Computer security Hackers and Viruses Sruthi Samudrala Tejaswi Mamillapalli Computer Security: OUTLINE: Introduction Goals of computer security Cryptography • Overview • Types of cryptography • Diffie-Hellman Algorithm Definition Computer security is the protection of computers and data that computer hold.This can be anything from placing passwords on computers to setting up firewalls Goals of computer security: Three important aspects of any computer – related system: 1. Confidentiality 2. Integrity 3. Autentication Confidentiality -- Ensuring that information is not accessed by unauthorized persons Integrity -- Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users Authentication -- Ensuring that users are the persons they claim to be How can we achieve security? • cryptography • Secure networks • Antivirus software • Firewalls Cryptography: Derived from greek word kryptos meaning hidden Defined as the process of writing or reading secret messages or codes Includes techniques such as microdots, merging words with images and other ways to hide information Cont… • Now a days cryptography is most often associated with scrambling Plaintext ( ordinary text ) into Ciphertext(encrypted text) a process called encryption,then back again known as decryption. Bob , Alice want to communicate “securely” Trudy(intruder) may intercept,delete,add messages. In language of cryptography Types of cryptography Symmetric-key cryptography: Symmetric key encryption is a cryptography technique that uses a shared secret key to encrypt and decrypt data It is also referred to as conventional encryption or single key encryption. It was the only encryption in use prior to the development of public key encryption in 1976 Cont… Problems with symmetric key encryption 1. Too many keys • If there are n people communicating with each other, we would need to distribute n(n−1) symmetric keys between them . This creates a problem with managing and ensuring the security of all this keys. 2. Origin and authenticity of message cannot be guaranted • Since sender and receiver use the same key,messages cannot be verified to have come from a particular user.This may be a problem if there is dispute Public key cryptography • Diffie and Hellman at stanford university in 1976 achieved and astounding breakthrough with a method that adressed both problems in symmetric key encryption. • Each person gets a pair of keys, called the public key and the private key. • Each person's public key is published while the private key is kept secret. Messages are encrypted using the intended recipient's public key and can only be decrypted using his private key. Public key encryption . Transaction between Alice and Bob Secrecy: • let KUa,KRa (KUb,KRb) be Alice’s(Bob’s) public and private keys respectively. • If Alice has to send Bob an m bit message X = x1x2 . . . xm, then she encrypts it using Bob’s public key to form the ciphertext Y = KUb(X). Ciphertext = publickey of Bob(message) • When Bob receives the cipher- text, he decrypts it using his private key, i.e., X = KRb(Y ) = KRb(KUb(X)) = X. Secrecy . Autentication • Suppose Alice wants to sign a message X to be sent to Bob she encrypts it using her private key, i.e., Y = KRa(X). • When Bob gets this message from Alice, he can ensure that it came from her by decrypting it using Alice’s public key (to which he has access) to recover the plaintext X , i.e. X = K Ua (Y ). • since Alice alone has access to her private key, she alone could have sent the message. Autentication . Secrecy and Authentication • If one needs confidentiality as well as authentication, then Alice first signs the plaintext X using her private key to obtain X′ = KRa(X). • she then encrypts it using Bob’s public key to obtain the ciphertext Y = Kub(X′) = KUb(KRa(X)) (note the order of the two operations) and sends Y to Bob. • Bob first decrypts it using his private key to obtain X′, i.e. X′ = KRb(Y ); he then verifies that it was indeed sent by Alice by decrypting it using Alice’s public key to obtain X = KUa(X′) = KUa(KRb(Y )). Secrecy and Authentication . Diffie-Helman Algorithm 1. Diffie-helman algorithm a specific method of exchanging cyptographic keys. 2. Diffie-Helman is a way of generating a shared secret between two people in such a way that the secret can't be seen by observing the communication. You're not sharing information during the key exchange, you're creating a key together. Idea of the key exchange by using colors Algorithm Alice and Bob agree upon and make public two numbers g and p, where p is a prime and g is number between {2,….,p-2} [a={0,….,p-1}] [b={0,….,p-1}] Cont… Cont… Cont… Cont… Cont… Cont… Hackers and viruses Outline 1.Hackers • Introduction • History • Types of hackers • Common attacks 2.Viruses • Introduction • Viruses affecting turing machine • Virus detection Definition • Hacking is a technical effort to manipulate the normal behaviour of network connections and connected systems. • “Hacking” referred to constructive, clever technical work that was not necessarily related to computer systems. • Hackers are most commonly associated with malicious programming attacks on the internet and other networks. History • M.I.T engineers in 1960’s first popularized term and concept of hacking. • Starting at the model train club and later in the main frame computer rooms, the so called “Hacks” perpetrated by these hackers were intended to be harmless technical experiments and fun learning activities. • Outside of M.I.T other began applying the term to less honorable pursuits before internet became popular several hackers experimented with methods to modify telephone for making free distance calls. • As internet exploded in popularity, data networks became most common target of hackers. Types of hackers White hat breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. Black hat a black hat hacker who violates computer security for little reason beyond maliciousness or for personal gain . Black hat hackers break in to secure networks to destroy data or make the network unusable for those who are authorized to use the network. Cont… • Grey hat a gray hat hackers is a combination of a black hat and a white hat hacker. A grey hacker may surf the internet and hack in to a computer system for the sole purpose of notifying the administrator that their system has a security defect Ex: then they may offer to correct the