minimum level of
security
failure to maintain a standard of due
care can open an organization to legal
liability – especially important if dealing
with customer data
Benchmarking
study practices used in other
organizations that obtain results
you would like to duplicate
Due Care or Due Diligence
implement a minimum level of security failure to maintain a standard of due care can open an organization to legal liability – especially important if dealing with customer data
• Best Practices – implement entire set of security
controls as recommended for your
industry / general public
‘best practices’ according to Microsoft: use antivirus software use strong passwords verify your software security setting update product security build personal firewalls back up early and often protect against power surges and losses
Gold Standard
implement controls beyond best
practices – for those that strive to
be ‘the best of the best’
Cryptography
process/technique(s) of converting
data into unintelligible form in order to ensure:
confidentiality, data integrity, and authentication
requirement 1: no data should be lost during encryption
requirement 2: decryption should ensure perfect data
recovery
plaintext
original message that should be ‘protected’
encryption algorithm
performs various substitutions,
permutations and transformations on plaintext
key
variable data that is input into encryption algorithm
together with plaintext
determines exact substitutions, permutations and
transformations performed on plaintext
ciphertext
scrambled message produced as output
decryption algorithm
encryption algorithm run in
reverse
Process of Breaking a Cipher
in modern cryptography encryption/decryption algorithm
is not a secret
encryption goal:
make the entire
decryption process
very difficult/long for attacker
Assume a hacker does not know the key.
Can he still ‘decrypt’ a ciphertext?
If the key-size is N [bits],
how big is the key ‘space’? nkeys = 2^N
crypto-attack speed =
keys × tone-decryption
BEST case for hacker:
nkeys = 1
WORST case for hacker:
nkeys = 2^N
Factors that Influence Success of Crypto-Attack
brute force attack on ciphertext – all possible keys
are tried until an intelligible translation into plaintext
is obtained
with current processing capabilities, 56 bit keys are
not considered safe
Is the best encryption always necessary
Encryption that keep intruder ‘busy’ for
> ∆t seconds may be good enough!
Cryptanalysis Attack Models
describe different possible attack scenarios – i.e., type
of access a cryptanalyst (hacker) has to a system under
attack when attempting to ‘break’ ciphertext
passive
attacks
hacker does
NOT have access
to crypto-system
active
attacks
hacker has access
to crypto-system
Ciphertext Only Attacks
goal is to find the plaintext
Known Plaintext Attacks
goal is to find the key and then
apply it to the entire ciphertext
Chosen Plaintext Attacks
goal is to find the key
Chosen Ciphertext Attacks
goal is to find the key Any plaintext of hacker’s choice! Any ciphertext of hacker’s choice! Eve gets access to the system once, manages to ‘crack’ the key and then (re)uses this key to decrypt any subsequent messages ...
History of Cryptography
humans have been using cryptographic techniques for
1000s of years – what have changed are the complexity
and creativity of cryptographic techniques
Classical cryptography
more of an art than science
schemes were designed in an ad-hoc manner and then
evaluated based on their perceived complexity/cleverness
true ‘strength’ of these schemes was in ‘secrecy’ of their
respective protocols
Modern cryptography
based on scientific foundations
the strength is NOT in secrecy of protocols but in sound
mathematical and computational principles
it is now possible to formally argue about the security
protocols
used for more than just data confidentiality - can protect
data integrity, enable user authentication, etc.
Substitution Cipher
he units of plaintext (letters)
are kept in the same original sequence, but the units
themselves are altered
Caesar Cipher
monoalphabetic substitution cipher in
which each letter in the plaintext is replaced by a letter
some fixed number of positions down the alphabet
Example: Caesar Cipher with k=3
Caesar cipher encryption with k=3
Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ
Plaintext: THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG
Cesar Cipher as an Algorithm
Ti - i-th character of the plain text Ci - i-th character of the cipher text i = 0, 1, 2, .. , m-1 in English m - length of the alphabet k - shift Encryption: Ci = (Ti + k) mod m Decryption: Ti = (Ci - k) mod m NOTE: -b mod m = (-b + m) mod m
Pigpen Cipher
simple substitution cipher in which each
letter is replaced with a graphical symbol
alphabet is written in 4 grids shown below
each letter is replaced with a symbol that corresponds to
the portion of the pigpen grid that contains the letter
used by Freemasons in the 18th Century to keep their
records private
Polyalphabetic / Vigenere Cipher
complex substitution cipher - instead of shifting each character by the same number, characters located at different positions are shifted by different numbers – key keeps changing! key (word) must be provided key is aligned with plaintext – key-letter determines the value of cipher-letter
Vigenere Cipher as an Algorithm
Ti - i-th character of the plain text Ci - i-th character of the cipher text Ki - i-th character of the key phrase i = 0, 1, 2, .. , m-1 m - length of the alphabet Encryption: Ci = (Ti + Ki) mod m Decryption: Ti = (Ci - Ki) mod m
Viegenere Cipher - how to decipher ???
Key is not know, but the keyword size is = n. Plaintext: HOW ARE YOU TODAY ... Key: MUSICMUSICMUSICMUSIC Ciphertext: TIO ITQ SGC VAXSG Total number of keys = 26n.
Transposition Cipher
order of letters in the ciphertext
is rearranged according to some predetermined method
Rail Fence Cipher
transposition cipher in which the
plaintext is written downwards and upwards on successive
‘rails’ of an imaginary fence
the message is then read off in rows
How to break a 2-rail cipher?
HLOWRDEL OL
Decrypting algorithm:
1) Count the letters in the cipher.
2) Divide the letters in 2 equal parts.
3) Draw/write the letters in a 2-rail zigzag pattern with
½ of the letters on the top and ½ of the bottom rail.
If number of letters is odd, add extra letter to the top rail.
H L 0 W R D
E L _ O L HELLO WORLD
How to break a 3-rail cipher?
Decrypting algorithm:
1) Count the number of letters.
2) Make an outline of the zigzag pattern with the
given number of rails and given number of letters.
3) Arrange the letters at the allocated spaces …
Rotor Machines
mechanical devices for implementing
complex substitution cipher
in widespread use 1920 – 1970 – most famous example
is German Enigma machine from World War II
consists of keyboard (input letter), set of rotors, lights
(output letter)
every time a key is pressed, some of the rotors change
position, producing different output letter
Symmetric
Encryption
Same key!
Public
Encryption
Different but
related keys!
Symmetric Encryption –
private-key encryption - uses the
same secret/private key to encrypt & decrypt information
symmetric key = shared secret – must only be known
to the communicating parties – challenge # 1
to ensure full confidentiality in a group of N users, each
pair of users must share a unique key – challenge # 2
total number of keys required =
(N-1)+(N-2)+(N-3)+…+1 =
((N-1)*N)/2
Symmetric Key Distribution
n systems deploying symmetric encryption both the number and
distribution of keys is a problem.
Solution: Key Distribution Center (KDC) - trusted 3rd party/server.
Each entity shares a secret key with KDC - N keys in total.
KDC hands out keys to each pair of communicating entities (M) on
demand, to enable confidential communication between them.
After use, keys are ‘recycled’.
total number of keys
in use in the system =
= N + M
Confusion vs. Diffusion
esired crypto properties …
confusion = making the plaintext-ciphertext substitution
(i.e., relationship between the key and the ciphertext)
as complex and involved as possible
diffusion (permutation) = ensuring that the statistics of
the plaintext is dissipated in the statistics of the ciphertext
One block of ciphertext should not depend only on one particular block of plaintext
Stream Cipher
Symmetric Encryption
Encrypt digits (bytes) of a message one
at a time
advantage: speed of transformation – each symbol is
encrypted as soon as it is read
disadvantage: low diffusion – all information of a plain-
text symbol is contained in a single ciphertext symbol
disadvantage: sensitivity to tampering – an interceptor
can splice together pieces of previous messages and
transmit a new message that looks authentic
examples: RC4, ChaCha, FISH, SEAL, …
Improvement: pseudo-randomized key
key changes in pseudo-random manner – hard for attacker to predict,
yet fully known to communicating parties
Block Cipher
ata is divided into fixed length blocks
– all block bits are then acted upon to produce an output
advantage: high diffusion – information from one
plaintext symbol is diffused into several ciphertext
symbols
disadvantage: slowness of encryption – an entire
block must be accumulated before encryption /
decryption can begin => slows down real-time app.
examples: DES, 3DES, AES
DES
Data Encryption Standard one of the first widely used symmetric-key block ciphers initially proposed by IBM (1974), later modified & adopted by US National Bureau of Standards (1977) as an official Federal Information Processing Standard (FIPS) takes a 64-bit block of plaintext and a 56-bit key to produce a ciphertext block of 64 bits in 1999, Electronic Frontier Foundation managed to break DES in 22 h, 15 min officially retired in 2005 3DES attempted to solve the problem
With todays computing powers, DES can be broken within seconds!!!
