Jul 26, 2011 - Malware/Malicious Software. â Self â replicating. â Attempts to propagate by creating new copies or
CRYPTOGRAPHY & NETWORK SECURITY
Prof. Chittaranjan Pradhan Asst. Professor, School of Computer Engineering, KIIT University, BBSR
Principles of Security
• • • • • •
Confidentiality Authentication Integrity Non Repudiation Access Control Availability
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
Confidentiality It refers to the secrecy of information.
Interception (Loss of confidentiality)
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
Authentication It helps in establishing proof of identities.
Fabrication (Absence of Authentication)
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
Integrity The message must travel without any alternation
Replaced info
intercept
Modification (Loss of Integrity)
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
Non- Repudiation It doesn’t allow the sender of a message to refute the claim of not sending that message.
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
Access Control/Authorization • It determines who should be able to access what. • Role Management • User side
• Rule Management • Resource side
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
Availability It states that resources should be available to the authorized parties at all the times.
Cut wire lines, Jam wireless signals, Drop packets,
Interruption (Absence of Availability) 7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
Theoretical Attacks • Passive attacks • Passive attacks are harder to detect.
• Interception • Release of message contents/Snooping • Traffic analysis
• Active attacks • Fabrication, Modification, Interruption • • • •
7/26/2011
Masquerade/Fabrication/Spoofing Replay Alteration Denial of service/Interruption Prof. Chittaranjan Pradhan, SCE, KIIT University
Practical Attacks • Application level Attacks • Happen at application level in the sense that the attacker attempts to access, modify or prevent access to information of a particular application or to the application itself.
• Network level Attacks • Aim at reducing the capabilities of a network by a no. of possible means. • Generally make an attempt to either slow down or completely bring to halt, a computer network.
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
Malware/Malicious Software – Self – replicating – Attempts to propagate by creating new copies or instances of itself.
– Population growth – No. of malware instances due to self-replication.
– Parasitic – Requires other executable programs/ codes in order to exist. Malware that doesn’t self replicate will always have a 0(zero) population growth; but, malware with a 0 population growth may self-replicate. 7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
1. LOGIC BOMB • Self- replicating: No • Population Growth: ZERO • Parasitic: Possibly
Payload: action to perform Trigger: Boolean condition which controls the payload for executing legitimate code if date is Friday the 13th: crash_computer() legitimate code
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
2. TROJAN HORSE • Self- replicating: NO • Population Growth: Zero • Parasitic: YES
Allows an attacker to obtain some confidential information about a computer or a network Silently observes user actions and captures confidential information Example: Password Grabbing Login Program
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
Login program
User
User Id: xxx Password: yyy
Login code … Login code …
Login program User
User Id: xxx Password: yyy
Login code … Trojan horse Login code …
User Id: xxx Password: yyy
Attacker
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
3. BACK DOOR • Self- replicating: NO • Population Growth: Zero • Parasitic: Possibly Mechanism which bypasses a normal security check Generally created by programmers for debugging
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
username-= read_username() username-= read_username() password= read_password() password= read_password() if username and password are valid: if username is “133th4ck0r”: return ALLOW_LOGIN return ALLOW_LOGIN else: if username and password are valid: return DENY_LOGIN return ALLOW_LOGIN else: return DENY_LOGIN •Advantages Users may deliberately install these to access a work computer from home
RAT: allows a computer to be monitored and controlled remotely •Disadvantages
If Malware surreptiously installs a RAT on a computer, then it opens up a back door into that machine 7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
4. VIRUS • Self- replicating: YES • Population Growth: Positive • Parasitic: YES
Program that causes damage to other programs/applications/data Fred Cohen is called father of computer virus Virus can propagate within a computer, or may travel from one computer to another through floppy disk, CD-Roms, DVD-Roms or Pen Drives Virus don’t propagate via computer network
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
def virus(): infect() if trigger() is true: payload() Add x to y Perform Print-Job Perform Close-Job End
(a) Original clean code
7/26/2011
Add x to y Perform Print-Job Perform Virus-Job Perform Close-Job End
(b) Virus infected code
Prof. Chittaranjan Pradhan, SCE, KIIT University
Delete all files Send a copy of myself to all using this users address book Return
(c) Virus code
Phases of a Virus • Dormant phase • Virus is idle
• Propagation phase • Virus copies itself and each copy starts creating more copies of itself
• Triggering phase • Dormant phase virus moves into this phase when the action/event for which it was waiting is initiated
• Execution Phase • Actual work of the virus, which could be harmless or destructive
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
VIRUS Types •
Parasitic Virus: attaches itself to an executable file in order to
•
Memory- Resident Virus: attaches itself to an area in the main
•
Boot Sector Virus: infects the MBR of the disk and spreads on the disk
•
Stealth Virus: hides its tracks after infecting the computer. Ex: Frodo,
•
Polymorphic Virus: changes its characteristics with each infection,
•
Metamorphic Virus: in addition to changing its signature, it keeps
•
Macro Virus: infects the macros within a document or template. Ex:
propagate
memory and then infects every executable program that is executed
when the o. s. starts booting the computer. Ex: Form, Disk Killer, Stone Joshi, Whale
making its detection more difficult. Ex: Involuntary, Stimulate, Phoenix rewriting itself every time, making the detection even harder DMV, Nuclear, Word Concept
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
Dealing with VIRUS
7/26/2011
Detection
Locate where the virus is.
Identification
Identify the virus.
Removal
Remove all traces, restore order.
Prof. Chittaranjan Pradhan, SCE, KIIT University
5. WORM • • •
Self- replicating: YES Population Growth: Positive Parasitic: NO
Doesn’t perform any destructive actions and instead, only consumes system resources to bring it down. Worms are standalone and don’t rely on other executable code Worms spread from machine to machine across the network def worm(): propagate() if trigger() is true: payload() 7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
6. Rabbit • • •
Self – Replicating: Yes Population Growth: Positive Parasitic: NO
Multiplies rapidly Tries to consume all of the system resources like hard disk. Ex: Fork Bomb
Special type of worm Rarely seen in practice
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
7. Spyware • • •
Self – Replicating: NO Population Growth: Zero Parasitic: NO
•
Software that collects information from a computer and transmits it to someone else.
Username & Password. Ex: key logger Email addresses for spammers Bank account & credit card no Software license key, pirated software
Spyware arrives on a computer by: Bundled with other software that the user installs Visiting Web pages 7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
8. Adware • • •
Self – Replicating: NO Population Growth: Zero Parasitic: NO
More marketing focused May popup advertisements May redirect a user’s web browser to certain web sites May also gather and transmit information about users which can be used for marketing purposes
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
9. Spam •
Spam is flooding the internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it.
•
Most spam is commercial advertising, often for dubious products, get-richquick schemes or quasilegal services.
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University
7/26/2011
Prof. Chittaranjan Pradhan, SCE, KIIT University