defect for a fee. • Script kiddie a script kiddie is some one who looks out to exploit vulnerability with not so much as trying to gain access to administrative or root access to the system , However achieving it nonetheless and enjoying the enormous consequential implications thereof which might be worth over millions to affected party. Cont… • Crackers Are the people aiming to create software tools that make it possible to attack computer systems or crack the copy protection of use-fee software. A crack is therefore an executable program created to modify the original software to as to remove its protection. • Carder’s Mainly attack chip card systems (particularly bank cards) to understand how they work and to exploit their flaws. The term carding refers to chip card piracy. Hackers access your internet • In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks. • Today we have about 10,000 incidents of cyber attacks which are reported and the number grows. Cont… Once inside hackers can.. • Modify logs – To cover their tracks – To mess with you • Steal files – Sometimes destroy after stealing – A pro would steal and cover their tracks so to be undetected • Modify files – To let you know they were there – To cause mischief • Install back doors – So they can get in again • Attack other systems Common Attacks Spoofing Definition: An attacker alters his identity so that some one thinks he is some one else – Email, User ID, IP Address, … – Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: 1. 2. 3. IP Spoofing: Email Spoofing Web Spoofing . . . . Email spoofing Definition: Attacker sends messages masquerading as some one else What can be the repercussions? Types of Email Spoofing: 1. Create an account with similar email address – Sanjaygoel@yahoo.com: A message from this account can perplex the students 2. Modify a mail client – Attacker can put in any return address he wants to in the mail he sends 3. Telnet to port 25 – Most mail servers use port 25 for SMTP. Attacker logs on to this port and composes a message for the user Web spoofing • • Basic – Man-in-the-Middle Attack – – • Attacker acts as a proxy between the web server and the client Attacker has to compromise the router or a node through which the relevant traffic flows URL Rewriting – – • Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com Attacker redirects web traffic to another site that is controlled by the attacker Attacker writes his own web site address before the legitimate link Tracking State – – When a user logs on to a site a persistent authentication is maintained This authentication can be stolen for masquerading as the user Denial of service (DOS) Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. Types: 1. Crashing the system or network – 2. Exhausting the resources by flooding the system or network with information – 3. Send the victim data or packets which will cause system to crash or reboot. Since all resources are exhausted others are denied access to the resources Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks viruses • Virus is a small piece of program that can infect other programs by modifying them to include a copy of itself. • This gives rise to the definition of a viral set , the elements of which produce other elements of the set upon execution. Viruses affecting turing machines • Cohen uses a Turing machine model where each virus in a viral set produces an element of the set on some part of the TM tape outside of the original virus specification. • Formally, a viral set is a pair (M;V) where M is a TM and V is a set of viruses written as strings in the tape alphabet of M: When M (in its start state) reads v € V; it writes a string 𝑣 , € V somewhere else on its tape. Viruses affecting turing machine The notion of viral infection is associated with following attributes : • A trojan component, since an infected program behaves in an unwanted manner under some conditions; • A dormancy component , as the infection may conceal itself. • An infective component, since infected programs are destined to infect other programs. Cont.. Cohen’s undecidability results show that: • There is no algorithm that can detect all viruses, some infected files may be detected as infected (false positive) or no answer may be returned. • There is no algorithm (TM) that can decide if one virus evolves into another. • Other results include that there are viruses for which no error-free detection algorithm exists (undetectable computer viruses) Virus detection Given a known computer virus V, consider the problem of detecting an infection by V. The most straightforward approach to solving this problem is just to scan incoming messages by <V>. But virus can easily evade this technique by altering their text in ways that have no effect on computation that V performs. For example, source code could be modified to add blanks in meaningless places or to add leading 0’s to numbers. Cont.. Executable code could be modified by adding jump instructions to the next instruction. So the practical virus detection problem can be stated as “Given a known virus V and an input message M”, does M contain the text of a program that computes the same thing V computes? We know the equivalence question is undecidable for turing machines, using that the equivalence question for arbitrary programs is also undecidable. Cont… So, we can’t solve the virus problem by making a list of known viruses and comparing new code to them. Suppose that, instead of making a list of forbidden operations, we allowed users to define a “white list” of the operations that are to be allowed to be run on their machines. Then the job of a virus filter is to compare incoming code to the operations on the white list. Any code that is equivalent to some allowed operation can be declared safe. But now we have EXACTLY THE SAME PROBLEM. No test for equivalence exists. Thank you . References • http://www4.ncsu.edu/~kksivara/sfwr4c03/lectures/lecture9.pdf • http://math.ucsd.edu/~wgarner/research/pdf/diffiehellman_key_exchange.pdf • http://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange • www.youtube.com • http://vxheaven.org/lib/pdf/SelfReplicating%20Turing%20Machines%20and%20Computer%20Virus es.pdf • Previous slides. • www.google.com • http://www.illc.uva.nl/Research/Publications/Reports/MoL-200805.text.pdf • http://en.kioskea.net/contents/17-introduction-to-attacks