DES – Data Encryption Standard
algorithm:
1) plaintext is fractioned into 64-bit locks 2) each block is broken into two parts – left (L) and right (R) 3) permutation and substitution are repeated 16 times/rounds 4) each round also uses a 48-bit subkey from the original 56-bit key 5) in the end, two parts are re- joined and undergo inverse initial permutation
In 3DES, there is 3 x 16 rounds of these permutation & substitutions
Triple DES = TDES = 3DES
symmetric-key block cipher
which applies DES 3 times
to each data block =
Encrypt + Decrypt + Encrypt
Ciphertext = EK3(DK2(EK1(Plaintext)))
proposed in 1978,
accepted as FIPS in 1999
a simple method of strengthening (increasing key size of)
DES, without the need to design a completely new algorithm
current use – electronic payment industry (until 2023!)
Triple DES Keying Options
Option 1: all three keys are independent * total key size = 168 bits * effective security = 112 bits * strongest Option 2: K1 and K2 are independent, K3=K1 * total key size = 112 bits * effective security = 80 bits * retired in 2015 Option 3: all three keys the same K1=K2=K3 * total key size = 56 bits * weak – just a ‘very slow’ version of regular DES * not approved
Meet-in-the-Middle Attack on 2DES
theoretical brute-force complexity: 2x56=112-bit key space
applies to any block-cipher that is sequentially processed (i.e.,
attempts to increase ‘strength’ by adding multiple components/stages)
* instead of focusing only on input/plaintext & output/ciphertext of entire
chain/system, transitional value(s) between components are utilized
attack works only if a known plaintext-ciphertext is given !!
2DES (112-bit key)
But which key was used ??
X1
X2
E.g., store in a hash
table that allows
quick search.
Triple DES – Pros and Cons
3DES, key option 1, still in use, but will be deprecated in 2023
* many devices in the financial industry (e.g., POS terminals)
as well as networking equipment (e.g., firewalls) use 3DES
and are challenging to upgrade
DES was designed for efficient hardware implementation -
software implementation is very slow, 3DES even slower
DES and 3DES use 64-bit block size – to improve efficiency
and security larger block sizes would be preferable
AES
Advanced Encryption Standard
NIST issued call for a 3DES replacement in 1997 with
requirements:
* symmetric block cipher
* block size 128
* key lengths 128, 192 or 256
initially 15, then 5 competing standards were evaluated
Rijndael cipher was selected as the most suitable for AES
AES became a US FIPS in November 2001
AES is intended to replace 3DES, but this process is taking
longer than expected …
AES Facts
Like DES, AES is an iterated block cipher in which a block
of plaintext is subject to multiple rounds of processing, with
each round applying the same overall function.
Unlike DES, AES applies transformation operation to the entire
incoming block in each iteration, while in DES one-half of incoming
block passes unchanged.
Unlike DES which is bit-oriented, AES is byte-oriented ⇒ allows
convenient and fast software implementation.
Unlike DES, where 1/64 bits of a plaintext affected roughly 31/64
bits of the ciphertext, in AES (due to shift-row and mix-column
steps) each bit of the plaintext affects every bit of the ciphertext.
How to protect passwords on/in a system …
Is use of symmetric encryption
with a single master encryption key
a good way to
protect passwords in a system ??
Target and 3DES
On Dec. 23, 2013, Target confirmed malware was to blame for
an infection of its point-of-sale system that likely exposed
details associated with 40 million debit and credit cards (50GB
of encrypted data) between Nov. 27 and Dec. 15.
In its statement, Target notes that:
“The most important thing for our guests to know is that their
debit card accounts have not been compromised due to the
encrypted PIN numbers being taken.“
“… PINs are encrypted at the keypad with what is known as
Triple DES” - a standard the retailer refers to as being highly
secure and used broadly throughout the U.S.
“Most people object to 3DES because it’s an ancient algorithm that was
designed as a patch for (now broken) DES until AES was finalized,” …
“Now we’ve had AES for more than a decade, it’s questionable why we’d
be using 3DES.”
Encrypting PIN Pad
An Encrypting PIN Pad is an apparatus for encrypting an identifier such as
a PIN as soon as it is entered on a keypad. These are used in ATM and POS
terminals to ensure that the unencrypted PIN is not stored or transmitted
anywhere in the rest of the system and thus cannot be revealed accidentally
or through manipulations of the system.
Should passwords be encrypted?
3DES decryption is time consuming as it
requires the search through 168-bit key space!
Plus, passwords are hard to validate (likely not plain English words).
But, what if ‘chosen plaintext’
attack is conducted ??
If hacker knows one pin (e.g., his own) and its respective ciphertext,
he can conduct (faster) Meet-in-the-Middle attack, and once he finds
the key, he can crack all other pins from the same POS device!
Asymmetric Encryption
aka Public-Key Encryption – involves the use of two separate but related keys: public key and private key public key is made public for others to use, private key is known only to its owner either key can encrypt a message – the other key must be used for decryption first truly revolutionary advance in encryption, with profound consequences in the areas of * confidentiality * authentication * key distribution
Keys in asymmetric cipher system …
Public key is sent only to other people/entities with whom
Alice wants to confidentially communicate !!!
The overall number of different keys generated (in the ‘existence’):
O(2*N) = O(N) «< O(N2)
Asymmetric Encryption: Mode 1.a)
Protection of Confidentiality: Alice receives message from Bob
1) Each user generates a pair of keys.
(2) Each user places one of the keys in a public register -
this becomes the public key; the other is private key.
(3) If Bob wishes to send a
private message to Alice,
he uses Alice’s public key.
(4) To decrypt Bob’s message,
Alice uses her private key.
No other recipient can
decrypt Bob’s message
as only Alice knows her key.
Symmetric vs. Asymmetric Encryption
common
misconceptions
(1) public-key encryption is a general-purpose technique
that has made symmetric encryption obsolete
* public-key encryption is versatile but very slow –
symmetric encryption is still needed for encryption
of large messages!
* public-key encryption is used for authentication,
digital signatures, and exchanges of secret keys!
(2) exchange of asymmetric/public keys is much simpler
than exchange of symmetric/secret keys
* both schemes require a well established system and
protocols
Diffie-Hellman
irst published public-key encryption
algorithm (1976)
currently used in TLS (Transport Layer Security), SSH
IPSec protocol
purpose: enable two users to securely reach agreement
(i.e., generate) a secret key for subsequent symmetric
encryption without the involvement of a Key Dist. Cent. (KDC)
property: private key A and public key B generate the
same result as private key B and public key A
Diffie-Hellman
1) Before establishing a symmetric key, two parties choose/obtain
two integer numbers:
p – large prime number with 1024 bits (300 decimal digits)
g – base or generator (primitive root of mod p) – often 2, 3, 7
(2) Alice chooses a large random number x (1 ≤ x ≤ p-1)
and calculates Rx = gx mod p.
(3) Bob chooses another large random number y (1 ≤ y ≤ p-1)
and calculates Ry = gy mod p.
(4) Alice sends Bob Rx, Bob sends Alice Ry.
(5) Alice calculates K = (Ry)x mod p.
(6) Bob calculates K = (Rx)y mod p.
K = (gy mod p)x mod p = (gx mod p)y mod p = gxy mod p
Diffie-Hellman key calculation
Assume that p = 23 and g = 7.
1. Alice picks x = 3 and calculates R1 = 73 mod 23 = 21.
2. Bob picks y = 6 and calculates R2 = 76 mod 23 = 4.
3. Alice sends the number 21 to Bob.
4. Bob sends the number 4 to Alice.
5. Alice calculates K = 43 mod 23 = 64 mod 23 = 18.
6. Bob calculates K = 216 mod 23 = 85766121 mod 23 =
= 18.
