Presentation on theme: "Computer security Hackers and Viruses"— Presentation transcript:
1Computer security Hackers and Viruses Sruthi SamudralaTejaswi Mamillapalli
2Computer Security: OUTLINE: IntroductionGoals of computer securityCryptographyOverviewTypes of cryptographyDiffie-Hellman Algorithm
3DefinitionComputer security is the protection of computers and data that computer hold.This can be anything from placing passwords on computers to setting up firewalls
4Goals of computer security: Three important aspects of any computer – related system:ConfidentialityIntegrityAutentication
5Confidentiality -- Ensuring that information is not accessed by unauthorized persons Integrity -- Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users Authentication -- Ensuring that users are the persons they claim to be
6How can we achieve security? cryptographySecure networksAntivirus softwareFirewalls
7Cryptography: Derived from greek word kryptos meaning hidden Defined as the process of writing or reading secret messages or codesIncludes techniques such as microdots, merging words with images and other ways to hide information
8Cont…Now a days cryptography is most often associated with scrambling Plaintext ( ordinary text ) into Ciphertext(encrypted text) a process called encryption,then back again known as decryption.
9Bob , Alice want to communicate “securely” Trudy(intruder) may intercept,delete,add messages.
11Types of cryptography Symmetric-key cryptography: Symmetric key encryption is a cryptography technique that uses a shared secret key to encrypt and decrypt dataIt is also referred to as conventional encryption or single key encryption.It was the only encryption in use prior to the development of public key encryption in 1976
13Problems with symmetric key encryption Too many keysIf there are n people communicating with each other, we would need to distribute n(n−1) symmetric keys between them .This creates a problem with managing and ensuring the security of all this keys.Origin and authenticity of message cannot be guarantedSince sender and receiver use the same key,messages cannot be verified to have come from a particular user.This may be a problem if there is dispute
14Public key cryptography Diffie and Hellman at stanford university in 1976 achieved and astounding breakthrough with a method that adressed both problems in symmetric key encryption.Each person gets a pair of keys, called the public key and the private key.Each person's public key is published while the private key is kept secret. Messages are encrypted using the intended recipient's public key and can only be decrypted using his private key.
16Transaction between Alice and Bob Secrecy: let KUa,KRa (KUb,KRb) be Alice’s(Bob’s) public and private keys respectively.If Alice has to send Bob an m bit message X = x1x xm, then she encrypts it using Bob’s public key to form the ciphertext Y = KUb(X).Ciphertext = publickey of Bob(message)When Bob receives the cipher- text, he decrypts it using his private key, i.e., X = KRb(Y ) = KRb(KUb(X)) = X.
18AutenticationSuppose Alice wants to sign a message X to be sent to Bob she encrypts it using her private key, i.e., Y = KRa(X).When Bob gets this message from Alice, he can ensure that it came from her by decrypting it using Alice’s public key (to which he has access) to recover the plaintext X , i.e. X = K Ua (Y ).since Alice alone has access to her private key, she alone could have sent the message.
20Secrecy and Authentication If one needs confidentiality as well as authentication, then Alice first signs the plaintext X using her private key to obtain X′ = KRa(X).she then encrypts it using Bob’s public key to obtain the ciphertext Y = Kub(X′) = KUb(KRa(X)) (note the order of the two operations) and sends Y to Bob.Bob first decrypts it using his private key to obtain X′, i.e. X′ = KRb(Y ); he then verifies that it was indeed sent by Alice by decrypting it using Alice’s public key to obtain X = KUa(X′) = KUa(KRb(Y )).
22Diffie-Helman Algorithm Diffie-helman algorithm a specific method of exchanging cyptographic keys.2. Diffie-Helman is a way of generating a shared secret between two people in such a way that the secret can't be seen by observing the communication.You're not sharing information during the key exchange, you're creating a key together.
31Hackers and viruses Outline 1.Hackers Introduction History Types of hackersCommon attacks2.VirusesViruses affecting turing machineVirus detectionTypes of hackersHackers access your internetSome attacksintroductionviruse
32DefinitionHacking is a technical effort to manipulate the normal behaviour of network connections and connected systems.“Hacking” referred to constructive, clever technical work that was not necessarily related to computer systems.Hackers are most commonly associated with malicious programming attacks on the internet and other networks.
33HistoryM.I.T engineers in 1960’s first popularized term and concept of hacking.Starting at the model train club and later in the main frame computer rooms, the so called “Hacks” perpetrated by these hackers were intended to be harmless technical experiments and fun learning activities.Outside of M.I.T other began applying the term to less honorable pursuits before internet became popular several hackers experimented with methods to modify telephone for making free distance calls.As internet exploded in popularity, data networks became most common target of hackers.
34Types of hackers White hat breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software.Black hata black hat hacker who violates computer security for little reason beyond maliciousness or for personal gain . Black hat hackers break in to secure networks to destroy data or make the network unusable for those who are authorized to use the network.
