introduction to security chuan-kai yang. outline trojan horse, virus and worm attacks &...
TRANSCRIPT
Introduction to Security
Chuan-kai Yang
Outline Trojan horse, virus and worm Attacks & preventions Cryptography Steganography
Trojan Horse A malicious program that masquerades as one
thing, but circumvents your security in secret Example: game, screen saver, instant
messenger or MP3 player When you run a such a program, that program
has access to anything you do, i.e. read/write your files, create network connections, send emails, attempt to break into other machines, and run any arbitrary commands.
Trojan Horse Delivery Friends Usenet posts/ Webs Email attachments Security fixes Security tests
Virus Viruses are similar to Trojan horse in
that they do something to or on your machine that you don’t want them to, without your knowledge or permission
A Trojan horse is simply a stand-alone program that cannot propagate itself
Neither viruses nor Trojan horses can infect outside machines
Virus ABC Type
TSR (Terminate and Stay Resident) Files
Infected media Boot record, FAT, Partition table Files
Ways to get infected Booting with floppy disk and
executing infected programs/applets
Virus Syndromes Nothing wrong (dormant) Undesired effects (demos) Slowing down Wasting system resources
(memory, directories and files) Damaging of file systems Damaging of hardware
Worm A worm is a program that can
infect both the local machine and remote machines
It usually spreads itself from machine to machine over a network by attacking or using other network programs or by using file-sharing capability of computer
A Hybrid Form Melissa virus is in fact a hybrid of all
three: Trojan, virus and worm. First it pretended to be an email (as a
Trojan) Then it infected your local work
processing files (as a virus) And it used an security hole in Outlook to
propagate itself too all the people in your address book (as a worm)
Attacks Hacking and cracking Physical attack Password cracking Booting, executables and applets OS and software holes/backdoors Buffer overflow/overrun Packet sniffing/eavesdropping Cookies DOS and DDOS
Hackers versus Crackers Malicious or not The spirit of open
standards/documentations
Physical Attacks Impersonation Console rebooting
Password Cracking There are tools for cracking
Malicious Forgetting password
Encrypted password files Good or bad passwords? Password lifetime
Booting / Running Programs
Booting with affected floppies/CDRoms
Running unknown programs/applets
OS/Software Breaches Finger/FTP/mail… Software backdoors (hotkeys,
commands) Faking interfaces
Why does NT boot up with “CTL-ALT-DEL”?
Buffer Overrun Using address out of array bounds Making function calls but the
arguments are out of bounds
Packet Sniffing/Eavesdropping
Copy and relaying Interception
Stealing important information (e.g. passwords)
Faking / impersonation
Cookies For personalization and
customization Risks
DOS and DDOS Denial of Service
Paralyze a system by reserving too many resources
Spoofing Prevention: global cooperation
Distributed Denial of Service More difficult to analyze/trace the
attackers
Preventions Always be suspicious Hardware protection Run executables with certification Booting option selection Passwords protection Software/OS updating/patching Firewall/packet filter
Fire Wall A firewall disrupts free communication
between trusted and un-trusted networks, attempting to manage information flow and restrict dangerous free access.
Example of Firewall Rules Allow internal users to access
external www servers, but not allow external users to access our intranet server
This means the firewall needs to know two things: The application being connected to The direction of the conversation
Applications of Firewall Packet filter Proxy server
Cryptography Basic concepts Public/secret keys Digital signature Conventional cryptography Certification authority
Cryptography ABC Cryptography is the science of secret writing.
A cipher is a secret method of writing, where by plaintext (cleartext) is transformed into a ciphertext.
The process of transforming plaintext into ciphertext is called encipherment or encryption.
The reverse process of transforming ciphertext into plaintext is called decipherment or decryption.
Encryption and decryption are controlled by cryptographic keys.
Secrete Writing
Encryption
Decryption
Plaintext Ciphertext Key
Attacks against Ciphers Cryptanalysis is the science and study of method
s of breaking ciphers. A cipher is breakable if it is possible to determin
e the plaintext or key from the ciphertext, or to determine the key from plaintext-ciphertext pairs.
Attacks Ciphertext-only attack Known-plaintext attack Chosen-plaintext attack
Cryptographic Systems A cryptographic system has five componen
ts: A plaintext message space, M A ciphertext message space, C A key space, K A familiy of enciphering transformations
Ek:MC A family of deciphering transformations
Dk:CM
Cryptographic Systems (cont.)
Cryptosystem requirements: Efficient enciphering/deciphering Systems must be easy to use The security of the system depends only
on the keys, not the secrecy of E or D
M Ek C Dk M
plaintext plaintextciphertext
Dk(Ek(M))=M ,for a key k
Secure Cipher Unconditionally secure
A cipher is unconditionally secure if no matter how much ciphertext is intercepted, there is not enough information in the ciphertext to determine the plaintext uniquely.