7. The value of K is the same for both Alice and Bob.
gxy mod p = 718 mod 23 = 18.
With DH algorithm
if n people were to securely communicate
O(n2) message would still
have to be exchanges.
No built-in mechanism to
authenticate other users!!!
RSA
Rivest, Shamir, Adleman (1978, MIT)
first practically deployable public-key algorithm for
secure data transmission and other applications
was patented, but patent expired in 2000
RSA Security LLC – manufactures security solutions
deploying RSA, was later sold to Dell …
spin-off company: VeriSign (1995), bought by Symantec and now
DigiCert
based on practical difficulty of factoring the product
of two large prime numbers
like DH uses modulus arithmetic, but in a different way
DH is used to generate a secret key [key agreement] …
RSA is used to exchange a secret key [key transport] …
for subsequent symmetric encryption.
Internet protocols that use RSA
TSL, SSH, IPsec
RSA
basics of the math behind key establishment
(1) Choose two random large prime numbers p and q.
The larger the numbers, the more difficult it is to break RSA,
but longer it also takes to perform encoding and decoding!!!
RSA Laboratories recommends that the product of p and q
be 1024 bits long.
(2) Compute n = p⋅q and z = (p-1)⋅(q-1).
(3) Choose a number e < n with no common factors with z
other than 1. (e,n) – used in encryption, public key.
(4) Find a number d such that ed-1 is exactly divisible by z.
That is, choose d such that ed mod z = 1.
(d,n) – used in decryption, private key.
(5) Kpublic = (n, e), Kprivate = (n, d)
prove rsa
RSA – the basics of the math ... how can we prove: 1) modulo rules allow: 2) theory of large prime numbers allows: Asymmetric Ciphers: RSA (cont.) P = (Pe mod n)d mod n = (Ped mod n) mod n = Ped mod n = = Ped mod n = = P - when P
RSA – important properties
1) Given (e, n) = Kpublic it is/should be impossible to
compute (d, n) = Kprivate.
2) The public and private keys are ‘commutative’.
Asymmetric Ciphers: RSA (cont.)
RSA – important properties
Kpublic(Kprivate(P)) = Kprivate(Kpublic(P)) = P
K+(K-(P)) = K-(K+(P)) = P
provided p and q are
properly randomized !!!
RSA used to encrypt 8-bit messages
Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). m me c = m mod ne 12 24832 17 c m = c mod nd 17 481968572106750915091411825223071697 12 cd Encrypt: (e,n) Decrypt: (d,n) Encrypting 8-bit message: 0000 11002 = 1210 . Plaintext must be converted to a decimal number!!!
RSA used to encrypt letters
Jennifer creates a pair of keys for herself: p=397 and q= 401 => n=159197 and z= 158400. She then chooses e=343 and d=12007. Show how Ted can send a 2-letter text message to Jennifer if he knows e and n. Each letter encoded as a 2-digit number between 0 and 25, instead of using ASCII values (65 – 90). Not necessary to encrypt each letter/number separaterly
Application of RSA Cryptography
protect. of data confidentiality & user/message authenticity
other possible more common uses:
a) digital envelopes = fast exchange of confidential
messages (secret message & secret key sent at once)
b) digital signature =
= message integrity + message authentication, where
message integrity – guarantees that the message
has not been changed
message authentication – authenticates the sender
of the message
Digital Envelope
use of asymmetric encryption
for fast exchange of confidential messages
1) generate random symmetric key K symmetric
2) encrypt message using K symmetric – digital letter
3) encrypt K symmetric using receiver’s public key K+ - protective
digital envelope
4) send the two together !!!
Digital Signature
use of asymmetric encryption to protect message integrity + sender authenticity Public Key A+ A- A- A+ In some cases the confidentiality is not required - data sent in plaintext) but we want to be able to ensure .
RSA Application (cont.)
Example: Public encryption for all three – message
integrity, authentication and confidentiality
(digital signatures + confidentiality)
Reliable Public-Key Distribution
ust involve a trusted
third party
Certificate Authority – a trusted government agency or a
for-profit institution that issues Digital Certificates
IdenTrust, DigiCert, GlobalSign, …
Digital Certificate – digital document that binds a public
key to an identity (person or organization) and contains
Message Encoding vs. Encryption vs. Crypto. Hashing
all three transform message into another ‘format’
encoding and encryption are reversible, hashing is not!
1) message encoding – transforms data to another format
so that it can be properly/safely consumed by a different
type of system
does not aim to keep
information secret
does not require a key
encoding scheme is
publicly available and
relatively simple/fast
to perform
2) message encryption – transforms data to another format that cannot be easily consumed by anybody but the intended recipient(s) aims to keep information secret requires a key encryption scheme is publicly available but quite complex to perform/break
3) message hashing – used to validate the integrity of a given content by producing a fixed-length string with following attributes: does not require a key hashing algorithms are publically available the same input will always produce the same output any modification to the input should result in a drastic change to the output
Message Integrity
accomplished through the use
of cryptographic hash functions
hash function creates a small fixed-size digital
‘summary’ of the message that can be used as a
message fingerprint, aka hash or message digest
typical hash size: 128, 160, 256, 512 bits
popular standards:
(a) Message Digest 5 (MD5) – no longer secure
(b) Secure Hash Algorithm (SHA-2: SHA 256 & SHA 512)
Hashing (cont.)
Hash Function Criteria
to be eligible for a hash
a function needs to meet 6 important criteria:
Hash function h can be applied to block of data of
any size.
Hash function h produces a fixed-length output.
h(M) is relatively easy to compute for any given M,
making both hardware and software implementation
practical.
Collision Resistance.
Preimage Resistance.
Second Preimage Resistance.
collision
two messages create the same digest
Collision Resistance or Strong Collision Resistance:
must be extremely difficult to find any two M and M’
such that h(M) = h(M’)
if strong collision is possible => digital signatures
become meaningless
also relevant to online password cracking
Preimage Resistance or One Wayness
given a
hash function h and y=h(M), it must be extremely
difficult for Eve to find any message M’ such that
y=h(M’)
we should not be able to work ‘backwards’ and
(re)create the original message from a given hash
relevant for off-line password cracking
Second Preimage Resistance or Weak Collision
Resistance
Eiven M and its hash h(M) it should be
extremely difficult for Eve to find a second/another
message M’ such that h(M)=h(M’)
property intended to prevent an adversary from
appending a falsified message to a given hash
WHO Protects Information in Digital Age & WHY?
companies: trade secrets, intel. prop., customer records, …
governments: classified information, citizen records, …
individuals: personal & sensitive information (protect
from hackers and/or authorities)
Information Protection in Digital Age
Techniques
of digital information protection can be grouped in two
major categories:
Information Encryption
the content is ‘scrambled’ using a crypto-key, so it becomes
meaningless
however, the presence of information is ‘obvious’
no matter how ‘unbreakable’, encrypted message will arose
suspicion
Information Hiding
the goal is not just to prevent others from accessing hidden
information, but to make others unaware of the very existence
of the hidden information
Encryption vs. Information Hiding
unauthorized users will be aware
of the existence of confidential data
but will not be able to ‘read’ it
the actual existence of
the confidential data
is entirely obscured
from unauthorized users
Can be used when protecting both –
data ‘at rest’ and data ‘in transit’ !
Mimikatz is a
leading post-
exploitation tool that dumps
passwords from memory, as well as
hashes, PINs and Kerberos tickets
Warhead
small hard-
to-detect
piece of code
Steganography
teganography - Greek word for “concealed writing”
art and science of hiding information in some cover media
for the purpose of protecting information confidentiality
digital steganography – cover media: image, text, audio, video
unauthorized users cannot find/read confidential info
Watermarking
also aims to make information invisible, but for the purpose
of protection of intellectual property
unauthorized users
cannot use or
appropriate
somebody’s IP
Fingerprinting
embedding user-unique marking to different copies of content
for the purpose of tracking of intellectual property
users can be
tracked/identified
Watermarking vs. Digital Fingerprinting
The main difference between watermarking and fingerprinting is that the WM
remains the same for all copies of the IP while the FP is unique for each copy.
As such, FPs … enable tracking of IP misuse conducted by a specific user.
