cybersecurity and privacy lecture

Download Cybersecurity and Privacy Lecture

Post on 06-May-2015




0 download

Embed Size (px)


What is cybersecurity (or computer security)? The lecture describes the field and tries to answer two questions: How people's privacy can be threaten by computer threats? How can it be threaten by the security mechanisms that help organizations and nations fight cyber security?


  • 1.1Cybersecurity:Technologies and their Impact on PrivacyEran TochThe Minerva Center for Human Rights, The Hebrew University, June 2013

2. 2Eran TochDepartment of IndustrialEngineeringTel Aviv University, Israel 3. My Work3Managing Location PrivacyTemporal Aspects of PrivacyGenerating Automatic Defaults 4. Cyber-Security and Privacy4CyberAttacksCyberSecurity 5. Agenda1. The Context Of Cyber Attacks2. The Attack Model3. The Cyber-security Response5 6. 1. The Context Of CyberAttacks6 7. Cyber Attacks7Actions to penetrate thecomputers or networksof a nation, organizationor a person for thepurposes of causingdamage, disruption or toviolate privacy. 8. Three Questions Who are theattackers? What are the targets? How the attacks arecarried out?8 9. Who Are the Bad Guys?9 10. 10Off-the-shelfHackersSophisticatedHackersMotivations: Cyber Crime Vandalism HactivismMotivations: Cyber Crime Cyber Espionage Cyberwar 11. Where are the Victims?11IBM Security Risk Report: 12. Threats for Electronic Services Disrupting, sabotaging or exploiting electronicservices.12 13. For Example, The Attack on ATMs13 14. Threats for the Computer Network Disrupting the Internet network itself,preventing the ow of communication.14 15. Disrupting the Infrastructure Electricity, water,fuel and nuclearenergy. Air control, trafc,buildinginfrastructure.15 16. But, Apart from Stuxnet... Not many examplesof successfulcyberattacks oninfrastructure. However, physicalinfrastructure isgetting increasinglyconnected.16The Stuxnet Attack, July 2012 17. Threats for Privacy Accessing private information on servers andpersonal devices.17 18. 1. The attack model18 19. Attack Models19 The Internet Architecture Attacks Denial-of-service Trojan horse Phishing Man-in-the-middle Social Network attacks Insiders 20. The Internet ProtocolClientRoutersServer20IP Packet132.66.237.20364.233.160.0209.85.128.0IPAddress 21. Global IP Network21 22. Properties of the Internet Network Multi channels of communication. Anonymity and trustfulness.22 23. First Attack23! 24. Denial-of-Service Attacks Distributed denial-of-service attack (DDoSattack) An attempt to make amachine or networkresource unavailable to itsintended users. Attackers hide themselvesby employing zombies.24 25. Example: The Attack on Spamhaus25 26. Second Attack26 Horses! 27. Trojan Horses Attack A Trojan horse is amalware that appears toperform a desirablefunction but instead dropsa malicious payload Often including abackdoor allowingunauthorized access to thetargets computer.27 28. Example: The Zeus Trojan Malware281. Zeus Trojan sells for $3,000to $4,000 in the black market2. Victims download andinstall the trojan malware3. When victims surf to a selectbank website, it displays a fake site4. The malware steals accountnumbers, Social Security number,usernames and passwords 29. Trojan Horses29 30. Third Attack30! 31. Phishing Attacks In Phishing attacks, the victim receives an email, a text message oranother communication. The link or reference will take the victimto a dummy site.31 32. The Cost Gartner estimates that3.6 million U.S. millionadults lost money inphishing attacks in2007. $3.2 billion was lost tothese attacks.32 33. Fourth Attack33 in the Middle in Mobile 34. Attacks on Mobile Devices Mobile devices generateand store very sensitiveinformation: Our location Voice and video Contacts andcommunications Applications Various sensor data34 35. Man-in-the-middle Attack35MaliciousRouterSensitiveWebsite 36. Man-in-the-Middle + Trojan36MaliciousRouter 37. Fifth Attack37 Network Attack 38. Facebook Botnets How would yourespond to thisFacebook friendrequest? The cyber attack: tobecome your friend. Social engineering canbe used to get close totargeted people.38 39. Social Network Attacks39The Socialbot Network: When Bots Socialize for Fame and Money - Yazan Boshmaf et al, In Proceedings ofACSAC11, 2011.Boshmaf et al. engineered a botnetserver, and measured the rate in whichpeople will fall for the attack. 40. Fifth Attack40 41. Insiders Cybersecurity is turning its eyes to insiderssuch as employees and subcontractors.41 42. The Risk External threats countfor only 47.1% ofperceived risks by ITmanagers. The majority of risk isfrom insiders andfrom managementlimitations.42AlgoSec 2012 Report 43. 2. The cyber-security Response43 44. Cybersecurity Responses44 Organizations andgovernments respond tocyber attacks by: Developing technologies Regulating organizations Educating users and serviceproviders Applying different levels ofmonitoring 45. Israel National Cyber Bureau The Israel National Cyber Bureaucan be seen as a test case forgovernment cybersecurityresponse. The Bureau activities include: Response formulation. Regulation roadmap. Research and development.45 46. Levels of ResponseTechnology, Research and EducationCitizenEducationSmall ServiceProvidersRegulationCivilOrganizationsPolicy and EnforcementGovernmentInternal Procedures 47. All Front Unlike traditional warfare, there is no clearfront. The question of how to regulate civicorganizations and individuals is still open.47 48. Cybersecurity Technologies48 Network Monitoring Syntactic monitoring Semantic monitoring Identication systems Monitoring systems 49. Syntactic Monitoring Tracking the networkcommunication by: Firewalls Proxies Radius servers Monitoring is basedon IP characteristics,such as destination,origin etc.49 50. Syntactic Monitoring and Privacy Sites users visit. Applications used bythe user: Bitorrent. http / https. VOIP. Geographical originsand destinations.50 51. Semantic Monitoring Application rewallslook at the content ofnetworkcommunication. It operates bymonitoring andpotentially blocking theinput, output, andsystem service calls.51 52. What can it Block?52The most comprehensive Web Application threat mitigation SQL injection Cross-site scripting Parameter tampering Hidden field manipulation Session manipulation Cookie poisoning Stealth commanding Backdoor and debug options Geolocation-based blocking Application buffer overflow attacks Brute force attacks Data encoding Unauthorized navigation Gateway circumvention Web server reconnaissance SOAP and Web services manipulation Parameters pollutionImpervaRadwareCitrix 53. State-Wide Monitoring Direct connection tothe networkinfrastructure and toservice providers. Big-Data: Readingeverything, detectingby MachineLearning.53 54. Insiders To battle insidersfrom accessing thedata, organizations: Design procedures fordata access. Track end-userdevices. Track communicationsand traces.54 55. Deep Device Monitoring For example,Trusteer, an IsraeliStartup, providestechnology thatmonitors end-userdevices. Every applicationis scanned for key-logging etc.55 56. Summary56 57. Cyber-Security and Privacy57CyberAttacksCyberSecurity 58. Cyber Attacks Easier to carry out But not necessarily easier to succeed. Increasing threat to privacy. We are all the victims of the Agron 2006 attack. Increasing use of social engineering, personaldevices, human vulnerabilities.58 59. Cyber-Security Deeper and wider monitoring With a chilling effect on privacy. The front is increasingly ubiquitous Government, organizations, companies, services.59Where should be the line betweensecurity and privacy? 60. 60Eran TochDepartment of Industrial EngineeringTel Aviv University, Israel