Computer security Hackers and Viruses

advertisement
Computer security
Hackers and Viruses
Sruthi Samudrala
Tejaswi Mamillapalli
Computer Security:
OUTLINE:
Introduction
Goals of computer security
Cryptography
•
Overview
• Types of cryptography
• Diffie-Hellman Algorithm
Definition
 Computer security is the protection of
computers and data that computer
hold.This can be anything from placing
passwords on computers to setting up
firewalls
Goals of computer security:
 Three important aspects of any computer –
related system:
1. Confidentiality
2. Integrity
3. Autentication
Confidentiality -- Ensuring that information is not
accessed by unauthorized persons
Integrity -- Ensuring that information is not
altered by unauthorized persons in a way that is
not detectable by authorized users
Authentication -- Ensuring that users are the
persons they claim to be
How can we achieve
security?
• cryptography
• Secure networks
• Antivirus software
• Firewalls
Cryptography:
 Derived from greek word kryptos meaning
hidden
 Defined as the process of writing or reading
secret messages or codes
 Includes techniques such as microdots,
merging words with images and other ways
to hide information
Cont…
• Now a days cryptography is most often
associated with scrambling Plaintext (
ordinary text ) into Ciphertext(encrypted
text) a process called encryption,then back
again known as decryption.
Bob , Alice want to communicate “securely”
Trudy(intruder) may intercept,delete,add
messages.
In language of cryptography
Types of cryptography
 Symmetric-key cryptography:
Symmetric key encryption is a
cryptography technique that uses a shared
secret key to encrypt and decrypt data
It is also referred to as conventional encryption
or single key encryption.
It was the only encryption in use prior to the
development of public key encryption in 1976
Cont…
Problems with symmetric key
encryption
1. Too many keys
• If there are n people communicating with each other, we would
need to distribute n(n−1) symmetric keys between them .
This creates a problem with managing and ensuring the
security of all this keys.
2. Origin and authenticity of message cannot be guaranted
• Since sender and receiver use the same key,messages cannot be
verified to have come from a particular user.This may be a
problem if there is dispute
Public key cryptography
• Diffie and Hellman at stanford university in 1976 achieved and
astounding breakthrough with a method that adressed both
problems in symmetric key encryption.
• Each person gets a pair of keys, called the public key and the
private key.
• Each person's public key is published while the private key is
kept secret. Messages are encrypted using the intended
recipient's public key and can only be decrypted using his
private key.
Public key encryption
.
Transaction between Alice and Bob
Secrecy:
• let KUa,KRa (KUb,KRb) be Alice’s(Bob’s) public and private
keys respectively.
• If Alice has to send Bob an m bit message X = x1x2 . . . xm,
then she encrypts it using Bob’s public key to form the
ciphertext Y = KUb(X).
Ciphertext = publickey of Bob(message)
• When Bob receives the cipher- text, he decrypts it using his
private key, i.e., X = KRb(Y ) = KRb(KUb(X)) = X.
Secrecy
.
Autentication
• Suppose Alice wants to sign a message X to be sent to Bob she
encrypts it using her private key, i.e., Y = KRa(X).
• When Bob gets this message from Alice, he can ensure that it
came from her by decrypting it using Alice’s public key (to
which he has access) to recover the plaintext X , i.e. X = K Ua
(Y ).
• since Alice alone has access to her private key, she alone could
have sent the message.
Autentication
.
Secrecy and Authentication
• If one needs confidentiality as well as authentication, then
Alice first signs the plaintext X using her private key to obtain
X′ = KRa(X).
• she then encrypts it using Bob’s public key to obtain the
ciphertext Y = Kub(X′) = KUb(KRa(X)) (note the order of the
two operations) and sends Y to Bob.
• Bob first decrypts it using his private key to obtain X′, i.e. X′
= KRb(Y ); he then verifies that it was indeed sent by Alice by
decrypting it using Alice’s public key to obtain X = KUa(X′) =
KUa(KRb(Y )).
Secrecy and Authentication
.
Diffie-Helman Algorithm
1. Diffie-helman algorithm a specific method of exchanging
cyptographic keys.
2. Diffie-Helman is a way of generating a shared secret between
two people in such a way that the secret can't be seen by
observing the communication.
You're not sharing information during the key exchange,
you're creating a key together.
Idea of the key exchange by using
colors
Algorithm
Alice and Bob agree upon and make public two
numbers g and p, where p is a prime and g is
number between {2,….,p-2}
[a={0,….,p-1}]
[b={0,….,p-1}]
Cont…
Cont…
Cont…
Cont…
Cont…
Cont…
Hackers and viruses
Outline
1.Hackers
• Introduction
• History
• Types of hackers
• Common attacks
2.Viruses
• Introduction
• Viruses affecting turing machine
• Virus detection
Definition
• Hacking is a technical effort to manipulate the normal
behaviour of network connections and connected
systems.
• “Hacking” referred to constructive, clever technical work
that was not necessarily related to computer systems.
• Hackers are most commonly associated with malicious
programming attacks on the internet and other networks.
History
• M.I.T engineers in 1960’s first popularized term and concept
of hacking.
• Starting at the model train club and later in the main frame
computer rooms, the so called “Hacks” perpetrated by these
hackers were intended to be harmless technical experiments
and fun learning activities.
• Outside of M.I.T other began applying the term to less
honorable pursuits before internet became popular several
hackers experimented with methods to modify telephone for
making free distance calls.
• As internet exploded in popularity, data networks became most
common target of hackers.
Types of hackers
 White hat
breaks security for non-malicious reasons, perhaps to test
their own security system or while working for a security
company which makes security software.