History of Steganography
the need to protect
information from unsolicited access, by making it
obscure, precedes our digital age
in ancient Greece, a message would be tattooed on the
shaved head of a messenger; the hair would be grown over
in era of printed press, different typefaces were used to
‘encode’ a message
in WW2, the French resistance used invisible ink (e.g., wax)
to write messages on the back of regular currier
Digital Steganography
process of hiding information in digital multimedia files
and in network packets
elements of digital steganography system include
cover media (C) that will hold the hidden data
secret message (M) - may be plain text or any other type of data
stego function (Fe) and its inverse (Fe-1)
an optional stego-key (K) or password to hide and unhide the
message
stego object (S) = cover media + secret message
What Makes Steganography Work?
digital steganography takes advantage of
1) space redundancy in cover media
2) data redundancy in cover media in combination with
inherent weaknesses of human perception
e.g., in computer/text file steganography, information can
be hidden in unused areas of the file/text
e.g., in image steganography, information can be embedded
in the Least Significant Bits (LSBs) of an image (introduced
change is insignificant for human eye)
e.g., in audio steganography, information can be embedded
in high frequencies of audio spectrum (human ear is insensitive
to slight variations in high audio frequencies)
Plaintext Steganography:
Use of Selected Characters in Cover Media
sender sends
1) text message / text file = stego object
2) a series of integer number = key
secret message is hidden within the respective
positions of subsequent words in cover media
The weather is sunny and wonderful.
They have gone running at the beach.
2 2 1 1 2 2 1 1 4 1 0 0 2
He is not here.
Example: Plaintext Steganography with Selected Characters
The weather is sunny and wonderful.
They have gone
Plaintext Steganography:
Line Shifting or Word Shifting in Cover Media
e.g., lines are shifted down by a small fraction
shift present = 1, shift not present = 0
e.g., words are shifted right by a small fraction
shift present = 1, shift not present = 0
encoded bits are extracted and compared against
a predefined Codebook
Digitized Image
Image is broken into a finite number of areas that contain the same color/shade. There is finite number of colors/shades available.
any image can be digitized – i.e., represented by a discrete
(finite) set of display elements holding same-color content
Digital Image
a 2D (NxM) array/grid of m-bit pixels
Pixel
fundamental same-color display element in a digital image each pixel is made up of one or more bits monochrome image: pixel = 1 bit => (black/white) grayscale image: pixel = 8 bits => 256 shades of gray RGB image: pixel = 24 bits => 8 bits for each – red, green, blue => 16777216 different color shades
What is the size (in kbytes and KBytes) of a grayscale image
comprising 200x300 pixels?
200 x 300 x 8 = 480,000 bits
= 60,000 bytes
= 60 kbytes
= 58.59 KBytes
kbyte = 103 bytes = 1000 bytes KByte = 210 bytes = 1024 bytes
Bits in a Pixel
relative importance
of different pixels is different
LSB – least significant bit – last bit
MSB – most significant bit – 1st bit
LSB carries the least information – it changes most rapidly MSB carries the most information – it changes least rapidly
Image Steganography:
Use of LSB to hide ‘image in image’
easiest and surprisingly effective way of hiding
information in an image
LSB(s) of each pixel in cover object/image are used to
hide the most significant bits of another image
algorithm:
(1) load up host image and image to hide
(2) choose the number of LSBs you whish to hide
the secret image in
more bits used
=> better quality of hidden image
=> more distortion in cover image
(3) to get original image back, pick out the LSBs
according to the number used in (2)
fewer LSB bits used
hiding’ capacity low –
better stego-image
worse recovered image
The entropy of
local attributes
measures
the (un)predictability of a region with respect to an assumed model of simplicity.
Pattern of LSB Embedding
ecret bits can be
embedded in LSBs of cover image in two ways:
sequentially
simple embedding & extraction of secret bits
statistics of cover image abruptly changed - easy to detect
randomly
the key to generate pseudorandom numbers must be sent
secret bits scattered throughout cover image - hard to detect
is ‘random’ choice of pixels an ideal approach to
information hiding in an image ???
Should not ‘mess up’ pixel values in areas of ‘low entropy’. What is a better place to hide secret bits: - same-color background - part of image with lots of detail ???
Image Steganography:
Use of Discrete Cosine Transform (DCT)
DCT is one of key components of JPEG compression
JPEG algorithm:
(1) algorithm is split in 8x8 pixel squares
(2) each square is transformed via DCT to
64 frequency components
(3) each DCT coefficient is quantized against
a reference table – many bits get removed
more bits are used for low-freq. and fewer
for high-freq. components
(human eye is more sensitive to low-freq. info)
(4) many coefficients are (now) close in value =>
run/variable length coding can be used
Image Steganography:
Use of Discrete Cosine Transform (DCT) - cont.
Possible Approaches to Hiding Data in DCT
(A) hide secret data in LSBs of selected or non-
significant DCT coefficients (high. frequencies)
(B) hide secret data in LSBs of DCT coefficients
(C) hide one bit of data in each 8x8 block of DCT:
0 => all coefficients even
1 => all coefficients odd
Audio Steganography:
Least Significant Bit (LSB) Coding
LSB of each audio sample is replaced with a secret bit
Audio Steganography:
Spread Spectrum
secret bit is spread across cover audio in form of
high-frequency noise
IP Datagram Steganography:
Using Identification Field in IP Packet
IP Identification Field = 16 bits long - used to uniquely
identify an IP packet - useful in case of fragmentation
Datagram Steganography:
Using Sequence Number in TCP Packets
TCP Sequence Number = 32 bits - keeps track of
byte order in payload - useful in payload reassembly
Magic Triangle of Data Hiding Techniques
outlines
different goals / trade-off of digital steganography
capacity: how much bits can be hidden in a cover image
imperceptibility: how easy it is to spot hidden data
robustness: hidden message in stego-object unaffected by
rotation
compression
cropping
additive noise
CAPACITY
ROBUSTNESSIMPERCEPTIBILITY
tradeoff triangle of
‘data hiding’
features
(invisibility / secrecy)
Data Hiding Tech.: Evaluation
Example: tradeoff triangle –
steganography vs. watermarking
Additional Requirements on Data Hiding Techniq.
security: embedded info. cannot be removed unless attacker
has the full knowledge of algorithm and/or secret key
extraction complexity: computational effort/time to extract
hidden information
embedding complexity: computational effort/time to embed
hidden information
Watermarking
Process Components / Terminology
Watermark (W)
each owner has a unique watermark (e.g., ‘layer’ of 1 bit/pixel)
Marking Algorithm
incorporates the watermark into the image
Verification Algorithm
determines the integrity/ownership of the image
Watermarking - Categories
Private vs. Public
Private – a secret key was used in watermarking process
=> only authorized users can recover it
(can be used by owner to demonstrate ownership
once he discovers illicit use)
Public – anyone can read watermark – key is not a ‘secret’
(can be used to actually discover all illicit uses –
e.g., by providing the watermark key to search
crawlers)
BluStealer
is a new information-stealing malware that contains the functionality to
steal login credentials, credit card data, cryptocurrency and more. This harvested
data is returned to the attacker via SMTP and the Telegram Bot API.
ChromeRecovery begins by scanning the infected machines for any potential login
credentials for web browsers, FTP clients and email clients. In the screenshot below,
the malware can be seen searching through the directories of various well known
web browsers, including Chrome™ and Opera
Software Keylogger –
captures keystrokes
in a compromised system
Hardware Keylogger
Not ‘classical’ malware – does not require any software or drivers to be
installed on the victim machine.
Logger is plugged in between USB keyboard (connector) and USB port.
All keyboard activity is logged to its internal memory.
Effective against antivirus protection; no ‘physical trace’ stays on the
victim machine => challenge for forensics analysis!
Memory (RAM) Scraper –
Steals data when
processed in memory
best place to steal data - everything is decrypted
Desktop Recorder –
takes screenshots of the
desktop (e.g.) when mouse clicked or keyboard
pressed
disadvantage: amount of that that needs to be
stored / transmitted
RANSOMWARE
RANSOMWARE – holds data or access to systems containing
data until the victim pays a ransom
subcategories of ransomware based on
implementation
Threat Events: Software Attacks (cont.)
1) CryptoLockers – encrypts victim’s data or
entire hard-drive get encrypted
2) ScreenLockers – user is locked out and
denied login to the system
SCAREWARE
malicious programs that aim to scare users
into installing a program and sometimes
even paying for it
program is ‘supposed’ to solve a problem that
does not exist!
