Introduction%20to%20Information%20Security

1
Introduction to Information Security
Spring 2012
2
Outline

• Introduction
• Attacks, services and mechanisms
• Security threats and attacks
• Security services
• Methods of Defense
• A model for Internetwork Security
• Internet standards and RFCs

3
Introduction
Goal Information Security
Services
Computer Security
Network Security
Automated tools for protecting info on the
computer
Measures to protect data during
their transmission on the network
4
Security Trends
Smart Phone Attack
DDoS to DNS 2003
BotNet Attack 2009
5
Whats is Computer Security?

• A computer is secure if you can depend on it and
  its software to behave as you expect.
  Garfinkel and Spafford, 1991.
• Computer security is preventing attackers from
  achieving objectives through unauthorized access
  or use of computers and networks. John D.
  Howard, 1995.
• Computer security is measures and controls that
  ensure confidentiality, integrity, availability
  of information systems. American National
  Standards Institute, Inc. Telecom Glossary 2000.

6
Hacking

• Attack using the vulnerability of protocol
• DoS
• Sniffing
• Session Hijacking
• Spoofing
• Malicious code
• Virus
• Trojan horse
• Back door
• Worm

John Draper, Phone hacker
7
Virus and Worm

• What is Virus?
• Self-replicating code
• Inserts itself into other executable code
• Contains a malicious function, called payload
  (can be empty)
• Native code which infects executable files
• Distribution by Email and File sharing
• Often requires a trigger from a user
• e.g. execute infected application
• Virus is often used as a collective term for
  malware

8
Trojan Horse

• A destructive program that masquerades as a
  benign application. Unlike viruses, Trojan horses
  do not replicate themselves but they can be just
  as destructive.
• A Trojan horse can be deliberately attached to
  otherwise useful software by a cracker, or it can
  be spread by tricking users into believing that
  it is a useful program.
• The term comes from the a Greek story of the
  Trojan War between Greek and Troy

9
Virus and Worm

• What is Worm?
• First Internet worm in 1988
• Different to a virus
• Stand-alone program
• Does not infect an application
• Spreads itself through the network automatically
• Usually spread much faster than viruses
• Worms often use exploits to propagate
• SQL Slammer MS SQL Server
• Slapper - Apache/Mod-SSL
• Code Red MS Internet Information Server

10
Attacks, Services and Mechanisms

• Security Attack Any action that compromises the
  security of information.
• Security Mechanism A mechanism that is designed
  to detect, prevent, or recover from a security
  attack.
• Security Service A service that enhances the
  security of data processing systems and
  information transfers. A security service makes
  use of one or more security mechanisms.

11
Security Threats Attacks

• Threats
• A possible danger that might exploit a
  vulnerability given a Circumstance, Capability,
  action, or event to breach security and cause
  harm
• Attacks
• An assault on system security that derives from
  an intelligent threat

12
Security Threats
13
Security Threats

• Interruption This is a threat on availability
• Interception This is a threat on confidentiality
• Modification This is a threat on integrity
• Fabrication This is a threat on authenticity

14
Security Attacks
Passive Attack Attempts to learn or make use
of information from the
system, but no affect on
system resources - Release of message
contents - Traffic analysis Active Attack
Attempts to data system resources or
affect their operations - Masquerade -
Replay - Modification of message - Denial of
service 2003.1.25 Internet Chaos, 2007.7.7/
2011.3.3 DDoS Attack
15
Release of Message Contents
Sensitive or confidential info needs to be
prevented from an opponent who will learn the
contents of the there transmissions
Darth
Read contents of message from Bob to Alice
Internet orother comms facility
Bob
Alice
16
Traffic Analysis
If the contents of msgs are masked or protected
by encryption, and opponent might still be able
to observe the pattern of msgs, such as
source and dest of communicating hosts,
frequency and length of msgs being exchanged.
Darth
Observe pattern ofmessages from Bobto Alice
Internet orother communications facility
Bob
Alice
17
Masquerade
Taking place when one entity pretends to be a
different entity Enabling an authorized entity
with few privileges to obtain extra privileges
by impersonating an entity that has those
privileges.
Darth
Read contents of message from Bob to Alice
Internet orother comms facility
Bob
Alice
18
Replay attack
The passive capture of a data unit and its
subsequent retransmission to produce an
unauthorized effect.
Darth
Capture message fromBob to Alice laterreplay
message to Alice
Internet orother comms facility
Bob
Alice
19
Modification of Message
Some portion of legitimate msg altered, delayed,
or reordered to produce an unauthorized effect.
Darth
Darth modifiesmessage from Bobto Alice
Internet orother comms facility
Bob
Alice
20
Denial of Service
The normal use of communications facilities
prevented or inhibited, such as Suppressing
all msgs directed to a particular dest. The
disruption of an entire network by disabling
the network The degradation of performance
by overloading it with msgs
21
An Architecture of DDoS Attack
Daemon
Master
Daemon
Daemon
Daemon
Daemon
Real Attacker
Victim
22
Security Service

