cryptography & network security - Google Groups

CRYPTOGRAPHY & NETWORK SECURITY

Prof. Chittaranjan Pradhan Asst. Professor, School of Computer Engineering, KIIT University, BBSR

Principles of Security

• • • • • •

Confidentiality Authentication Integrity Non Repudiation Access Control Availability

7/26/2011

Prof. Chittaranjan Pradhan, SCE, KIIT University

Confidentiality It refers to the secrecy of information.

Interception (Loss of confidentiality)

7/26/2011


Authentication It helps in establishing proof of identities.

Fabrication (Absence of Authentication)

7/26/2011


Integrity The message must travel without any alternation

Replaced info

intercept

Modification (Loss of Integrity)

7/26/2011


Non- Repudiation It doesn’t allow the sender of a message to refute the claim of not sending that message.

7/26/2011


Access Control/Authorization • It determines who should be able to access what. • Role Management • User side

• Rule Management • Resource side

7/26/2011


Availability It states that resources should be available to the authorized parties at all the times.

Cut wire lines, Jam wireless signals, Drop packets,

Interruption (Absence of Availability) 7/26/2011


Theoretical Attacks • Passive attacks • Passive attacks are harder to detect.

• Interception • Release of message contents/Snooping • Traffic analysis

• Active attacks • Fabrication, Modification, Interruption • • • •

7/26/2011

Masquerade/Fabrication/Spoofing Replay Alteration Denial of service/Interruption Prof. Chittaranjan Pradhan, SCE, KIIT University

Practical Attacks • Application level Attacks • Happen at application level in the sense that the attacker attempts to access, modify or prevent access to information of a particular application or to the application itself.

• Network level Attacks • Aim at reducing the capabilities of a network by a no. of possible means. • Generally make an attempt to either slow down or completely bring to halt, a computer network.

7/26/2011


Malware/Malicious Software – Self – replicating – Attempts to propagate by creating new copies or instances of itself.

– Population growth – No. of malware instances due to self-replication.

– Parasitic – Requires other executable programs/ codes in order to exist. Malware that doesn’t self replicate will always have a 0(zero) population growth; but, malware with a 0 population growth may self-replicate. 7/26/2011


1. LOGIC BOMB • Self- replicating: No • Population Growth: ZERO • Parasitic: Possibly

 Payload: action to perform  Trigger: Boolean condition which controls the payload for executing legitimate code if date is Friday the 13th: crash_computer() legitimate code

7/26/2011


2. TROJAN HORSE • Self- replicating: NO • Population Growth: Zero • Parasitic: YES

 Allows an attacker to obtain some confidential information about a computer or a network  Silently observes user actions and captures confidential information  Example: Password Grabbing Login Program

7/26/2011


Login program

User

User Id: xxx Password: yyy

Login code … Login code …

Login program User


Login code … Trojan horse Login code …


Attacker

7/26/2011


3. BACK DOOR • Self- replicating: NO • Population Growth: Zero • Parasitic: Possibly  Mechanism which bypasses a normal security check  Generally created by programmers for debugging

7/26/2011


username-= read_username() username-= read_username() password= read_password() password= read_password() if username and password are valid: if username is “133th4ck0r”: return ALLOW_LOGIN return ALLOW_LOGIN else: if username and password are valid: return DENY_LOGIN return ALLOW_LOGIN else: return DENY_LOGIN •Advantages Users may deliberately install these to access a work computer from home

RAT: allows a computer to be monitored and controlled remotely •Disadvantages

If Malware surreptiously installs a RAT on a computer, then it opens up a back door into that machine 7/26/2011


4. VIRUS • Self- replicating: YES • Population Growth: Positive • Parasitic: YES

 Program that causes damage to other programs/applications/data  Fred Cohen is called father of computer virus  Virus can propagate within a computer, or may travel from one computer to another through floppy disk, CD-Roms, DVD-Roms or Pen Drives  Virus don’t propagate via computer network

7/26/2011


def virus(): infect() if trigger() is true: payload() Add x to y Perform Print-Job Perform Close-Job End

(a) Original clean code

7/26/2011

Add x to y Perform Print-Job Perform Virus-Job Perform Close-Job End

(b) Virus infected code


Delete all files Send a copy of myself to all using this users address book Return

(c) Virus code

Phases of a Virus • Dormant phase • Virus is idle

• Propagation phase • Virus copies itself and each copy starts creating more copies of itself

• Triggering phase • Dormant phase virus moves into this phase when the action/event for which it was waiting is initiated

• Execution Phase • Actual work of the virus, which could be harmless or destructive

7/26/2011


VIRUS Types •

Parasitic Virus: attaches itself to an executable file in order to

•

Memory- Resident Virus: attaches itself to an area in the main

•

Boot Sector Virus: infects the MBR of the disk and spreads on the disk

•

Stealth Virus: hides its tracks after infecting the computer. Ex: Frodo,

•

Polymorphic Virus: changes its characteristics with each infection,

•

Metamorphic Virus: in addition to changing its signature, it keeps

•

Macro Virus: infects the macros within a document or template. Ex:

propagate

memory and then infects every executable program that is executed

when the o. s. starts booting the computer. Ex: Form, Disk Killer, Stone Joshi, Whale

making its detection more difficult. Ex: Involuntary, Stimulate, Phoenix rewriting itself every time, making the detection even harder DMV, Nuclear, Word Concept

7/26/2011


Dealing with VIRUS

7/26/2011

Detection

Locate where the virus is.

Identification

Identify the virus.

Removal

Remove all traces, restore order.


5. WORM • • •

Self- replicating: YES Population Growth: Positive Parasitic: NO

 Doesn’t perform any destructive actions and instead, only consumes system resources to bring it down.  Worms are standalone and don’t rely on other executable code  Worms spread from machine to machine across the network def worm(): propagate() if trigger() is true: payload() 7/26/2011


6. Rabbit • • •

Self – Replicating: Yes Population Growth: Positive Parasitic: NO

 Multiplies rapidly  Tries to consume all of the system resources like hard disk. Ex: Fork Bomb

 Special type of worm  Rarely seen in practice

7/26/2011


7. Spyware • • •

Self – Replicating: NO Population Growth: Zero Parasitic: NO

•

Software that collects information from a computer and transmits it to someone else.

   

Username & Password. Ex: key logger Email addresses for spammers Bank account & credit card no Software license key, pirated software

 Spyware arrives on a computer by:  Bundled with other software that the user installs  Visiting Web pages 7/26/2011


8. Adware • • •

Self – Replicating: NO Population Growth: Zero Parasitic: NO

 More marketing focused  May popup advertisements  May redirect a user’s web browser to certain web sites  May also gather and transmit information about users which can be used for marketing purposes

7/26/2011


9. Spam •

Spam is flooding the internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it.

•

Most spam is commercial advertising, often for dubious products, get-richquick schemes or quasilegal services.

7/26/2011


7/26/2011
