cryptography & network security - Google Groups

2 downloads 184 Views 508KB Size Report
Jul 26, 2011 - Malware/Malicious Software. – Self – replicating. – Attempts to propagate by creating new copies or
CRYPTOGRAPHY & NETWORK SECURITY

Prof. Chittaranjan Pradhan Asst. Professor, School of Computer Engineering, KIIT University, BBSR

Principles of Security

• • • • • •

Confidentiality Authentication Integrity Non Repudiation Access Control Availability

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Confidentiality It refers to the secrecy of information.

Interception (Loss of confidentiality)

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Authentication It helps in establishing proof of identities.

Fabrication (Absence of Authentication)

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Integrity The message must travel without any alternation

Replaced info

intercept

Modification (Loss of Integrity)

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Non- Repudiation It doesn’t allow the sender of a message to refute the claim of not sending that message.

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Access Control/Authorization • It determines who should be able to access what. • Role Management • User side

• Rule Management • Resource side

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Availability It states that resources should be available to the authorized parties at all the times.

Cut wire lines, Jam wireless signals, Drop packets,

Interruption (Absence of Availability) 7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Theoretical Attacks • Passive attacks • Passive attacks are harder to detect.

• Interception • Release of message contents/Snooping • Traffic analysis

• Active attacks • Fabrication, Modification, Interruption • • • •

7/26/2011

Masquerade/Fabrication/Spoofing Replay Alteration Denial of service/Interruption Prof. Chittaranjan Pradhan, SCE, KIIT University

Practical Attacks • Application level Attacks • Happen at application level in the sense that the attacker attempts to access, modify or prevent access to information of a particular application or to the application itself.

• Network level Attacks • Aim at reducing the capabilities of a network by a no. of possible means. • Generally make an attempt to either slow down or completely bring to halt, a computer network.

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Malware/Malicious Software – Self – replicating – Attempts to propagate by creating new copies or instances of itself.

– Population growth – No. of malware instances due to self-replication.

– Parasitic – Requires other executable programs/ codes in order to exist. Malware that doesn’t self replicate will always have a 0(zero) population growth; but, malware with a 0 population growth may self-replicate. 7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

1. LOGIC BOMB • Self- replicating: No • Population Growth: ZERO • Parasitic: Possibly

 Payload: action to perform  Trigger: Boolean condition which controls the payload for executing legitimate code if date is Friday the 13th: crash_computer() legitimate code

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

2. TROJAN HORSE • Self- replicating: NO • Population Growth: Zero • Parasitic: YES

 Allows an attacker to obtain some confidential information about a computer or a network  Silently observes user actions and captures confidential information  Example: Password Grabbing Login Program

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Login program

User

User Id: xxx Password: yyy

Login code … Login code …

Login program User

User Id: xxx Password: yyy

Login code … Trojan horse Login code …

User Id: xxx Password: yyy

Attacker

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

3. BACK DOOR • Self- replicating: NO • Population Growth: Zero • Parasitic: Possibly  Mechanism which bypasses a normal security check  Generally created by programmers for debugging

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

username-= read_username() username-= read_username() password= read_password() password= read_password() if username and password are valid: if username is “133th4ck0r”: return ALLOW_LOGIN return ALLOW_LOGIN else: if username and password are valid: return DENY_LOGIN return ALLOW_LOGIN else: return DENY_LOGIN •Advantages Users may deliberately install these to access a work computer from home

RAT: allows a computer to be monitored and controlled remotely •Disadvantages

If Malware surreptiously installs a RAT on a computer, then it opens up a back door into that machine 7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

4. VIRUS • Self- replicating: YES • Population Growth: Positive • Parasitic: YES

 Program that causes damage to other programs/applications/data  Fred Cohen is called father of computer virus  Virus can propagate within a computer, or may travel from one computer to another through floppy disk, CD-Roms, DVD-Roms or Pen Drives  Virus don’t propagate via computer network

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

def virus(): infect() if trigger() is true: payload() Add x to y Perform Print-Job Perform Close-Job End

(a) Original clean code

7/26/2011

Add x to y Perform Print-Job Perform Virus-Job Perform Close-Job End

(b) Virus infected code

Prof. Chittaranjan Pradhan, SCE, KIIT University

Delete all files Send a copy of myself to all using this users address book Return

(c) Virus code

Phases of a Virus • Dormant phase • Virus is idle

• Propagation phase • Virus copies itself and each copy starts creating more copies of itself

• Triggering phase • Dormant phase virus moves into this phase when the action/event for which it was waiting is initiated

• Execution Phase • Actual work of the virus, which could be harmless or destructive

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

VIRUS Types •

Parasitic Virus: attaches itself to an executable file in order to



Memory- Resident Virus: attaches itself to an area in the main



Boot Sector Virus: infects the MBR of the disk and spreads on the disk



Stealth Virus: hides its tracks after infecting the computer. Ex: Frodo,



Polymorphic Virus: changes its characteristics with each infection,



Metamorphic Virus: in addition to changing its signature, it keeps



Macro Virus: infects the macros within a document or template. Ex:

propagate

memory and then infects every executable program that is executed

when the o. s. starts booting the computer. Ex: Form, Disk Killer, Stone Joshi, Whale

making its detection more difficult. Ex: Involuntary, Stimulate, Phoenix rewriting itself every time, making the detection even harder DMV, Nuclear, Word Concept

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Dealing with VIRUS

7/26/2011

Detection

Locate where the virus is.

Identification

Identify the virus.

Removal

Remove all traces, restore order.

Prof. Chittaranjan Pradhan, SCE, KIIT University

5. WORM • • •

Self- replicating: YES Population Growth: Positive Parasitic: NO

 Doesn’t perform any destructive actions and instead, only consumes system resources to bring it down.  Worms are standalone and don’t rely on other executable code  Worms spread from machine to machine across the network def worm(): propagate() if trigger() is true: payload() 7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

6. Rabbit • • •

Self – Replicating: Yes Population Growth: Positive Parasitic: NO

 Multiplies rapidly  Tries to consume all of the system resources like hard disk. Ex: Fork Bomb

 Special type of worm  Rarely seen in practice

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

7. Spyware • • •

Self – Replicating: NO Population Growth: Zero Parasitic: NO



Software that collects information from a computer and transmits it to someone else.

   

Username & Password. Ex: key logger Email addresses for spammers Bank account & credit card no Software license key, pirated software

 Spyware arrives on a computer by:  Bundled with other software that the user installs  Visiting Web pages 7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

8. Adware • • •

Self – Replicating: NO Population Growth: Zero Parasitic: NO

 More marketing focused  May popup advertisements  May redirect a user’s web browser to certain web sites  May also gather and transmit information about users which can be used for marketing purposes

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

9. Spam •

Spam is flooding the internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it.



Most spam is commercial advertising, often for dubious products, get-richquick schemes or quasilegal services.

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University