Gefördert durch das Kompetenzzentrenprogramm DI Alfred Wertner 19. September 2014 Ubiquitous Personal Computing © Know-Center 2014 www.know-center.at Security.

Slides:

Advertisements

Similar presentations

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Security+ Guide to Network Security Fundamentals

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Business Data Communications, Fourth Edition Chapter 10: Network Security.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

Cloud Usability Framework

Discovering Computers 2010

PROS & CONS of Proxy Firewall

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

BUSINESS B1 Information Security.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.

Protecting the Player– Information Security Concerns Gus March 21, 2014.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

Privacy Communication Privacy Confidentiality Access Policies Systems Crypto Enforced Computing on Encrypted Data Searching and Reporting Fully Homomorphic.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

Database Security and Data Protection Suseel Pachalla, CISSP.

Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

The information contained in this document is confidential, for internal use only, and may not be distributed outside Ministry of Transport and Communications.

Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.

Security Vulnerabilities in A Virtual Environment

Ingredients of Security

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

Module 7: Designing Security for Accounts and Services.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

KERBEROS SYSTEM Kumar Madugula.

Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.

Information Systems Design and Development Security Precautions Computing Science.

1 Example security systems n Kerberos n Secure shell.

KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.

Wireless security. Submitted To: Er. S.K. Soni [Dy. Head,CSE] Submitted By: Gurjeet Barar CSE Branch IV Year(VII sem) A-2 Batch JODHPUR INSTITUTE OF ENGINEERING.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

Network System Security - Task 2. Russell Johnston.

Security Issues in Information Technology

VIRTUALIZATION & CLOUD COMPUTING

Install AD Certificate Services

Windows Active Directory Environment

Presentation transcript:

gefördert durch das Kompetenzzentrenprogramm DI Alfred Wertner 19. September 2014 Ubiquitous Personal Computing © Know-Center Security Concepts for a Distributed Architecture for Activity Logging and Analysis

© Know-Center Overview  Activity Logging and Analysis  Use case  Privacy concerns  Focus here: prevent unauthorised access  System Architecture  Security analysis  Assets  Vulnerabilities  Attackers  Threats  Security concepts

© Know-Center Activity Logging and Analysis  From data to activity

© Know-Center Activity Logging and Analysis  Use Case: Support Time Management  Help people to reflect on time management issues  Detect „Types of Activity“  E.g. Application Use, Travelling, Communicating, Reading, Writing  Trigger reflection  Show history of activities  Reflection diary

© Know-Center Activity Logging and Analysis  Privacy Concerns  Data is highly sensitive  Need Privacy-Respecting Systems  Privacy-Respecting Systems  Protect user identity  Control what kind of data is collected  Control data collection  Protect against unauthorised access

© Know-Center Activity Logging and Analysis  Privacy Concerns  Data is highly sensitive  Need Privacy-Respecting Systems  Privacy-Respecting Systems  Protect user identity  Control what kind of data is collected  Control data collection  Protect against unauthorised access

© Know-Center System Architecture  Sensors  Log data  From Hardware Sensors  E.g. accelerometer  By itself  E.g. logging foreground windows  Send data to Sensor Hub

© Know-Center System Architecture  Sensors  Sensor Hub  Sensor configuration  Local data storage  Data transmission to server

© Know-Center System Architecture  Sensors  Sensor Hub  Server  Receives data from Sensor Hub, Client Services and Applications  Stores data  Answers requests from Client Services and Applications

© Know-Center System Architecture  Sensors  Sensor Hub  Server  Client Services and Applications  Access/Modify data on the server

© Know-Center Security Analysis  Asset = Data  Vulnerabilities  Physical access  Logical access  Physical access  Log into or steal device  Network cable infrastructure  Logical access  Installation of Malware

© Know-Center Security Analysis  Asset = Data  Vulnerabilities  Physical access  Logical access  Physical access  Log into or steal device  Network cable infrastructure  Logical access  Installation of Malware Who will be attackers with a strong motivation?

© Know-Center Security Analysis - Attackers

© Know-Center Security Analysis - Attackers

© Know-Center Security Analysis - Threats High Risk Threats  By Management  Physical access of victim‘s device  Read/Modify logged data

© Know-Center Security Analysis - Threats High Risk Threats  By Management  Physical access of victim‘s device  Read/Modify logged data  By Management + Sys. Admin.  Physical access of victim‘s device and server  Read/Modify logged data

© Know-Center Security Analysis - Threats High risk Medium risk  By Management + Sys. Admin.  Intercept network communication  More effort to implement  Limited to information sent

© Know-Center Security Analysis - Threats High risk Medium risk  By Management + Sys. Admin.  Intercept network communication  More effort to implement  Limited to information sent  By Management + Sys. Admin.  Intercept communication between sensors and hub  More effort to implement

© Know-Center Security Analysis - Threats High risk Medium risk Low risk  By Cyber Criminal  Malware reads logged data

© Know-Center Security Concepts – Data Collection I  Hub encrypts data prior storing  Using a stream cipher  Initialisation with server‘s public key  Pro‘s  Protects against unauthorised reads  Need only one key pair  Private key resides on the server  Con‘s  User can not edit data locally  No protection against Malware

© Know-Center Security Concepts – Data Collection II  Encrypted storage of data  Use stream cipher  Initialisation with user‘s public key  Pro‘s  Protects against unauthorised reads  User can edit data locally  Con‘s  Security depends on password strength of user‘s private key  No protection against Malware

© Know-Center Security Concepts – Communication  Encrypted data communication  Standard HTTPS  Data Collection I  Authentication at server  Authentication of Sensor Hub  On start up  Prior to sending data

© Know-Center Security Concepts – Server I  Encrypted storage of data  Trusted Platform Module  Pro‘s  High security  Protection against unauthorised reads + Malware  No user interaction for data decryption necessary  Con‘s  Relatively new technology  Harder to implement

© Know-Center Security Concepts – Server II  Encrypted storage of data  Pro‘s  Easier to implement  Con‘s  User interaction required on server start up  No Malware protection