1. Introduction to Information Security
Spring 2014

2. Outline Introduction Attacks, services and mechanisms
Security threats and attacks
Security services
Methods of Defense
A model for Internetwork Security

3. Introduction Goal Information Security Computer Security Network
Services
Computer
Security
Network
Security
Automated tools
for protecting info
on the computer
Measures to protect
data during their
transmission on the network

4. Security Trends High Low Smart Phone Attack DDoS to DNS 2003
BotNet Attack
2009
Low

5. What’s is “Computer Security”?
“A computer is secure if you can depend on it and its software to behave as you expect.” – Garfinkel and Spafford, 1991.
“Computer security is preventing attackers from achieving objectives through unauthorized access or use of computers and networks.” – John D. Howard,
“Computer security is measures and controls that ensure confidentiality, integrity, availability of information systems.” – American National Standards Institute, Inc. Telecom Glossary 2000.

6. Hacking Attack using the vulnerability of protocol Malicious code DoS
Sniffing
Session Hijacking
Spoofing
Malicious code
Virus
Trojan horse
Back door
Worm
John Draper, Phone hacker

7. Virus and Worm What is Virus? Self-replicating code
Inserts itself into other executable code
Contains a malicious function, called payload (can be empty)
Native code which infects executable files
Distribution by and File sharing
Often requires a trigger from a user
e.g. execute infected application
Virus is often used as a collective term for malware

8. Virus and Worm What is Worm? First Internet worm in 1988
Different to a virus
Stand-alone program
Does not infect an application
Spreads itself through the network automatically
Usually spread much faster than viruses
Worms often use exploits to propagate
SQL Slammer – MS SQL Server
Slapper - Apache/Mod-SSL
Code Red – MS Internet Information Server

9. Trojan Horse
A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive.
A Trojan horse can be deliberately attached to otherwise useful software by a cracker, or it can be spread by tricking users into believing that it is a useful program.
The term comes from the a Greek story of the Trojan War : between Greek and Troy

10. Attacks, Services and Mechanisms
Security Attack: Any action that compromises the security of information.
Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.

11. Security Threats & Attacks
A possible danger that might exploit a vulnerability in given circumstance, capability, and action or event to breach security and cause harm
Attacks
An assault on system security that derives from an intelligent threat

12. Security Threats

13. Security Threats Interruption: This is a threat on availability
Interception: This is a threat on confidentiality
Modification: This is a threat on integrity
Fabrication: This is a threat on authenticity

14. Security Attacks • Passive Attack : Attempts to learn or make use of
information from the system, but no affect on
system resources
- Release of message contents
- Traffic analysis
• Active Attack : Attempts to data system resources or affect their operations
- Masquerade
- Replay
- Modification of message
- Denial of service : Internet Chaos,
/ DDoS Attack

15. Release of Message Contents
Sensitive or confidential information needs to be prevented from an opponent who will learn the contents of the there transmissions
Darth
Read contents of message from Bob to Alice
Internet or other comms facility
Bob
Alice

16. Internet or other communications facility
Traffic Analysis
If the contents of messages are masked or protected by encryption, and opponent might still be able to observe the pattern of messages.
• such as source and destination of communicating hosts,
• frequency and length of messages being exchanged.
Darth
Observe pattern of messages from Bob to Alice
Internet or other communications facility
Bob
Alice

17. Internet or other comms facility
Masquerade
• Taking place when one entity pretends to be a different entity
• Enabling an authorized entity with few privileges to obtain
extra privileges by impersonating an entity that has those
privileges.
Darth
Read contents of message from Bob to Alice
Internet or other comms facility
Bob
Alice

18. Internet or other comms facility
Replay attack
The passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
Darth
Capture message from Bob to Alice; later replay message to Alice
Internet or other comms facility
Bob
Alice

19. Modification of Message
Some portion of legitimate message altered, delayed, or reordered to produce an unauthorized effect.
Darth
Darth modifies message from Bob to Alice
Internet or other comms facility
Bob
Alice

20. Denial of Service
The normal use of communications facilities prevented or inhibited, such as
• Suppressing all messages directed to a particular destination.
• The disruption of an entire network by disabling
the network
• The degradation of performance by overloading it with messages

21. An Architecture of DDoS Attack
Daemon
Master
Daemon
Daemon
Daemon
Daemon
Real Attacker
Victim

22. Security Service
A service that is provided by a protocol layer of communicating open system and that ensures adequate security of the systems or of data transfer
Security services implement security policies and are implemented by security mechanisms
Classification of the services
Authentication - Data Integrity
Access control - Nonrepudiation
Data confidentiality - Availability

23. Authentication
This service is concerned with assuring that a communication is authentic
Data origin authentication (in the case of a single message)
The function of the authentication service is to assure the recipient that the message is from the original source.
No service on duplication or modification.
Peer entity authentication (in a connection-oriented transmission i.e TCP)
At the time of connection initiation, the service assures that the two entities are authentic
On the way of transmissions, the service assures that the connection is not interfered by a third party to masquerade as one of the entities.

24. Access Control The prevention of unauthorised use of a resource
In the context of network security, this service is the ability to limit and control the access to host systems and applications via communications links.
Each entity must be identified or authenticated then, access rights can be tailored to the individual.

25. Data Confidentiality
The protection of transmitted data from passive attacks.
Types of data confidentiality
Connection confidentiality (all user data on a connection)
Connectionless confidentiality (all user data in a single msg.)
Selective field confidentiality (specific fields within a use data)
Traffic-flow confidentiality (information for traffic flow)

26. Data Integrity
To provide the assurance that the received data are exactly the same as the data transmitted by an authorised entity.
※ no modification, insertion, deletion, or replay
A connection-oriented / connectionless integrity service
Connection-oriented : deals with a stream of messages & assures no duplication, alteration, or replays on the messages.
Connectionless : deals with individual messages & may provide protection on data modification
Integrity service with / without recovery
The automated recovery mechanism is more attractive.

27. Nonrepudiation
To prevent either sender or receiver from denying a transmitted message.
Origin (sender): Proof that the message was sent by the specified party.
Destination (receiver): Proof that the message was received by the specified party.

28. Availability Provides the normal use of a system or system resource
Addresses the security concerns raised by denial-of-service attack.

29. Security Mechanisms Specific Security Mechanisms
Implemented in a specific protocol layer.
Pervasive Security Mechanisms
Not specific to any particular protocol layer or security service.

30. A Model for Network Security
Trusted third party (e.g., arbiter, distributer of secret information)
Information channel
Security-related transformation
Security-related transformation
Message
Secure Message
Secure Message
Message
Secret information
Secret information
Opponent

32. Methods of Defence Encryption
Software Controls (access limitations in a data base, in operating system protect each user from other users)‏
Hardware Controls (smartcard)‏
Policies (frequent changes of passwords)‏
Physical Controls

33. Summary We deals with security trends
Security attacks such as passive attacks and active attacks
Security services such as authentication, access control, data confidentiality, data integrity, nonrepudiation and availability service
A model for network security including Opponent, Access Channel, Gatekeeper Function and Information System

34. Outline of the Course
This chapter serves as an introduction to the entire course. The remainder of the book is organized into three parts:
Part One : Provides a concise survey of the cryptographic algorithms and protocols underlying network security applications, including encryption, hash functions, digital signatures, and key exchange.
Part Two : Examines the use of cryptographic algorithms and security protocols to provide security over networks and the Internet. Topics covered include user authentication, , IP security, and Web security.
Part Three : Deals with security facilities designed to protect a computer system from security threats, including intruders, viruses, and worms. This part also looks at firewall technology.