07 Handout 1 - Security and Cryptography PDF
Document Details
Uploaded by ImpeccableRing4005
null
STI
Tags
Summary
This document is a past paper covering security and cryptography topics. It details different types of attacks like network attacks, confidentiality, integrity, and availability issues. The document also explores methods of authentication and related topics.
Full Transcript
IT2006 Security and Cryptography Security Goals and Services (Ibe, 2018 & Forouzan, 2013) Confidentiality is the art of ensuring that data is kept private and accessed only by the intended recipient. It does not only apply to the storage of information, but it also applies to the tr...
IT2006 Security and Cryptography Security Goals and Services (Ibe, 2018 & Forouzan, 2013) Confidentiality is the art of ensuring that data is kept private and accessed only by the intended recipient. It does not only apply to the storage of information, but it also applies to the transmission of information. o It is when we send a piece of information to be stored in a remote computer , or when we retrieve a piece of information from a remote computer, we need to conceal it during transmission. o It is accomplished through encryption. Integrity is the art of ensuring that data is transmitted from source to destination without alteration. It means that changes need to be done only by authorized entities and through authorized mechanisms. o It is accomplished with the use of a digital signature, which is a way to know that an electronic document is legit and authentic. Availability is the information created and stored by an organization that needs to be available to authorized entities. Information is useless if it is not available. Information needs to be constantly changed, which means it must be accessible to authorized entities. Authentication is the process of verifying that the user is exactly who he claims to be. o Single-factor authentication is usually done through the use of passwords or user IDS. o Two-factor authentication is a two-step verification that provides an extra layer of security beyond user ID and password, usually with a software code generator or a hardware-based login key. Network Attacks (Ibe, 2018 & Forouzan, 2013) It is an intrusion on network infrastructure. o The attacker first analyzes the environment and collects information in order to exploit the existing open ports or vulnerabilities. o An attack can be performed either from outside of the organization by an unauthorized entity or from within the company by an “insider” that already has some access to the network. Attacks Threatening Confidentiality Snooping refers to unauthorized access to or interception of data. Traffic Analysis. Although encipherment of data may make it unintelligible for the interceptor, she can obtain some other types of information by monitoring online traffic. Attacks Threatening Integrity Modification. After intercepting or accessing information, the attacker modifies the information to make it beneficial to herself. Masquerading happens when the attacker impersonates somebody else. Replaying. The attacker obtains a copy of a message sent by a user and later tries to replay it. Repudiation. This type of attack is different from others because it is performed by one of the two parties in the communication: the sender or the receiver. Attacks Threatening Availability Denial of Service (DoS) may slow down or totally interrupt the service of a system. Examples of Network Attacks Network sniffing (packet sniffing) is a process of capturing the data packets traveling in the network. It is used by IT professionals to analyze and monitor the traffic to find such things as unexpected suspicious traffic. o It is also used by attackers to collect data sent in clear text that is easily readable. o In this case, the intent is to gather login names and passwords used to access the network. Spoofing is a process by which an intruder masquerades as a trusted user in order to gain unauthorized access to a secure environment. o One of the purposes of spoofing in a corporate environment is to be able to conduct unauthorized business with another company’s clients. o Examples: 07 Handout 1 *Property of STI [email protected] Page 1 of 3 IT2006 ▪ IP address spoofing is a process of creating IP packets with forged source IP address to impersonate a legitimate system. This kind of spoofing is often used in denial -of-service (DoS) attacks. ▪ ARP spoofing is a process of sending fake ARP messages in the network. The purpose of this type of spoofing is to associate the MAC address with the IP address of another legitimate host, causing traffic redirection to the attacker’s system. ▪ DNS spoofing is an attack where the wrong data is inserted into the DNS server cache, causing the DNS server to divert the traffic by returning wrong IP addresses as the results for client queries. Man-in-the-middle (MITM) attack is an attack that involves placing a software agent between the client and server ends before or during a communication session. o With neither party being aware of the presence of the malicious agent, the agent simply relays the data transmissions between client and server as though nothing is happening. o A replay attack is a variation on the man-in-the-middle attack. In this case, an agent is once again placed within the client-server line of communication where it records the transaction data. The express purpose is to allow the data to be modified and replayed to the server at a later time for evil purposes. Denial-of-Service (DoS) is an attack that is aimed at preventing unauthorized users from accessing services on the network. o How does DoS disrupt the network? ▪ A DoS attack can be in the form of flooding the network with invalid data until traffic from authorized network users cannot be processed. ▪ It can also be in the form of disrupting communication between hosts and clients through the modification of system configurations. ▪ It can be in the form of causing physical network destruction, such as crashing a server or router in the network. o An attacker can initiate a DoS attack from multi ple computers or systems. This type of attack is called a distributed denial-of-service attack (DDoS), which is more difficult to deal with than an attack that is initiated from one system. Trojan horse is a program that installs malicious software while under the guise of doing something else. Similar to the mythical Trojan horse, the malicious code is hidden in a computer program or other computer file that may appear to be useful, interesting, or at the very least harmless to an unsuspecting user. When the unsuspecting user executes this computer program or file, the malicious code is also executed, resulting in the installation of the malicious Trojan horse program. Session hijacking refers to the exploitation of a valid computer to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. Phishing is an attack in which the attacker attempts to fraudulently acquire sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity in a communication session. It is typically carried out by e-mail or instant messaging and often directs users to give details on a website. Cryptography Terminologies (Ibe, 2018) Encryption is a method of concealing information from a recognizable text into encrypted form. o Encryption transforms readable text, called plaintext (or cleartext), into an unintelligible form, called ciphertext, using an encryption algorithm. o The purpose of an encryption algorithm is to scramble a message so that it remains secure even if the ciphertext is transmitted over a nonsecure medium. The process of recovering a plaintext from its ciphertext is called decryption. A system that encrypts and decrypts information is called a cryptosystem. o The art of creating and using cryptosystems is called cryptography, while the art of breaking encrypted messages (usually by intruders) is called cryptanalysis. o The study of cryptography and cryptanalysis is called cryptology. 07 Handout 1 *Property of STI [email protected] Page 2 of 3 IT2006 Cryptographic Systems (Ibe, 2018) Both encryption and decryption use a key, in which in the cryptographic sense, is a long string of characters that permits a cryptosystem to encrypt or decrypt information in a distinct way. Symmetric Cryptosystems Figure 1. Example of a Symmetric Cryptosystem. o The same key is used for encryption and decryption. o Both the originator and the recipient of a message must know the key, which is either known to the recipient through some prior arrangement or communicated in parallel with the ciphertext. Public-Key Cryptosystems (or Asymmetric Cryptosystems) Figure 2. Example of an Asymmetric Cryptosystem. o A public-key cryptosystem uses one key (public-key) for encryption and another key (private-key) for decryption. Each user is assigned a pair of unique and mathematically related keys: a public key and a private key. o The private key is a secret key that is available only to the owner, and the public key i s published. References: Forouzan, B. (2013). Data communications and network. McGraw-Hill. Ibe, O. (2018). Fundamentals of data communication networks (1 st ed.). Wiley & Sons, Inc. Simply Explained. (2017, October 30). Asymmetric Encryption – Simply explained [Video]. YouTube. https://www.youtube.com/watch?v=AQDCe585Lnc 07 Handout 1 *Property of STI [email protected] Page 3 of 3