SPYWARE
Software that spies on users by gathering
information without their consent, thus
violating their privacy
example: Zango – transmits detailed information
to advertisers about Web sites you visit
legal spyware – parental monitoring of Internet
usage by children
ADWARE
software that
delivers advertising content
in a manner that is unexpected
and unwanted by the user
Password Cracking
can be ‘on-line’ and ‘off-line’
off-line crackers attempt to reverse-calculate a password
requires that a copy of Security Account Manager (SAM)
- a registry data file - be obtained
SAM file (c:\windows\system32\config\SAM) contains the
hashed representation of the user’s password – LM or NTLM hash
algorithms are used
cracking procedure: hash any random password using the
same algorithm, and then compare to the SAM file’s entries
SAM file is locked when Windows is running: cannot be opened,
copied or removed (unless pwdump is run by the administrator)
off-line copy of SAM’s content can be obtained (e.g.) by booting
the machine on an alternate OS such as NTFSDOS or Linux
types of password cracking attacks
brute force – every possible combination/password is tried
dictionary – a list of commonly used passwords (the dictionary)
is used
guessing – the attacker uses his/her knowledge of the user’s
personal information and tries to guess the password
Denial of Service (DoS)
attacker sends a large number of requests to a target
target gets overloaded and cannot respond to legitimate requests
distributed DoS = DDoS - a coordinated stream of requests
is launched from many locations (zombies) simultaneously
zombie/bot – a compromised machine that can be commanded
remotely by the master machine
botnet – network of bots + master machine
Mafiaboy story - DDoS
In 2000, a number of major firms were subjected to devastatingly
effective distributed denial-of-service (DDoS) attack that blocked
each of their e-commerce systems for hours at a time. Victims of
this series of attacks included: CNN.com, eBay, Yahoo.com,
Amazon.com, Dell.com, ZDNet, and other firms.
The Yankee Group estimated that these attacks cost $1.2 billion in
48 hours:
$100 million from lost revenue
$100 million from the need to create tighter security
$1 billion in combined market capitalization loss.
At first, the attack was thought to be the work of an elite hacker, but it
turned to be orchestrated by a 15-year-old hacker in Canada.
He was sentenced to eight months detention plus one year probation
and $250 fine.
Spoofing
insertion of forged Internet identification data in order to
gain an illegitimate advantage (in packets, web-requests,
emails)
types of spoofing
IP Spoofing – creation of IP packets with a forged source IP
address, e.g. for the purpose of ‘passing through a firewall
Email Address Spoofing
creation of email messages with
a forged sender address, e.g. for the purposes of social
engineering and data phishing
types of spoofing (cont.)
Referrer or User Agent Spoofing – creation of HTTP requests
with forged fields in order to gain access to a protected web-site
* some sites allow access to their material only from certain
approved (login) pages and/or only to humans
Sniffing
use of a program or device that can monitor data traveling over a network unauthorized sniffers can be very dangerous – they cannot be detected, yet they can sniff/extract critical information from the packets traveling over the network wireless sniffing is particularly simple, due to the ‘open’ nature of the wireless medium popular sniffers: Wireshark – wired medium Cain & Abel – wireless medium Kismet – wireless medium
Man-in-the-Middle Attacks
gives an illusion that two computers are communicating
with each other, when actually they are sending and
receiving data with a computer between them
spoofing and/or sniffing can be involved
examples:
passive – attacker records &
resends data at a later time
(acts as a signal/packet
repeater)
active – attacker intercepts,
alters and sends data
before or after the original
arrives to the recipient
DNS Poisoning (active Man-in-the-Middle attack
Domain Name System (DNS) poisoning and spoofing are types of cyberattack that exploit DNS server vulnerabilities to divert traffic away from legitimate servers towards fake ones. Once you’ve traveled to a fraudulent page, you may be puzzled on how to resolve it — despite being the only one who can. You’ll need to know exactly how it works to protect yourself.
DNS spoofing and by extension, DNS cache poisoning are among the more deceptive cyberthreats. Without understanding how the internet connects you to websites, you may be deceived into thinking a website itself is hacked. In some cases, it may just be your device. Even worse, cybersecurity suites can only stop some of the DNS spoof-related threats.
Social Engineering
process of using social skills to manipulate people into
revealing vulnerable information
either by believing that an email came from a legitimate person
or believing that a web-site is the real web-site, or both!
g) Phishing – involves fake/spoofed emails + …
attempt to gain sensitive personal information by
posing as a legitimate entity
SIMPLE PHISHING: an email is sent to the victim informing
them of a problem (e.g. with their email or banking
account) and asking them to provide their username,
password, etc.;
‘From’ email address is spoofed to look legitimate, ‘Reply
To’ email address is an account controlled by the attacker
SOPHISTICATED PHISHING
In email is sent to the victim
containing a link to a bogus website that looks legitimate
Example: Phishing using URL Links Embedded in HTML-based
Emails
Pharming
involves a fake Web-site (remember Lab 1)
phishing is accomplished by getting users to type in or
click on a bogus URL
pharming redirects users to false website without them
even knowing it – typed in or clicked on URL looks OK
performed through DNS
poisoning – user’s local
DNS Cache or DNS server
are ‘poisoned’ by a virus
Biggest Challenge of – How much security?!
Information Security
Information security should balance protection & access
- a completely secure information system would not allow
anyone access!
Worm propagation
Consider a network consisting of N machines and a worm that uses ‘local
network’ propagation model. In particular, at time t=0, the worm has
infected only 1 machine. In each subsequent minute, every infected
machine contacts and successfully infects k=2 other machines on the
same network. (You can also ssume:
1) All the machines in this network are ‘vulnerable’ to the given worm.
2) The worm is ‘smart’ so that an infected machine never tries to infect
another infected machine.)
If N = 200, how many minutes does it take to infect all the machines in
the system?
Solution
1st minute: 1 old + 2 new infected = 3 infected machines
2nd minute: 3 old + 32 new infected = 9 infected machines
3rd minute: 9 old + 92 new infected = 27 infected machines
4th minute: 27 old + 272 new infected = 81 infected machines
5th minute: 81 old + 812 new infected = 243 infected machines
WORM
state of worm technology
i) multi-platform / cross-platform - target a variety of
platforms / OSs
ii) multi-exploit - penetrate systems in a variety of
ways (through email, browsers, file sharing, …)
iii) ultrafast spreading - use various techniques to
to identify as many vulnerable machines in a short
period of time
iv) polymorphic
v) metamorphic
vi) multi ‘transport vehicle’ - can carry a variety of
payloads (rootkits, spam generators, bots, etc.)
vii) zero-day exploit - try to exploit new/unknown
vulnerabilities
Nimda (2001)
rst multi-exploit
worm – used 5 different infection paths:
* via email
* via browsing of compromised web
sites – an injected java-script would
allow the downloading of Nimda
* via open network shares on LANs
* via exploiting of vulnerabilities in
Microsoft’s IIS server
* via back doors left behind by the Code Red
Nimda cost an estimated $635 million in damages.
https://www.techrepublic.com/article/learn-what-nimda-worm-does-and-how-to-combat-it/
https://www.eweek.com/security/nimda-takes-over-the-net/
Nimda itself does not contain a destructive payload beyond modification of
Web content to continue to propagate itself.
DoS may occur because of the volume of e-mail traffic triggered by this
worm, but it doesn’t appear to be targeting specific systems with a DoS attack.
Stuxnet (2010)
a highly sophisticated worm that used a variety
of advanced techniques to spread, including:
- by the use of shared infected USB drives (spreads even
between computers that are not connected to the Internet);
- by connecting to systems using a default SQL database password;
- by searching for unprotected administrative shares of systems
on the LAN; …
While it was programmed to spread from system to system, it
was actually searching for a very specific type of system to
execute – programmable logic controller (PLC) system made by
Siemens and run on devices that control and monitor industrial
processes. When it found such a system, it executed a series
of actions designed to destroy centrifuges attached to the
Siemens controller.
