ITCS310-Week03.pdf

Full Transcript

ITCS 310:
Network Security
WE EK03: COMP UTER S EC URITY CON C EPTS A N D GOA L S
D R. LUBNA FAY EZ
COL LEGE OF I NFORMATION T ECHNOLOGY
Week03: Outline
Security Definition
Security Goals
Security Concepts

2
What is Security?
Oxford Dictionary Definition:
The state of being free from danger or threat
Real-world Security: Protecting valuable things/people
Physical stuff (money, jewelry, cars, etc.)
People
Access to somewhere (parking?)
We think of an item as secure if no one can take it, harm
it, or use it without our permission

3
Computer Security
Only one type of digital asset: Information
Protecting information is hard
Stored on small, portable devices
Can be accessed electronically
The internet has made this even harder

4
What is Cybersecurity?
Used to be the computer security:
Protection of computer systems from harm to the hardware, software
and the data
Cybersecurity is much wider: protection of cyber--physical systems
Including IT security (from personal devices to the cloud)
E--government security,
Industrial control system security,
Connected healthcare security,
Transportation security,
Financial systems security.

5
The Need for Cybersecurity Experts
Qatar is enforcing a cybercrime law and has specialized bodies at MOI,
NCSA
The shortage of cybersecurity experts is projected to be 1.5 million in the
US alone by 2019, to fill various positions such as:
Security analyst
Incident response specialist
Ethical hacking consultant
Forensics expert
Security architect…

6
Privacy
What’s the difference between
privacy and security ?

7
 Security != Privacy

no security no privacy

privacy but not security

8
security but no privacy
 Cyber--security
Is this real ?
Is it possible to break--in my laptop ?
Is it possible to hack my WiFi ?
What about my Facebook account ?
This actually already happened
Yahoo, 500M accounts, 2014
British Airways, 500K accounts, 2015
Invest Bank, 40K accounts, 2016
QNB, 100K accounts, 2016

http://www.informationisbeautiful.net/visualizations/worlds--biggest--data--breaches--hacks/ 9
 Cybersecurity Quick Facts
There were 2,365 cyberattacks in 2023, with 343,338,964 victims
2023 saw a 72% increase in data breaches since 2021, which held the
previous record
Around the world, a data breach cost $4.88 million on average in 2024
Email is the most common vector for malware, with around 35% of malware
delivered via email in 2023
Ninety-four percent of organizations have reported email security incidents
Information security jobs are projected to grow by 32% between 2022 and
2032

https://www.forbes.com/advisor/education/it-and-tech/cybersecurity-statistics/ 10
Most Common Kinds of Cybersecurity Attacks
Phishing:
 the use of text messages, deceptive emails, websites, and other forms of communication
to deceive individuals into downloading malware or divulging sensitive information.
74% of account takeover attacks start with phishing.
The most targeted companies for phishing scams are:
 Microsoft (57%)  Amazon (1.6%)
 Apple (10%)  DHL (0.9%)
 LinkedIn (7%)  Adidas (0.8%)
 Google (6%)  WhatsApp (0.8%)
 Facebook (1.8%)  Instagram (0.7%)

11
Most Common Kinds of Cybersecurity Attacks
Malware
Malware attacks rose by 71% between 2016 and 2021.
Ransomware attacks rose by 74% between 2023 and 2022.
At any given time, 4.1 million sites are infected with malware.
On average, a ransomware attack costs a business $4.91 million.
Seven percent of ransomware attacks resulted in financial loss in 2023,
with a median ransom payment of $10,000.