• A service that is provided by a protocol layer of
  communicating open system and that ensures
  adequate security of the systems or of data
  transfer
• Security services implement security policies and
  are implemented by security mechanisms
• Classification of the services
• Authentication - Data Integrity
• Access control - Nonrepudiation
• Data confidentiality - Availability

23
Authentication

• This service is concerned with assuring that a
  communication is authentic
• Data origin authentication (in the case of a
  single message)
• The function of the authentication service is to
  assure the recipient that the message is from the
  original source.
• No service on duplication or modification.
• Peer entity authentication (in a
  connection-oriented transmission i.e TCP)
• At the time of connection initiation, the service
  assures that the two entities are authentic
• On the way of transmissions, the service assures
  that the connection is not interfered by a third
  party to masquerade as one of the entities.

24
Access Control

• The prevention of unauthorised use of a resource
• In the context of network security, this service
  is the ability to limit and control the access to
  host systems and applications via communications
  links.
• Each entity must be identified or authenticated
  then, access rights can be tailored to the
  individual.

25
Data Confidentiality

• The protection of transmitted data from passive
  attacks.
• Types of data confidentiality
• Connection confidentiality (all user data on a
  connection)
• Connectionless confidentiality (all user data in
  a single msg.)
• Selective field confidentiality (specific fields
  within a use data)
• Traffic-flow confidentiality (information for
  traffic flow)

26
Data Integrity

• To provide the assurance that the received data
  are exactly the same as the data transmitted by
  an authorised entity.
• ? no modification, insertion, deletion, or
  replay
• A connection-oriented / connectionless integrity
  service
• Connection-oriented deals with a stream of
  messages assures no duplication, alteration, or
  replays on the messages.
• Connectionless deals with individual messages
  may provide protection on data modification
• Integrity service with / without recovery
• The automated recovery mechanism is more
  attractive.

27
Nonrepudiation

• To prevent either sender or receiver from denying
  a transmitted message.
• Origin (sender) Proof that the message was sent
  by the specified party.
• Destination (receiver) Proof that the message
  was received by the specified party.

28
Availability

• Provides the normal use of a system or system
  resource
• Addresses the security concerns raised by
  denial-of-service attack.

29
Security Mechanisms

• Specific Security Mechanisms
• Implemented in a specific protocol layer.
• Pervasive Security Mechanisms
• Not specific to any particular protocol layer or
  security service.

30
A Model for Network Security
Trusted third party (e.g., arbiter,
distributer of secret information)
Informationchannel
Security-relatedtransformation
Security-relatedtransformation
SecureMessage
Message
SecureMessage
Message
Secretinformation
Secretinformation
Opponent
31
(No Transcript)
32
Methods of Defence

• Encryption
• Software Controls (access limitations in a data
  base, in operating system protect each user from
  other users)?
• Hardware Controls (smartcard)?
• Policies (frequent changes of passwords)?
• Physical Controls

33
Summary

• We deals with
• security trends
• Security attacks such as passive attacks and
  active attacks
• Security services such as authentication, access
  control, data confidentiality, data integrity,
  nonrepudiation and availability service
• A model for network security including Opponent,
  Access Channel, Gatekeeper Function and
  Information System

34
Outline of the Course

• This chapter serves as an introduction to the
  entire course. The remainder of the book is
  organized into three parts
• Part One Provides a concise survey of the
  cryptographic algorithms and protocols underlying
  network security applications, including
  encryption, hash functions, digital signatures,
  and key exchange.
• Part Two Examines the use of cryptographic
  algorithms and security protocols to provide
  security over networks and the Internet. Topics
  covered include user authentication, e-mail, IP
  security, and Web security.
• Part Three Deals with security facilities
  designed to protect a computer system from
  security threats, including intruders, viruses,
  and worms. This part also looks at firewall
  technology.