Zero-Day Vulnerability
a computer-software vulnerability
NOT known to or addressed by the vendor and users of the
vulnerable software
Common Vulnerability Exposure (CVE) –
ogram launched
in 1999 by MITRE to identify and catalog vulnerabilities in software
and firmware
MITRE – US non-profit funded by Cybersecurity and Infrastructure
Security Agency, part of the US Department of Homeland Security
CVE database – list of publicly disclosed computer security flaws
CVE entry/report – brief description of a reported vulnerability –
does not include technical data or information about risk and fixes
CVE reports can come from anywhere: a vendor, a researcher,
a clever user …
CVSS = CV Scoring System - set of open
standards for assigning a number/score
to a vulnerability to assess its severity
[ scores range from 0 to 10 ]
TROJAN HORSE
malware that looks legitimate and is advertised as performing one activity but actually does something else; it does NOT self-replicate example: AOL4Free - advertised free access to AOL Internet Service; would delete hard drive common types of Trojans: destructive – designed to destroy data or kill the system – not common today remote access – designed to give an attacker control over the victim’s system (client-server model) data sending – designed to capture and redirect data (keystrokes, passwords, ...) to an attacker
common types of Trojans (cont.)
Denial of Service – designed to conduct a DoS
attack on a predefined IP address
FTP – designed to set up the infected system
to serve as an FTP server for illegal software,
pirated movies and music, etc.
Most Trojans do not ‘damage’
the host computer,
but instead use its resources
for illegal purposes
through a client-server connection.
How can we detect a Trojan?!
most Trojan ‘exfiltrate’ or ‘infiltrate’ data
to/from remote machines (over the Internet)
common techniques of Trojan detection: on the infected computer – run netstat and look for unusual ports and connections from the infected network – scan the network with nmap and look for systems with unusual open ports
LOGIC BOMB
malware typically installed by an authorized
user; lies dormant until triggered by a
specific logical event; once triggered, it can
perform any number of malicious activities
trigger events:
1) a certain date reached on the calendar –
check for organization payroll data;
2) a person was fired – files deleted once his
account got disabled
Roger Duronio story – logic bomb
In 2002, disgruntled system administrator for UBS Investment Bank
was accused of planting a logic bomb shortly before quitting his job.
The bomb had been designed to wipe out 2,000 files on the main
servers for UBS, and cripple the company.
His plan was to drive down the company’s stock, and eventually profit
from that (put option contract).
During the downtime caused by the logic bomb, brokers could not
access the UBS network or make trades. According to one employer:
“Every branch was having problem. Every single broker was
complaining. They couldn’t log onto their desktops and [get to] their
applications because the servers were down. …”
In 2006, Duronio was convicted and sentenced to 8 years and 1 month
in prison as well as $3.1 million restitution to UBS.
ROOTKIT
stealthy software with root/administrator
privileges – aims to modify the operation of the
OS in order to facilitate a nonstandard or
unauthorized functions
unlike virus, rootkit’s goal is not to damage computer
directly or to spread, but to hide the presence and/or
control the function of other (malicious) software
since rootkits change the OS, the only safe and
foolproof way to handle a rootkit infection is to
reformat the hard drive and reinstall the OS
Sony story – rootkit
n 2005, Sony included a rootkit program Extended Copy Protection (XCP) on
many of its music CDs in an attempt to limit the user’s ability to access the
CD and prevent illegal copying.
The software was automatically installed on Windows desktop computers
(in a hidden directory + modified the OS) when customers tried to play the CD.
Threat Events: Software Attacks (cont.)
https://www.eff.org/cases/sony-bmg-litigation-info
XCP (Extended Copy Protection) and MediaMax - software for
copy protection and digital rights management used by Sony
Blacklisting vs. Whitelisting
Whitelisting and blacklisting prevent malware but they do this
in opposite ways.
blacklisting vs. whitelisting – which is faster, which is stricter ?!?
Blacklisting:
allow everything block some good for detecting yesterday’s (known) threats
Whitelisting:
block everything allow some - aka “zero trust” good for detecting zero-day threats
Blacklisting / Whitelisting
The concept also applies to: • Web Domains (in a browser) • IP addresses (in a firewall) • email addresses (in email client) • Intrusion Detection System (IDS) signatures ...
Dynamic Malware Analysis
A sandbox typically provides a tightly controlled set of resources for guest programs to run in. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.
VIRUS
classification of viruses by concealment strategy
i) polymorphic virus – mutates (changes its
appearance) with every infection to avoid
‘signature’ (bit pattern) detection
iv) metamorphic virus - mutates (changes its behavior
dynamic binary/opcode/) with every infection while
remaining ‘functionally equivalent’
ii) encrypted virus - a portion of the virus creates
a random key and encrypts the remainder -
special case of polymorphic virus
iii) stealth virus - uses special techniques to conceal
its presence on the OS
makes sure that ‘last modified’ date of host file
remains unchanged
makes sure that the size of host file appears/
stays the same - aka cavity viruses
Different generations of anti-malware / malware weapons
Look for some variations in
the sequence of 0s and 1s.
Look for an identical
sequence of 0s and 1s.
A malware packer is a tool used to mask a malicious file. Packers can encrypt, compress or simply change the format of a malware file to make it look like something else entirely. (Sequence of instructions in the malicious code unchanged.)
WORM
alware actively seeks out more machines to
infect and then each infected machine serves
as an automated launching pad for attacks on
other machines
worms exploit software vulnerabilities in client or
server programs to gain access to a new system
(worm = power of virus + convenience of Internet)
IMPORTANT: viruses vs. worms
viruses need a carrier medium (document or
program to ‘attach’ itself to) and then require
user action to propagate
worms do not always need a carrier or human
action to move (can some times ‘move’ on their
own), are typically spread through the Internet,
does not always rely on user to replicate/infect
WORM
classification of worms by replication strategy
1) electronic mail or instant messaging - worm emails
a copy of itself to other systems, or sends itself as
an attachment via an instant message service
2) file sharing - worm copies itself on removable
media such as USB drives; it, then, executes
when the drive is connected to another system
3) remote login capability - worm logs onto a remote
system as a user and then uses commands to
copy itself from one system to another
4) remote file access or transfer capability - worm
uses a remote file access or transfer service to
another system to copy itself
etc. ….
USB Virus vs. USB Worm
VIRUS: Malware ‘sits’ inside a ‘carrier’ (program/document) and requires the user to manually move the carrier ‘onto’ a USB (on one computer) and ‘from’ a USB (to another computer) and to click on it
Worm: Malware on its own infects the
USB (copies itself as autoran.inf); when
plugged into a new host, automatically
executed & infects the new machine.
Worm Components
Methods worms use to first gain access to the victim machine: - drive-by- download - email - file sharing etc. Methods worms use to transfer the rest of its body to the target: - file transfer - HTTP etc. Once the worm is running on the victim machine it starts looking for new victims to attack - email address - host lists - different IPs targets etc. Using addresses generated by the target engine, the worm actively scans across the network to determine suitable victims Chunk of code designed to implement some specific action on behalf of the attacker on a target system. It is what the worm does when it gets to a target ... - opening a backdoor - planting a DDoS bot - performing a complex math operation (e.g., cryptominer)
Emotet
Propagation
Engine
Warhead -
small hard-
to-detect
piece of code
Target Selection
Algorithm
+
Scanning Engine
Payload
WORM
classification of worms by target discovery
a) random - each compromised host probes random
addresses in IP addr. space - fast development, but
1) unknown results (many machines may not be
vulnerable), 2) some machine may already infected
b) hit list - the attacker pre-compiles a long list of
potentially vulnerable machines, each infected
machine uses a part of this list - time consum. devel.
c) topological - worm uses information contained on
the infected machine to find more hosts to scan
- e.g., worms infecting/exploiting P2P applications
d) local subnet - worm uses the subnet address
to find other vulnerable machine on the same
network (works well against firewall-protection)
Deliberate Software Attacks
a deliberate action aimed to violate / compromise a
system’s security through the use of specialized software
types of attacks base on the type of malicious software:
a) Use of Malware
b) Password Cracking
c) DoS and DDoS
d) Spoofing
e) Sniffing
f) Man-in-the-Middle
g) Phishing
h) Pharming
Hacker
person that conducts a deliberate software attack Script Kiddies: Individuals with (only) enough understanding of computer systems to be able to download and run scripts that others have developed. Vast majority of attack activity on the Internet is carried out by these individuals. Script Writers: Individuals capable of writing scripts to exploit known vulnerabilities. Elite Hackers: Individuals capable of discovering new vulnerabilities and writing programs (scripts) that exploit those vulnerabilities. Threat Events: Software Attacks (cont.) (can be distinguished based on their ‘skill level’ & their ‘mission’)
Use of Malware
MALWARE – a program that is inserted into the victim
system, usually covertly, with the intention to:
1) compromise the CIA of the victim’s data, application(s)
or the OS
2) misuse the resources of the victim computer, or
3) otherwise annoy or disrupt the victim
(malware examples: virus, worm, trojan, key-logger, …)
Threat Events: Software Attacks (cont.)
