Presentation on theme: "Professor: Elise de Doncker BY: Lina Hussein. Protection of information from theft or corruption, or the preservation of availability.. Information Transfers."— Presentation transcript:
Professor: Elise de Doncker BY: Lina Hussein
Protection of information from theft or corruption, or the preservation of availability.. Information Transfers Freely through the air. How to secure transmission ?? Unauthorized OR Authorized reception ! Solution => Use Message Encryption& Decryption techniques. ex: Cable T.V
Confidentiality: Who is authorized? Integrity: Is data „good?” Availability: Can one access data whenever needed? Confidentiality Integrity Availability S S = secure
Threats to data in transit: 1)Eavesdropping = overhearing without any extra effort E.g., admin anyway uses s/w to monitor network traffic to manage the network - in this way she effortlessly eavesdrops on the traffic 2)Wiretapping = overhearing with some extra effort Wiretapping technique depends on the communication medium Solution = Cryptography ( Encryption & Decryption)
Remember: There is no solution! Improvement not a Solution Minimizes problems Doesn’t solve them Adds an envelope (encoding) to an open postcard (cleartext)
C = E(P)E – encryption rule/algorithm P = D(C)D – decryption rule/algorithm We need a cryptosystem, where: P = D(C)= D(E(P)) i.e., able to get the original message back plaintextciphertext original plaintext ENCRYPTION ENCODING ENCIPHERING E DECRYPTION DECODING DECIPHERING D PCP
plaintext P ciphertext ENCRYPTION ENCODING ENCIPHERING E C hostile environment ciphertext original plaintext DECRYPTION DECODING DECIPHERING D CP hostile environment Sending a secure message Receiving a secure message
C = E(K E, P) E = set of encryption algorithms / K E selects E i E P = D(K D, C) D = set of decryption algorithms / K D selects D j D Crypto algorithms and keys like door locks and keys We need: P = D(K D, E(K E, P)) ED PCP Encryption Key Decryption Key KEKE KDKD
Substitution ciphers: Letters of P replaced with other letters by E Outline: a. The Caesar Cipher b. Other Substitution Ciphers
The Caesar Cipher Example [cf. B. Endicott-Popovsky] P (plaintext):HELLO WORLD C (ciphertext):khoor zruog Caesar Cipher is a monoalphabetic substitution cipher (= simple substitution cipher)
– Examples Flatten (difuse) somewhat the frequency distribution of letters by combining high and low distributions Example – 2-key substitution: A B C D E F G H I J K L M Key1: a d g j m p s v y b e h k Key2: n s x c h m r w b g l q v N O P Q R S T U V W X Y Z Key1: n q t w z c f i l o r u x Key2: a f k p u z e j o t y d i Question: How Key1 and Key2 were defined?
... Example: A B C D E F G H I J K L M Key1: a d g j m p s v y b e h k Key2: n s x c h m r w b g l q v N O P Q R S T U V W X Y Z Key1: n q t w z c f i l o r u x Key2: a f k p u z e j o t y d i Answer: Key1 – start with ‘a’, skip 2, take next, skip 2, take next letter,... (circular) Key2 - start with ‘n’ (2nd half of alphabet), skip 4, take next, skip 4, take next,... (circular)
Example 1: A B C D E F G H I J K L M Key1: a d g j m p s v y b e h k Key2: n s x c h m r w b g l q v N O P Q R S T U V W X Y Z Key1: n q t w z c f i l o r u x Key2: a f k p u z e j o t y d i Plaintext: TOUGH STUFF Ciphertext: ffirv zfjpm use n (=2) keys in turn for consecutive P chars in P Note: Different chars mapped into the same one: T, O f Same char mapped into different ones: F p, m ‘ f ’ most frequent in C (0.30); in English: f( f ) = 0.02 << f( e ) = 0.13
P Note:Row A – shift 0 (a->a) Row B – shift 1 (a->b) Row C – shift 2 (a->c)... Row Z – shift 25 (a->z)
Example Key: EXODUS Plaintext P: YELLOW SUBMARINE FROM YELLOW RIVER Extended keyword (re-applied to mimic words in P): YELLOW SUBMARINE FROM YELLOW RIVER EXODUS EXODUSEXO DUSE XODUSE XODUS Ciphertext: cbxoio wlppujmks ilgq vsofhb owyyj Question: How derived from the keyword and the Vigenère tableaux?
Example... Extended keyword (re-applied to mimic words in P): YELLOW SUBMARINE FROM YELLOW RIVER EXODUS EXODUSEXO DUSE XODUSE XODUS Ciphertext: cbxoio wlppujmks ilgq vsofhb owyyj Answer: c from P indexes row c from extended key indexes column e.g.: row Y and column e ‘c’ row E and column x ‘b’ row L and column o ‘z’...