Computationally secure A cipher is computationally infeasible to b
reak.
Secrecy Requirement It should be computationally infeasible t
o systematically determine the deciphering transformation Dk from intercepted C, even if corresponding M is known.
It should be computationally infeasible to systematically determine M from intercepted C.
Ek C Dk MM
Mdisallowed
Authentication Requirement
It should be computationally infeasible to systematically determine the enciphering transformation Ek given C, even if corresponding M is known.
It should be computationally infeasible to systematically find C’ such that Dk(C’) is a valid plaintext in M.
Ek C Dk MM
Mdisallowed
protected
Key-distribution cryptosystem
• Encrypting & decrypting are closely tied together.
• The sender and the receiver must agree on the use of a common key before any message transmission takes place.
• A safe communication channel must
exist between sender and receiver
Message Source
PEncryption
CDecryption
PReceiver
Secure key transmission
Public-key Cryptosystem
In a public key cryptosystem, each participant is assigned a pair of inverse keys E and D.
Different functions are used for enciphering and deciphering, one of the two keys can be made public, provided that it is impossible to generate one key from the other.
E can be made public, but D is kept secret. The normal key transmission between senders and
receivers can be replaced by an open directory of enciphering keys, containing the keys E for all participants.
Message Source
PEncryption
CDecryption
PReceiver
Key source 1Ek
Key source 2Dk
Using Public-Key Cryptosystem to Transfer
Messages Secretly When a person A wishes to send a message to
a person B, the receiver’s enciphering key EB is used to generate the ciphertext EB(m). Since the key EB is freely available, anyone can then encipher a message destined for B. However, only the receivers B with access to the decipher key DB can regenerate the original text by performing the inverse transform DB(EB(m)).
Digital Signature Security Integrity Authentication Non-repudiation
Using Public-key Systems to Implement Digital
Signatures
1. A signs m by computing c=DA(m)2. B validates A’s signature by checking E
A(c) =m3. A dispute can be judged by checking wh
ether EA(c) restores M in the same ways as B.
Requirements: Dk(Ek(m))=Ek(Dk(m))=m
Secrecy and Authenticity in A Public-Key System
EA(DB(C))=EA(DB(EB(DA(M))))
=EA(DA(M))
=M
DA(m)=S EB(S)=C DB(C)=S EA(S)=mm m
Transformations applied by sender
Transformations applied by receiver
Conventional Cryptosystems
Using substitution transform and permutation transform Substitution Ciphers Running Key Ciphers Transposition Ciphers
(Permutation ciphers)
Substitution Ciphers Replace bits, characters, or blocks
of characters with substitutes. Example: Caesar cipher
which shift each letter in the English forward by K positions (shifts past Z cycle back to A)
A simple substitution cipher is easy to solve by performing a frequency analysis.
Running Key Ciphers
The security of a substitution cipher generally increases with the key length. In a running key cipher, the key length is equal to the plaintext message.(not using a fixed key alphabet) E.g. use the text in a book as the key sequence.
The cipher may be breakable by Friedman’s method based on the observation that both plaintext and key letters are high frequency ones in natural language.
Permutation Ciphers Rearrange bits or characters in the data.
What is the key? Attacks: frequency analysis of characters.
INFORMATION TECHNIQUES FOR IPR
I R I T N E R N O M T O E H I U S O I R F A N C Q F P
IRITNERNOMTOEHIUSOIRFANCQFP
CA (Certification Authority) A certification authority is a trusted
organization that will "sign" and verify a digital certificate, and thus vouch for the certificate owner's identity-allowing for trusted, secure e-Commerce between (known and unknown) parties.
Steganography Example Digital watermarking Data hiding concepts Hiding data in an image
Steganography Example 連天烽火漫無邊 楚河漢界戰國天 戰事綿延滿人間 瑜亮情節非等閑 是該英雄出頭時 也怨老天未眷顧 豬羊變色任我顛 是非總有清曉年
加霜覆雪麻煩牽 一木生子帶頭尖 上無宮闕難成仙 共謀天下劃兩邊 阿蒙今已非比昔 三分藍袍破家門 扁擔欲撐半邊天 隻手遮天禍人間
Digital Watermarking What is it? What is it for?
Copyright Ownership
What properties does it need? Not visible Secure Robustness
Data Hiding It is different from cryptography Could be used together with
cryptography Typical implementation
hiding in the details Cover media
Text, image, sound…
Hiding Data in an Image The resulting images after inserting
noise into the least significant bits
Original 1 bit 2 bits 3 bits
4 bits 5 bits 6 bits 7 bits