12
Most Common Kinds of Cybersecurity Attacks
Distributed Denial of Service (DDoS)
A distributed denial of service occurs when attackers use multiple devices
to flood a target system, network or website with a high volume of
traffic. This tactic overwhelms the target’s capacity to handle legitimate
requests, rendering it inaccessible to legitimate users.
On average, Microsoft mitigates 1,700 DDoS attacks daily
Prominent DDoS attack victims include
Amazon Web Services (AWS)
GitHub
Dyn

13
Most Common Kinds of Cybersecurity Attacks
Personal Data Breaches
349,221,481 people were impacted by data breaches in 2023.1
The Consumer Sentinel Network received more than 5.5 million
reports in 2023, consisting of 15:
Fraud (2,606,042 reports)
Identity theft (1,036,955 reports)
Other (1,905,717 reports)

14
Most Common Kinds of Cybersecurity Attacks

15
Security
Goals: C.I.A

16
Security Goals
Confidentiality
Integrity
Availability

17
Security Goals: Confidentiality
Confidentiality is the avoidance of the unauthorized disclosure of
information.
“Keep information secret”: the concealment of information or
resources
Prevent unauthorized reading of data
 Involves the protection of data, providing access for those who are
allowed to see it while disallowing others from learning anything about
its content.

18
Confidentiality

hello

19
Attack on Confidentiality

hello

20
 Tools For Confidentiality: Encryption
Encryption: the transformation of
information using a secret, called an
encryption key, so that the
transformed information can only be
read using another secret, called the
decryption key

21
Tools For Confidentiality: Access Control
Access control: rules and policies
that limit access to confidential
information to those people and/or
systems with a “need to know.”
“need to know” may be
determined by
identity, such as a person’s name
or a computer’s serial number,
a role that a person has, such as
being a manager or a computer
security specialist.

22
Tools For Confidentiality: Authentication
Authentication: the determination
of the identity or role that someone
has.
something the person has (like a
smart card or a radio key
something the person knows (like
a password),
something the person is (like a
human with a fingerprint).

23
Security Goals: Integrity
Refers to the trustworthiness of data or resources in terms of
preventing improper and unauthorized changes.
Prevent unauthorized modification of data

24
Integrity

hello

25
Attack on Integrity

hello bye

26
Tools for Integrity
Ensure the property that information has not be altered in an unauthorized
way.
Tools:
Backups: the periodic archiving of data.
Checksums: the computation of a function that maps the contents of a file
to a numerical value. A checksum function depends on the entire contents
of a file and is designed in a way that even a small change to the input file
(such as flipping a single bit) is highly likely to result in a different output
value.
Data correcting codes: methods for storing data in such a way that small
changes can be easily detected and automatically corrected.

27
Security Goals: Availability
Availability refers to the ability to use the information or resource
desired.
Ensure data is available to authorized people

28
Availability

hello

29
Attack on Availability

hello

30
Tools for Availability
Ensure that information is accessible and modifiable in a timely fashion
by those authorized to do so.
Tools:
Physical protections: infrastructure meant to keep information available
even in the event of physical challenges.
Computational redundancies: computers and storage devices that serve
as fallbacks in the case of failures.
Attack:
Information attack: Denial-of-Service (DoS)
Hardware attack: physical attack, power, link cut…

31
Other
Security
Concept:
A.A.A

32
Other Security Concept
Assurance:
 refers to how trust is provided and managed in computer systems.
 – The degree to which we have confidence that systems are behaving in the
way we expect.
Authenticity
 The receiver can verify the source of the data
 Prevent mimicking the source of the data
Anonymity:
the property for certain records or transactions not to be attributable to
any individual.

33
Authenticity

hello

34
 what
Attack on Authenticity does
it effect
which of
He 3

hello

35
 Anonymity
§Anonymity: the property for certain records or transactions not to be
attributable to any individual.
§Tools:
§ Aggregation: the combining of data from many individuals so that
disclosed sums or averages cannot be tied to any individual.
§ Mixing: the intertwining of transactions, information, or
communications in a way that cannot be traced to any individual.
§ Proxies: trusted agents that are willing to engage in actions for an
individual in a way that cannot be traced back to that person.

36
 Threats, vulnerability and attacks (1/3)
A few definitions:
Asset: entity you want to protect, e.g., your data.

Vulnerability: weakness or gap in the system.