Data transmitted is same to data received. I heard from your brothel in NewYork. I heard from your brother in NewYork. ASCII : r => 1110010 l => 1101100 Allow altering messages= undesirable system! System MUST deliver accurate messages. System MUST detect changes in Transmission (Error Detection) mechanism.
5: DataLink Layer5-19 Link Layer Services (more) flow control: – pacing between adjacent sending and receiving nodes error detection: – errors caused by signal attenuation, noise. – receiver detects presence of errors: signals sender for retransmission or drops frame error correction: – receiver identifies and corrects bit error(s) without resorting to retransmission
The ability to detect when a transmission change. Discard message Notify user Message send again Fixing message with out Retransmission => (Error Correction)
5: DataLink Layer5-22 EDC= Error Detection and Correction bits (redundancy) D = Data protected by error checking, may include header fields Error detection not 100% reliable! protocol may miss some errors, but rarely larger EDC field yields better detection and correction otherwise
5: DataLink Layer5-23 Single Bit Parity: Detect single bit errors Two Dimensional Bit Parity: Detect and correct single bit errors 0 0
5: DataLink Layer5-24 Sender: treat segment contents as sequence of 16-bit integers checksum: addition (1’s complement sum) of segment contents sender puts checksum value into UDP checksum field Receiver: compute checksum of received segment check if computed checksum equals checksum field value: – NO - error detected – YES - no error detected. But maybe errors nonetheless? Goal: detect “errors” (e.g., flipped bits) in transmitted packet
5: DataLink Layer5-25 view data bits, D, as a binary number choose r+1 bit pattern (generator), G goal: choose r CRC bits, R, such that – exactly divisible by G (modulo 2) – receiver knows G, divides by G. If non-zero remainder: error detected! – can detect all burst errors less than r+1 bits widely used in practice (Ethernet, 802.11 WiFi, ATM)
5: DataLink Layer5-26 CRC Example Want: D. 2 r XOR R = nG equivalently: D. 2 r = nG XOR R equivalently: if we divide D. 2 r by G, want remainder R R = remainder[ ] D.2rGD.2rG
Security & Integrity of data inside the computer. Less of a Network Problem O.S security Hole User careless behaviour.
PC --->.EXE or.COM MAC---> Resource ONE GOAL..Damage System Security! A peace of code with a collection of instructions attached to an executable file does what the original file was not designed to do!
Viruses Mass Mailing Viruses Macro Viruses “Back Doors” a.k.a. “Remote Access Trojans” Cell phone viruses Home appliance viruses MP3 player viruses Virus A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself; it requires that its host program be run to make the virus active Many kinds of viruses: [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
Request to execute some processes branch Process code DO nothing Usual branch Virus Memory
Process code Memory = Executable file such as an.EXE or.COM
1949 John Von Neumann wrote paper “ Theory and organization of Complicated Data” describe that computer programs could in fact multiply. 1980s computer viruses exist and increase in number and complexity. There for... Elimination Methods started to exist -->> (ANTI VIRUS).
Earlier ---- it was small number of viruses. Anti virus program look for a virus Signature..? (a sequence of bytes corresponding to machine language, contained in the virus ) Later... two things made virus detection harder: 1)More viruses were written. 2)Growth of disk capacity provided more places for virus to hide.
Anti Virus programmers designed their software based on things they noted : Viruses are short length programs They place them self at beginning and end of program. Then S.W focus on searching beginning and end of such files. But... ! was that enough ?
Virus Programmers decided : to hide the virus signature..OR At least disguise it so it wouldn't be recognizable. !!!!! Using Encryption !!!!! EXE Program= (virus code + Signature+ Decryption Algorithm ) Y=Encryption (code+ Signature) X=Decryption Algorithm(Y) = virus program
Anti Virus programmers designed S.W to look for byte patterns common to Decryption algorithms. Problem : (decryption codes are small and similar to legitimate programs) *Q: Is this code.. Decryption algorithm OR simple array task ? for (i=0; i
"name": "Anti Virus programmers designed S.W to look for byte patterns common to Decryption algorithms.",
"description": "Problem : (decryption codes are small and similar to legitimate programs) *Q: Is this code.. Decryption algorithm OR simple array task . for (i=0; i
Virus use different encryption key each time it infect a new file. -->> Virus will look different each time -->> Untraceable !