Black hat
a black hat hacker who violates computer security for little
reason beyond maliciousness or for personal gain . Black hat
hackers break in to secure networks to destroy data or make the
network unusable for those who are authorized to use the
network.
Cont…
• Grey hat
a gray hat hackers is a combination of a black hat and a
white hat hacker. A grey hacker may surf the internet and hack in
to a computer system for the sole purpose of notifying the
administrator that their system has a security defect
Ex: then they may offer to correct the defect for a fee.
•
Script kiddie
a script kiddie is some one who looks out to exploit
vulnerability with not so much as trying to gain access to
administrative or root access to the system , However achieving
it nonetheless and enjoying the enormous consequential
implications thereof which might be worth over millions to
affected party.
Cont…
• Crackers
Are the people aiming to create software tools that make it
possible to attack computer systems or crack the copy protection
of use-fee software. A crack is therefore an executable program
created to modify the original software to as to remove its
protection.
• Carder’s
Mainly attack chip card systems (particularly bank cards)
to understand how they work and to exploit their flaws. The term
carding refers to chip card piracy.
Hackers access your internet
•
In 1988 a "worm program" written by a
college student shut down about 10 percent
of computers connected to the Internet.
This was the beginning of the era of cyber
attacks.
•
Today we have about 10,000 incidents of
cyber attacks which are reported and the
number grows.
Cont…
Once inside hackers can..
• Modify logs
– To cover their tracks
– To mess with you
• Steal files
– Sometimes destroy after stealing
– A pro would steal and cover their tracks so to be
undetected
• Modify files
– To let you know they were there
– To cause mischief
• Install back doors
– So they can get in again
• Attack other systems
Common Attacks
Spoofing
Definition:
An attacker alters his identity so that some one thinks
he is some one else
–
Email, User ID, IP Address, …
–
Attacker exploits trust relation between user and
networked machines to gain access to machines
Types of Spoofing:
1.
2.
3.
IP Spoofing:
Email Spoofing
Web Spoofing
.
.
.
.
Email spoofing
Definition:
Attacker sends messages masquerading as some
one else
What can be the repercussions?
Types of Email Spoofing:
1. Create an account with similar email address
–
Sanjaygoel@yahoo.com: A message from this
account can perplex the students
2. Modify a mail client
–
Attacker can put in any return address he wants to
in the mail he sends
3. Telnet to port 25
–
Most mail servers use port 25 for SMTP. Attacker logs
on to this port and composes a message for the user
Web spoofing
•
•
Basic
–
Man-in-the-Middle Attack
–
–
•
Attacker acts as a proxy between the web server and the
client
Attacker has to compromise the router or a node through
which the relevant traffic flows
URL Rewriting
–
–
•
Attacker registers a web address matching an entity e.g.
votebush.com, geproducts.com, gesucks.com
Attacker redirects web traffic to another site that is
controlled by the attacker
Attacker writes his own web site address before the
legitimate link
Tracking State
–
–
When a user logs on to a site a persistent authentication
is maintained
This authentication can be stolen for masquerading as the
user
Denial of service (DOS)
Definition:
Attack through which a person can render a system unusable
or significantly slow down the system for legitimate users
by overloading the system so that no one else can use it.
Types:
1.
Crashing the system or network
–
2.
Exhausting the resources by flooding the system or
network with information
–
3.
Send the victim data or packets which will cause system to
crash or reboot.
Since all resources are exhausted others are denied access to
the resources
Distributed DOS attacks are coordinated denial of service
attacks involving several people and/or machines to
launch attacks
viruses
• Virus is a small piece of program that can infect
other programs by modifying them to include a
copy of itself.
• This gives rise to the definition of a viral set , the
elements of which produce other elements of the
set upon execution.
Viruses affecting turing machines
• Cohen uses a Turing machine model where each virus in
a viral set produces an element of the set on some part of
the TM tape outside of the original virus specification.
• Formally, a viral set is a pair (M;V) where M is a TM and
V is a set of viruses written as strings in the tape alphabet
of M: When M (in its start state) reads v € V; it writes a
string 𝑣 , € V somewhere else on its tape.
Viruses affecting turing machine
The notion of viral infection is associated with following
attributes :
• A trojan component, since an infected program behaves
in an unwanted manner under some conditions;
• A dormancy component , as the infection may conceal itself.
• An infective component, since infected programs are
destined to infect other programs.
Cont..
Cohen’s undecidability results show that:
• There is no algorithm that can detect all viruses, some
infected files may be detected as infected (false positive)
or no answer may be returned.
• There is no algorithm (TM) that can decide if one virus
evolves into another.
• Other results include that there are viruses for which no
error-free detection algorithm exists (undetectable
computer viruses)
Virus detection