Threat: Anything that can exploit a vulnerability.

37
 Threats, vulnerability and attacks (2/3)
General Example:
Asset: Charlie.

Vulnerability: The leash

Threat: Charlie runs away.

38
 Threats, vulnerability and attacks (3/3)
Cyber--security example:

Asset: Your private photo on your mobile--phone

Vulnerability: Bug on Android/OSX

Threat: Someone aware of the vulnerability can steal your selfies

39
 More examples of threats on assets
Availability Confidentiality Integrity
Equipment is stolen or
disabled, thus denying
Hardware service.

Programs are deleted, An unauthorized copy of A working program is
denying access to users. software is made. modified, either to cause
Software it to fail during execution or to cause it
to do some unintended task.

Files are deleted, denying An unauthorized read Existing files are modified or new files are
access to users. of data is performed. An fabricated.
Data analysis of statistical data
reveals underlying data.

40
About the adversary
The adversary is a malicious entity willing to
perform an illegal action, i.e., violating:

Confidentiality
Integrity
Availability
Authenticity

of a certain asset.

41
About the adversary
§The adversary can be either active or passive.
§Active:
§ He takes an active part in the scenario
§ He corrupts transmitted messages
§ He prevents ongoing communication
§ He injects a virus into a system
§Passive:
§ He is silent and stealthy
§ He eavesdrops the radio communications
§ He logs the messages transmitted in the local network

42
Threats and
Attacks
§Eavesdropping: the
interception of
information intended for
someone else during its
transmission over a
communication channel.

43
Threats and Attacks
Alteration: unauthorized
modification of information.
– Example: the man-in-the-middle
attack, where a network stream
is intercepted, modified, and
retransmitted.

44
 Threats and Attacks
Denial-of-service: the interruption or degradation of a data service
or information access.
 – Example: email spam, to the degree that it is meant to simply
fill up a mail queue and slow down an email server.

Alice
4
5
Threats and Attacks
Masquerading: the fabrication of
information that is purported to be
from someone who is not actually
the author.
§– Or called impersonation

46
 Threats and Attacks
Repudiation: the denial of a commitment or data receipt.
 This involves an attempt to back out of a contract or a protocol
that requires the different parties to provide receipts
acknowledging that data has been received.

18
47
Public domain image from http://commons.wikimedia.org/wiki/File:Plastic_eraser.jpeg
Threats and Attacks
Correlation and traceback: the
integration of multiple data
sources and information flows to
determine the source of a
particular data stream or piece of
information.

BOB

48
Attack Levels of Impacts
Low
Moderate
High
49
Low Impact
The loss has a limited adverse effect on organizational operations,
organizational assets, or individuals.
Organization can perform its primary functions, with a reduced efficiency
minor damage to organizational assets
minor financial loss
minor harm to individuals

50
Moderate Impact - Example
The loss has a serious adverse effect on organizational operations,
organizational assets, or individuals
Organization can perform its primary functions, with a significantly
reduced efficiency and significant degradation
significant damage to organizational assets
significant financial loss
significant harm to individuals but without loss of life or serious, life-
threatening injuries

51
High Impact
The loss has a severe or catastrophic adverse effect on organizational
operations, organizational assets, or individuals
a severe degradation in or loss of mission capability with a duration
The organization is not able to perform one or more of its primary
functions
 Major damage to organizational assets
 Major financial loss
severe or catastrophic harm to individuals:loss of life or serious, life-
threatening injuries

52
OSI Security Architecture
To assess effectively the security needs of an organization and to evaluate
and choose various security products and policies there is a need for:
A systematic way of defining the requirements for security and
characterizing the approaches to satisfying those requirements
OSI Architecture focuses on security attacks, mechanisms, and services
computer and communications vendors have developed security
features for their products and services that relate to OSI structured
definition of services and mechanisms

53
 OSI

Security Security Security
Attacks Mechanisms Services

54
OSI Architecture: Security Attacks
Any action that compromises the security of information owned by an
organization
Active attacks
Masquerade: an entity pretends to be a different entity
Replay: involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect
Alternatim/modification: portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect
The denial of service attack