• Common Malware Targets/Objectives
steal credit card data, passwords, ….
destroy files, boot records, …
store illegal music, movies, pirated software, ..
Malware Based on What it Does
corruption of system or data files - virus & worms
turning the victim into a zombie - bot/botnets for DDoS
theft of information (logins, passwords, …) - keyloggers
& spyware
hiding of its presence - backdoors & rootkits
• Malware Based on How It Spreads/Propagates
carried/spread by ‘carriers’ + replicate = virus
spread over a network on their own + replicate = worms
use ‘social engineering’ to ‘sneak in’ = trojans
local machine harm
remote machine harm
produce copies of
themselves
no machine harm
Malware Types
Virus Worm Trojan horse Logic Bomb Rootkit Information Stealer Ransomware Scareware Spyware Adware
VIRUS
piece of software that ‘infects’ other host programs
(executable) by modifying them
once a virus attaches to an executable, it can do
anything that the executable is permitted to do
(e.g., erase files & programs, change settings, etc.)
When viruses attach themselves to the executable files, they alter the instruction pointer of the executable programs in such a way that the virus code gets executed first before the actual executable code.
VIRUS phases of virus lifetime
1) dormant phase - the virus is idle and eventually
gets activated by some event (date, presence of
another program or file, …) - not always present
2) propagation/infection phase - the virus places a
copy of itself into other programs - each infected
program will contain a clone of the virus which
itself will enter a propagation/replication phase
3) triggering phase - the virus is activated to perform
the function for which it was intended - again, it
can be caused by a variety of system events (e.g.,
number of times that the virus has replicated)
4) execution phase - the malicious function is
performed and can be
harmless, (e.g.) a message on the screen
harmful, (e.g.) destruction of programs or files
IMPORTANT
viruses need ‘2 factors’ to replicate -
carrier = document or host program, and
user = to initiate the propagation/triggering phase
VIRUS To infect the victim machine, virus must be executed!
Different viruses rely on different tech. to be executed.
classification of viruses by target / means of execution
a) boot sector infector - infects a master boot record
and spreads when a system is booted from the
disk containing the virus - nowadays rare
b) file infector - infects executable files (.exe, .com)
c) macro virus - infects files with macro or scripting
code that are interpreted by an application -
easily spread, as ‘documents’, not applications
are commonly exchanged among users today
d) multipartite virus - uses multiple ‘attack vectors’,
e.g., both boot sector and executable files on
hard drive - most difficult to eradicate
Boot Sector Virus
The Master Boot Record (MBR) is the information in the first sector of any hard disk or diskette that identifies how and where an operating system is located so that it can be boot (loaded) into the computer's main storage or random access memory.
File Infector Virus
[found in .exe, .com programs]
Macro Virus
[found in .doc, .pdf files that get interpreted
by MSWord and Acrobat]
macro - list of ‘shortcut instructions’ in a document (e.g., in Visual Basic)
https://www.slideshare.net/lastlinesecurity/introduction-to-malware-part-1
Infect data files
rather than
programs !!!
Forces of Nature
fire, flood, earthquake, hurricane,
tsunami, dust contamination, …
cannot be fully predicted/prevented
organization must implement controls to limit damage
as well as develop incident response plans and business
continuity plans
Hardware and Software Failures and Errors
cannot be fully predicted/prevented by the organization
causes of hardware failures: wear, tear, age, operating
environment (e.g., high temperature, moisture, dust), …
best defences against hardware failures:
redundancy (e.g., backup servers)
continuous monitor hardware devices (where & how deployed)
causes of software failures: difficulty of testing software
for all possible inputs & all possible operating conditions;
OS evolutions and software incompatibilities …
best defences against software failures:
keep up-to-date with software updates and vulnerabilities
continuously monitor and maintain software system
Act of Human Error or Failure
organization’s own employee’s are
one of its greatest threats
examples:
revelation of classified data (e.g., phishing)
accidental deletion or modification of data
failure to protect data
storing data in unprotected areas
entry of erroneous data
preventative measures:
training and ongoing awareness activities
enhanced control techniques:
require users to type a critical command twice
ask for verification of commands by a second party
Much of human error or failure can be prevented!
Deviations in Quality of Service
in organizations that relies on the Internet and Web, irregularities in available bandwidth can dramatically affect their operation e.g., employees or customers cannot contact the system possible ‘defence’: backup ISP or backup power generator
Passive Attack
attempts to learn or make use of info. from the system but does not affect system resources compromises Confidentiality generally hard to detect !!! examples: traffic sniffing
Active Attack
attempts to alter system resources or affect their operation compromises Integrity or Availability examples: man-in-the-middle, data/packet injection and DoS
Compromise to Intellectual Property (IP)
IP = any intangible asset that consist of
human knowledge & ideas – creations of
the mind (copyright, patent, trade secret)
any unauthorized use of IP constitutes
a security threat (MS Office, Adobe Acrobat)
defense measures:
use of digital watermarks and embedded code
Peter Morch story – compromise to IP by insider
In 2000, while still employed at Cisco Systems, Morch logged into a computer
belonging to another Cisco software engineer, and obtained (burned onto a CD)
proprietary information about an ongoing project.
Shortly after, Morch started working for Calix Networks – a potential competitor
with Cisco. He offered them Cisco’s information.
Morch was sentenced to 3 years’ probation.
Deliberate Act of Info. Extortion / Blackmail
hacker or malicious insider steals information & demands compensation for its return or non-disclosure example: theft of data files containing customer credit card information
Deliberate Act of Sabotage or Vandalism
acker or malicious insider destroys an
asset in order to cause financial loss or
damage the organization’s reputation
example:
hackers accessing a system and damaging
or destroying critical data
Deliberate Act of Trespass
unauthorized access to info. that an organization is trying to protect (e.g., through stolen passwords) low-tech e.g.: shoulder surfing high-tech e.g.: hacking
Security Threat -
any event (action/inaction) that may /
may not happen, but has the potential to cause disclosure,
alteration, loss, damage or unavailability of a company’s
(or an individual’s) assets
Three main components of a security threat:
arget [asset/resource with vulnerability]: organization’s
system resource that might be attacked
information/data (its confidentiality, integrity, availability), software,
hardware, communication facilities and networks, etc.
Agent [may or may not be present]: people/organizations
originating the threat – intentional or non-intentional
employees, ex-employees, hackers, commercial rivals, terrorists, …
Event: possible action that exploits target’s vulnerability
malicious / accidental destruction or alteration of information, misuse
of authorized information, etc.
Threat in WiFi network
Asset with v.
WiFi-signal carrying
important data
within outsider’ reach
Agent competitor or hacker actually interested in seizing data
event it is possible for someone, by investing time & effort, to capture/sniff wireless data
NO EVENT ⇒ NO THREAT !!!
outsider vs. insider, deliberate vs. accidental
Example of insider causing accidental threat: SysAdmin has added a new
software to the system and has forgotten to change the password
Asset with vulnerability Agent Event Threat deliberate or accidental outsider or inside
attack definition
THREAT EVENT DELIBERATELY EXECUTED BY AGENT = ATTACK
Criteria for threat identification/prioritization :
asset identification
e.g. what are the company’s main assets:
(a) web servers (e-commerce company), or
(b) workstations (software develop. company)?
threat identification [ asset-vulnerability, agent, event ]
some assets have multiple vulnerabilities (e.g., web-server)
but they are not all equally likely to be exploited …
organizational strategy regarding risk
different threats pose different risks
Extended C.I.A. Triangle
some security experts
feel that additional concept need to be added to
(i.e., reinforced in) the traditional CIA triad:
authenticity - being able to verify that users are who
they claim to be, and that each data
input has come from a trusted source
accountability - being able to trace actions of an entity
uniquely to that entity
Where & how do we start
evaluating and building/protecting
a security system?