35Cont…Grey hata gray hat hackers is a combination of a black hat and a white hat hacker. A grey hacker may surf the internet and hack in to a computer system for the sole purpose of notifying the administrator that their system has a security defectEx: then they may offer to correct the defect for a fee.Script kiddiea script kiddie is some one who looks out to exploit vulnerability with not so much as trying to gain access to administrative or root access to the system , However achieving it nonetheless and enjoying the enormous consequential implications thereof which might be worth over millions to affected party.
36Cont… Crackers Carder’s Are the people aiming to create software tools that make it possible to attack computer systems or crack the copy protection of use-fee software. A crack is therefore an executable program created to modify the original software to as to remove its protection.Carder’sMainly attack chip card systems (particularly bank cards)to understand how they work and to exploit their flaws. The term carding refers to chip card piracy.
37Hackers access your internet In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks.Today we have about 10,000 incidents of cyber attacks which are reported and the number grows.
38Cont… Once inside hackers can.. Modify logs Steal files Modify files To cover their tracksTo mess with youSteal filesSometimes destroy after stealingA pro would steal and cover their tracks so to be undetectedModify filesTo let you know they were thereTo cause mischiefInstall back doorsSo they can get in againAttack other systems
39Common Attacks Spoofing Definition: Types of Spoofing: An attacker alters his identity so that some one thinks he is some one else, User ID, IP Address, …Attacker exploits trust relation between user and networked machines to gain access to machinesTypes of Spoofing:IP Spoofing:SpoofingWeb Spoofing
42Email spoofing Definition: Types of Email Spoofing: Attacker sends messages masquerading as some one elseWhat can be the repercussions?Types of Spoofing:Create an account with similar addressA message from this account can perplex the studentsModify a mail clientAttacker can put in any return address he wants to in the mail he sendsTelnet to port 25Most mail servers use port 25 for SMTP. Attacker logs on to this port and composes a message for the user
43Web spoofing Basic Man-in-the-Middle Attack URL Rewriting Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.comMan-in-the-Middle AttackAttacker acts as a proxy between the web server and the clientAttacker has to compromise the router or a node through which the relevant traffic flowsURL RewritingAttacker redirects web traffic to another site that is controlled by the attackerAttacker writes his own web site address before the legitimate linkTracking StateWhen a user logs on to a site a persistent authentication is maintainedThis authentication can be stolen for masquerading as the user
44Denial of service (DOS) Definition:Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it.Types:Crashing the system or networkSend the victim data or packets which will cause system to crash or reboot.Exhausting the resources by flooding the system or network with informationSince all resources are exhausted others are denied access to the resourcesDistributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks
45virusesVirus is a small piece of program that can infect other programs by modifying them to include a copy of itself.This gives rise to the definition of a viral set , the elements of which produce other elements of the set upon execution.
46Viruses affecting turing machines Cohen uses a Turing machine model where each virus in a viral set produces an element of the set on some part of the TM tape outside of the original virus speciﬁcation.Formally, a viral set is a pair (M;V) where M is a TM andV is a set of viruses written as strings in the tape alphabet of M: When M (in its start state) reads v € V; it writes a string 𝑣 , € V somewhere else on its tape.
47Viruses affecting turing machine The notion of viral infection is associated with following attributes :A trojan component, since an infected program behaves in an unwanted manner under some conditions;A dormancy component , as the infection may conceal it-self.An infective component, since infected programs are destined to infect other programs.
48Cont.. Cohen’s undecidability results show that: There is no algorithm that can detect all viruses, some infected files may be detected as infected (false positive) or no answer may be returned.There is no algorithm (TM) that can decide if one virus evolves into another.Other results include that there are viruses for which no error-free detection algorithm exists (undetectable computer viruses)
49Virus detectionGiven a known computer virus V, consider the problem of detecting an infection by V.The most straightforward approach to solving this problem is just to scan incoming messages by <V>.But virus can easily evade this technique by altering their text in ways that have no effect on computation that V performs.For example, source code could be modified to add blanks in meaningless places or to add leading 0’s to numbers.
50Cont..Executable code could be modified by adding jump instructions to the next instruction.So the practical virus detection problem can be stated as “Given a known virus V and an input message M”, does M contain the text of a program that computes the same thing V computes?We know the equivalence question is undecidable for turing machines, using that the equivalence question for arbitrary programs is also undecidable.
51Cont…So, we can’t solve the virus problem by making a list of known viruses and comparing new code to them. Suppose that, instead of making a list of forbidden operations, we allowed users to define a “white list” of the operations that are to be allowed to be run on their machines.Then the job of a virus filter is to compare incoming code to the operations on the white list.Any code that is equivalent to some allowed operation can be declared safe. But now we have EXACTLY THE SAME PROBLEM. No test for equivalence exists.