55
OSI Architecture: Security Attacks
Passive attacks
 Eavesdropping or monitoring of transmission and logging
 Traffic analysis: observe the frequency and length of messages being
exchanged guess the nature of the communication that was taking place
 gather information about the system, network, or devices
 the attacker can’t read the message but only understands the pattern and
length of encryption
Passive attacks are very difficult to detect:
 do not involve any alteration of the data
 traffic is exchanged in a normal fashion, and neither the sender nor the receiver
is aware that a third party has read the messages or observed the traffic pattern

56
OSI Architecture: Security Mechanisms
The approach to identifying any breach of security or attack on the
organization
responsible for protecting a system, network, or device against
unauthorized access, tampering, or other security threats

57
Security Mechanisms (1/2)
use algorithms to transform data into a form that can only be read by someone with
Encryption the appropriate decryption key
used to protect data transmitted over a network, stored on a device.

the use of cryptographic techniques to create a unique, verifiable identifier for a
Digital Signature digital document or message
an ensure of the authenticity and integrity of the document or message

Authentication A mechanism to ensure the identity of an entity using information exchange
Exchange
technique used to add extra data to a network traffic stream to obscure the true
Traffic Padding content of the traffic and make it more difficult to analyze.

58
 Security Mechanisms (2/2)
allows the selection of specific physically secure routes for
Routing Control specific data transmission and enables routing changes

Access Control Rules and policies to enforce access rights to resources

Data Integrity Mechanisms used to assure the integrity of data streams

Notarization The use of a trusted third party to ensure certain properties of a
data exchange

59
OSI Architecture: Security Services
Services available for maintaining the security and safety of an organization
help in preventing any potential risks to security
Use security mechanisms to provide services

60
Security Services (1/2)
the process of verifying the identity of a user or device
Authentication to grant or deny access to a system or device

the use of policies and procedures to determine who is
Access Control allowed to access specific resources within a system.

Data the protection of information from being accessed or
disclosed to unauthorized parties
Confidentiality

61
Security Services (2/2)
the use of techniques to create a verifiable record of
Non- the origin and transmission of a message,
can be used to prevent the sender from denying that
repudiation they sent the message

Data The assurance that data received are exactly as sent by an
authorized entity (contain no modification, insertion,
Integrity deletion, or replay).

62
Fundamental Security Design Principles
not been possible to develop security design and implementation
techniques that systematically exclude security flaws and prevent all
unauthorized actions.
But there is a set of widely agreed design principles

63
Design Principles (1/13):
Economy of Mechanism
The design of security measures for hardware and software should be as simple and
small as possible.
 Small design is easier to test and verify
 The more complex the mechanism, the more likely it is to possess exploitable flaws.
Simple mechanisms tend to have fewer exploitable flaws and require less
maintenance.
Configuration management issues are simplified, updating or replacing a simple
mechanism becomes a less intensive process.
In practice, this is perhaps the most difficult principle to honor
 There is a constant demand for new features in both hardware and software,
complicating the security design task

64
Design Principles (2/13):
Fail-safe Default
access decisions should be based on permission rather than exclusion
The default situation is lack of access, and the protection scheme
identifies conditions under which access is permitted
implementation mistake in a mechanism refusing permission, a safe
situation that can be quickly detected.
Instead of having the default to permit access
implementation mistake in a mechanism  allowing access, a failure
that may long go unnoticed in normal use

65
Design Principles (3/13):
Complete Mediation
Every access must be checked against the access control mechanism
 Systems should not rely on access decisions retrieved from a cache
if access decisions are remembered for future use:
 careful consideration should be given to how changes in authority are propagated
into such local memories
 File access systems appear to provide an example of a system that complies with this
principle
 Yet, once a user has opened a file, no check is made to see if permissions change
 To fully implement complete mediation, every time a user reads a field or record in
a file or a data item in a database, the system must apply access control This
resource-intensive approach is rarely used