We know that we want to protect the CIA of data. But,
1) Data can reside in several different states.
2) Data can be attacked/protected in several different
ways – e.g., through technology or through people.
CNSS = Committee on National Security Systems
McCumber Cube – Rubik’s cube-like detailed
model for establishment & evaluation of info. security
to develop a secure system, one must consider not only
key security goals (CIA) but also how these goals relate
to various states in which information resides and full
range of available security measures
data
states
objectives
when
protecting
data means of
protecting
data
CNNS Category 2: Information States
Storage - aka ‘data at rest’, is data stored in permanent
(secondary) memory, such as hard disk, USB, removable drive
Transmission - aka ‘data in transit’ - data being transferred
between systems, in electronic form OR physical form
Processing - aka ‘data in use’ - data being actively examined
or modified
CNSS Category 3: Countermeasures/Safeguards
Technology - software and hardware solutions (e.g.,
antivirus, firewall, IDS system, cryptography, backups, etc.)
Policy and practices - administrative controls, such as
management directives (e.g., acceptable use policies)
People - aka awareness, training, education - ensure
that users are aware of their roles & responsibilities
cube
Each of 27 cells in the cube represents an area that
must be addressed to secure an information system
e.g., intersection between data integrity, storage and
technology implies the need to use technology to protect
data integrity of information while in storage
solution: new ‘file check sum’ (cryptographic hash) is calculated every
time a critical file is modified …
Example: How to protect
- confidentiality of data
- while in transit (e.g., moved to/by USB)
- through education/awareness?
Scenario: An employee stores company
information on a personal USB drive, in
order to transfer it to another computer
(e.g., work from home)
Safeguard: Educate employees about
the importance of carefully handling data
and encrypting data before transferring it
to insecure ‘movable’ media – in case that
USB is infected or lost, encryption ensures
that data cannot be read
Protecting Confidentiality of Data
‘In Transit’ Over Wireless Medium
Busy downtown office: WiFi used in an area that is within outside reach. Remote nuclear plant: WiFi used in an area that is NOT within outside reach.
Who is responsible for ‘security of information’?
“In the last 20 years, technology has permeated every facet
of the business environment. The business place is no longer
static – it moves whenever employees travel from office to
office, from office to home, from city to city. Since business
have become more fluid, …, information security is no longer
the sole responsibility of a small dedicated group of
professionals, …, it is now the responsibility of EVERY employee ….”
Role of ‘Supply Chain’ / 3rd Party Businesses …
in addition to their own
security team & employees,
3rd party employees are also
important …
C.I.A. Triangle
key characteristics of information
that must be protected by information security:
confidentiality - only authorized parties can view private
information
integrity - information is changed only in a specified and
authorized manner (by authorized users)
availability - information is accessible to authorized users
whenever needed
C.I.A. of Information Security
Different organizations may view one of the CIA
components as being more important than others!!!
DATA CONFIDENTIALITY
Student grade – an information asset of
high importance for student.
In US, release of such information is regulated by Family
Educational Rights and Privacy Act (FERPA).
Grade information should only be available to students,
their parents and employees that require this information
to do their job.
In Canada, the same issue is regulated by Personal
Information Protection and Electronic Documents Act
(PIPEDA).
How to ensure data confidentiality?
cryptography strong access control limiting number of places where data can appear (e.g., cannot be stored on an USB) C.I.A. of Information Security (cont.) What is a potential drawback of protecting confidentiality through encryption?!
DATA INTEGRITY
Patient information in a hospital –
the doctor should be able to trust
that the information is correct and
current.
Inaccurate info could result in serious
harm to the patient end expose the
hospital to massive liability.
In US, Health Insurance Portability and Accountability Act
(HIPAA) regulates the collection, storage, and transmission
of sensitive personal health care information.
Hospital is responsible for safeguarding patient information
against error, loss, defacing, tampering and unauthorized use.
(Ontario’s Personal Health Information Protection Act - PHIPA)
How to ensure data integrity?
strong access control - good at preventing
attacks on data integrity
cryptography
(hashing)
- detects attacks
on data integrity
documenting system activity (logging) - who did what
and when - detects attacks on data integrity
DATA AVAILABILITY
Accessible and properly functioning
web site – a key asset for an
e-commerce company.
E.g., a DDoS attack could make the site
unavailable and cause significant
loss in revenue and reputation.
In US, Computer Fraud and Abuse Act (CFAA) applies to
DoS-related attacks.
In Canada, DoS activities are regulated under Criminal
Code of Canada, Section 342: Unauthorized Use of
Computer
C.I.A. of Information Security (cont.)
Do you know any other types of attack on data availability??
How to ensure data availability?
anti-DDoS system (in case of attack that attempt to
prevent access by blocking the bandwidth/server):
e.g., content distribution networks, scrubbing centers
well established backup procedure (in case of attacks
that prevent access by encrypting or destroying data)
Computer
general purpose device that can be programmed to carry out a set of arithmetic or logical operations automatically examples: desktops laptops, tablets mobile phones printers, servers routers, firewalls IoT devices industrial controllers ... alternative definition: electronic device for storing and processing of data/information
• Information Technology
echnology
involving development OR use of computer
systems & networks for the purpose of
processing & distribution of data/information
categories of IT jobs:
IT engineer - develops new or upgrades existing IT equipment
(software or hardware)
IT architect - draws up plans for IT systems and how they
will be implemented
IT administrator - installs, maintains, repairs IT equip./system
IT manager - oversees other IT employees, has authority
to buy technology and plan budgets
IT security specialist - creates and executes security
applications to maintain system security and safety
Information System
entire set of data as well as
software, hardware, networks, people, procedures &
policies that deal with processing & distribution of
information (data) in an organization
each component has its own strengths, weaknesses,
and its own security requirements
Information/data is
Information/data is - stored on computer hardware, - manipulated by software, - transmitted by networks, - used by people, - controlled by procedures & policies
Computer Security vs. Information Security
terms are often used interchangeably, but …
computer security (aka IT security) is mostly concerned
with information in ‘digital form’
information security is concerned with information in
any form it may take: electronic, print, etc.
Should you (as an individual) worry about data breaches?
a) your university suffers a data breach
b) your bank suffers a data breach
your PII compromised, your grades leaked
can lead to identity theft or blackmail …
your online banking credentials stolen (user login, password)
your money gone …
c) your hospital suffers a data breach
your health information stolen
your chances of getting employed reduced …
common costs / damages:
direct, shorter term
- operational disruption
- cyber-security investigations
- attorney fees
- government fines
- drop in stock price, …
* indirect, longer term - damage to brand and reputation
- loss of intellectual property
- increased insurance premium,
hack
identification & exploitation of
weaknesses in a computer system or
a network in order to achieve a
nefarious objective
* an intentional attack typically conducted
by a malicious outsider
* could, but does not have to, result in a
data breach / leak (e.g., DDoS, logic bomb)
weaknesses commonly exploited in a hack
- weak or compromised credentials
- careless / untrained employees (social engineering)
- missing or poor encryption
- misconfiguration (e.g., in a firewall)
- vulnerabilities (e.g., in servers or workstations)
- third- or fourth- party vendors,
Main goals of Cyber Security ?
what is this course about
Learn why it is important to protect the CIA of data, and how to do it. \$\$$ is at the bottom line !!! (prevent financial losses) • Steganography • Cryptography • Access Control / Passwords • Policy ... • IT Security Risk Management
data breach (data leak)
exposing of
sensitive, confidential and/or protected
data to someone who should not have
access to that data
* could be deliberate or unintentional !
* common type of leaked information:
1. financial data (e.g., credit card numbers)
2. medical or personal health information
3. personally identifiable information (PII)
4. intellectual property
most common causes / actors data breach
- an accidental insider
e.g., an employee using a co-worker’s computer
& accessing files without having proper authorization,
NO information is leaked outside the company
e.g., an employee fooled into disclosing data to a
malicious actor – information leaked outside … - a malicious insider
e.g., an employee purposely accesses and/or shares
data with the intent of causing harm to an individual
or company – may have legitimate authorization - a malicious outsider
e.g., a hacker uses various attack vectors to gather
information from a network or an individual (e.g.,
finds vulnerability in a server, gains access to net., …)