X-Raying ? each suspected encrypted virus is subjected to a collection of decryption algorithms known to be used with viruses. The decryption result is examined for a virus signature. It was successful ! Until Virus programmers responded !!!!
Polymorphic Virus, a virus that mutates when it infects a new file.( become resistant to treatment= biological virus). Uses a mutation engine to change decryption code each time it infect a new file. No use for Anti virus S.W that detect a certain sequence of bytes from decryption algorithms! Q:So, how to locate a virus without knowing what it looks like ? A:Using Generic Decryption (GD)!
A technique that fools the virus into revealing itself early, before it has a chance to damage. It contains a CPU emulator, when examine the file it execute a software that simulates the execution of the file. If the file contain a virus it will decrypt itself revealing its signature pattern. Even If virus executed there is no harm..its a simulation. Q: What if the file do not contain a virus ? A: Simulator executes specific number of instructions and then, if no virus found..it will terminate at some point.
Unfortunately! Virus is no fool !It can contain all kind of do nothing instructions at the start. Ex: add 0 to the register.. If simulator is short it will miss some viruses ! If its long then = time consuming = and... No winner!!!
First worm in 1988 by Cornell, graduate student released in the Internet. Written in C Attacked Linux OS, thousands of Sun 3 and VAX computers. Same as viruses.. Usually appear as a separate Program.
The worm used a technique called Fingerd ( a software that allows one user to obtain information about other users). Fingerd technique Accept a single line of inputs (request ) and send back output corresponding to the input. Basically: the program input do not check for buffer overflow, then the transmitted message over flow the input buffer and over wrote parts of the system stack!
Worms also attacks password file trying to decipher user password. It simply guesses passwords, encrypted them and find matches using online dictionary!
Exploits security holes in operating systems and determine passwords! A hacker usually is someone who write programs just for the sheer of writing them..
Attack – = exploitation of one or more vulnerabilities by a threat; tries to defeat controls Attack may be: – Successful » resulting in a breach of security, a system penetration, etc. – Unsuccessful » when controls block a threat trying to exploit a vulnerability
Challenge! Game! Still there are many hackers who is proved to be malicious!!!
Who attacks networks? Who are the attackers? We don’t have a name list Who the attackers might be? MOM will help to answer this MOM = Method/Opportunity/Motive Motives of attackers: 1)Challenge/Power 2)Fame 3)Money/Espionage 4)Ideology
1)Attacking for challenge/power Some enjoy intellectual challenge of defeating supposedly undefeatable Successful attacks give them sense of power Not much challenge for vast majority of hackers Just replay well-known attacks using scripts 2)Attacking for fame Some not satisfied with challenge only Want recognition – even if by pseudonym only Thrilled to see their pseudonym in media 3)Attacking for money/espionage Attacking for direct financial gains Attacking to improve competitiveness of ones com/org 7/2002: Princeton admissions officers broke into Yale’s system Attacking to improve competitiveness of ones country Some countries support industrial espionage to aid their own industries (cont.)
Attacking to spy on/harm another country Espionage and information warfare Steal secrets, harm defense infrastructure, etc. Few reliable statistics – mostly perceptions of attacks 1997-2002 surveys of com/gov/edu/org: ~500 responses/yr 38-53% believed they were attacked by US competitor 23-32% believed they were attacked by foreign competitor 4)Attacking to promote ideology Two types of ideological attacks: Hactivism Disrupting normal operation w/o causing serious damage Cyberterrorism Intent to seriously harm Including loss of life, serious economic damage
What about moral objections to harming others? Some believe they’ll cause no harm Some believe that demonstrating system weakness serves public interest (even if there’s some harm) Some don’t have any moral objections They are all wrong!!! There is no harmless attack Harm can be as small as just using targets processor cycles Any mistake can change a harmless attack into a very harmful attack E.g., The Internet (Morris) Worm (1988)
Types of Malicious BehaviourTrapdoors Trojan Horses Hackers Logic Bombs Worms Viruses X Files [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
Virus - A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. Worm - A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. Logic bomb - Malicious [program] logic that activates when specified conditions are met. Usually intended to cause denial of service or otherwise damage system resources. Trapdoor - A hidden computer flaw known to an intruder, or a hidden computer mechanism (usually software) installed by an intruder, who can activate the trap door to gain access to the computer without being blocked by security services or mechanisms. Trojan horse - A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Question: Give 4 different ways the virus can infect computer systems through? Answer :
Answer ”Video” World Wide Web, e-mail, Instant Messaging and file sharing systems (attachments). World Wide Webe-mailInstant Messagingfile sharing
William A. Shay (1993). Understanding Data Communications & Networks. 226-286.