66
Design Principles (4/13):
Open Design
The design of a security mechanism should be open rather than secret
Example:
Encryption keys must be secret yet, encryption algorithms should be
open to public scrutiny
 The algorithms can then be reviewed by experts higher confidence for
users

67
Design Principles (5/13):
Separation of Privilege
Multiple privilege attributes are required to achieve access to a restricted resource
 Example: multifactor user authentication, which requires the use of multiple
techniques
 a password and a smart card, to authorize a user
Programs level: divide the program into parts that are limited to the specific
privileges they require to perform a specific task
 Example: removing high-privilege operations to another process and running that
process with the higher privileges required to perform its tasks
 Day-to-day interfaces are executed in a lower-privileged process

68
Design Principles (6/13):
Least Privilege
Every process and every user of the system should operate using the least set of privileges
necessary to perform the task
Example: role-based access control:
 The system security policy can identify and define the various roles of users or processes.
 Each role is assigned only those permissions needed to perform its functions.
Each permission specifies permitted access to a particular resource (such as read and write access
to a specified file or directory)
Unless permission is granted explicitly, the user or process should not be able to access the
protected resource
System programs or administrators who have special privileges should have those privileges only
when necessary
 For ordinary activities the special privileges should be withdrawn
69
Design Principles (7/13):
Least Common Mechanism
The design should minimize the functions shared by different users,
providing mutual security
Helps in reducing the number of unintended communication paths and
reduces the amount of hardware and software on which all users depend
and share
making it easier to verify if there are any undesirable security
implications

70
Design Principles (8/13):
Psychological Acceptability
Security mechanisms should not interfere improperly with the work of users,
while at the same time meeting the needs of those who authorize access
If security mechanisms hinder the usability or accessibility of resources
  then users may opt to turn off those mechanisms
Security mechanisms should be transparent with minimal obstruction
Should not be intrusive or burdensome,
 security procedures must reflect the user’s mental model of protection
 If the protection procedures do not make sense to the user
  the user is likely to make errors.

71
Design Principles (9/13):
Isolation
public access systems should be isolated from critical resources (data,
processes, etc.) to prevent disclosure or tampering.
For information with high sensitivity or criticality organizations may
want to limit the number of systems on which that data is stored and
isolate them, either physically or logically.
Physical isolation may include ensuring that no physical connection exists
between an organization’s public access information resources and an
organization’s critical information
The processes and files of individual users should be isolated from one
another except where it is explicitly desired.

72
Design Principles (10/13):
Encapsulation
specific form of isolation based on object-oriented functionality.
Protection is provided by encapsulating a collection of procedures and
data objects in a domain of its own so that the internal structure of a
data object is accessible only to the procedures of the protected
subsystem, and the procedures may be called only at designated domain
entry points.

73
Design Principles (11/13):
Modularity
development of security functions as separate, protected modules and to
the use of a modular architecture for mechanism design and
implementation
Use of separate security modules instead of developing them
Example:
protocols and applications make use of cryptographic functions instead
of implementing such functions in each protocol or application
The design and implementation effort can then focus on the secure
design and implementation of a single cryptographic module and include
mechanisms to protect the module from tampering.

74
Design Principles (12/13):
Layering
Layering refers to the use of multiple, overlapping protection approaches
addressing the people, technology, and operational aspects of information
systems.
Using multiple, overlapping protection approaches, the failure or
circumvention of any individual protection approach will not leave the
system unprotected.

75
Design Principles (13/13):
Least Astonishment
a program or user interface should always respond in the way that is least
likely to astonish the user
Example, the mechanism for authorization should be transparent enough
to a user that the user has a good intuitive understanding of how the
security goals map to the provided security mechanism.

76
Summary
Security Definitions and concepts
Security Goals
Attacks and Threats
Security Impacts
OSI Security Architecture
Design Principles of a Secure System

77