Given a known computer virus V, consider the
problem of detecting an infection by V.
The most straightforward approach to solving this
problem is just to scan incoming messages by
<V>.
But virus can easily evade this technique by
altering their text in ways that have no effect on
computation that V performs.
For example, source code could be modified to add
blanks in meaningless places or to add leading 0’s
to numbers.
Cont..



Executable code could be modified by adding jump
instructions to the next instruction.
So the practical virus detection problem can be
stated as “Given a known virus V and an input
message M”, does M contain the text of a program
that computes the same thing V computes?
We know the equivalence question is undecidable
for turing machines, using that the equivalence
question for arbitrary programs is also
undecidable.
Cont…




So, we can’t solve the virus problem by making a
list of known viruses and comparing new code to
them.
Suppose that, instead of making a list of
forbidden operations, we allowed users to define a
“white list” of the operations that are to be
allowed to be run on their machines.
Then the job of a virus filter is to compare
incoming code to the operations on the white list.
Any code that is equivalent to some allowed
operation can be declared safe. But now we have
EXACTLY THE SAME PROBLEM. No test for
equivalence exists.
Thank you
.
References
• http://www4.ncsu.edu/~kksivara/sfwr4c03/lectures/lecture9.pdf
• http://math.ucsd.edu/~wgarner/research/pdf/diffiehellman_key_exchange.pdf
• http://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
• www.youtube.com
• http://vxheaven.org/lib/pdf/SelfReplicating%20Turing%20Machines%20and%20Computer%20Virus
es.pdf
• Previous slides.
• www.google.com
• http://www.illc.uva.nl/Research/Publications/Reports/MoL-200805.text.pdf
• http://en.kioskea.net/contents/17-introduction-to-attacks
Download