Gerhard Steinke BUS 3620 According to Internetworldstats.com, there are 2,095,006,005 internet users worldwide Steinke 1 It is now unsafe to turn on your computer... Steinke 2 Slammed on All Sides Employee Error Viruses Rogue Insiders Software Bugs Corporate Spies Script Kiddies Web Defacements Denial of Service Network vulnerabilities “SneakerNet” Password Crackers War Drivers Trojans Worms Buffer Overflows Backdoors “Blended Threats” 3 Steinke Confidentiality Protecting information from unauthorized disclosure Integrity Protecting information from unauthorized alternation/destruction Availability Ensuring the availability and access to the information Availability Confidentiality Integrity 4 Internal (authorized users (intentional & unintentional), contract worker, etc.) Hackers (‘script kiddies’ to experts) Industrial Espionage (legal? acceptable in some countries and sometimes government funded) Foreign Espionage Criminal (financial or criminal motivation) Other (terrorists, political activists) Steinke 5 The threat is global The attack sophistication is increasing The skill level required to become a threat is decreasing We live in a “Target Rich” environment Exposure time and response time are critical Steinke 6 Corrupting Information Disclosing Information Stealing Service Denial of Service (preventing the use of IT resources) Viruses, worms File deletion Data tampering (medical & financial), Web page hacks Public release of private data Selling of private or financial data (e.g., stolen charge card numbers) Using site as intermediary for attacks Network flooding Crashing systems or services Steinke 7 Steinke 8 A system which examines network packets entering/leaving an organization and determines whether the packets are allowed to travel ‘through’ the firewall Organization Steinke 9 Steinke 10 attempts to detect/prevent someone breaking into your system running in background and notifies you when… Match Steinke Alarm 11 Can you decrypt these? mfuttubsu cepninotry Steinke 12 Disguising message in order to hide its substance Based in logic and mathematics Confidentiality Authentication Integrity Non-repudiation ◦ Message wasn’t changed ◦ who really sent message? ◦ was message altered? ◦ so sender cannot deny they sent message Steinke 13 Substitution Cipher (13) ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM Transposition Cipher Rearranging all characters in the plaintext Attack: frequency of letters Concealment – hide in text Break Encryption by brute force - try all possible keys key length Steal, bribe, replace encryption software, flaws in system Steinke 14 Hiding information http://www.jjtc.com/Steganography/ http://wwwusers.aston.ac.uk/~papania1/stegano.html S-tools demo Steinke 15 same key for encryption and decryption confidentiality secure key distribution required ◦ otherwise could impersonate sender as well scalability - n users require n*(n-1)/2 keys Steinke 16 Two keys – one encrypts, the other decrypts Public and Private keys generated as a pair Private key for user Public key for distribution Each key decrypts what the other encrypts Confidentiality, integrity, authentication and non-repudiation Intensive computations, slow 17 18 Create hash value / digital fingerprint Provides integrity checking Shorter than original message ◦ Variable length message to fixed length hash value One way function, can’t go back Appended to message Examples: ◦ MD5 - 128 bit hash ◦ SHA - 160 bit, by NIST, NSA in DSS (Digital Signature Standard) 19 Create a hash value Encrypt hash value with your private key Attach to message to be sent Encrypt with recipients public key Send 20 Integrity – Message not changed Authentication - Verify sender identity and message origin Creates non-repudiation Applications: ◦ Used to authenticate software, data, images ◦ Used with electronic contracts, purchase orders ◦ Protect software against viruses 21 Security policy ◦ document security principles Educate users - what and why of security Physical Security Monitor network Passwords Steinke 22 gateway to network access to information on PC power on password, screen saver password encryption password protect files, disk drive erase information when deleting a file Steinke 23 control program change requests require multiple authorizations require full documentation independent testing of changes check with operations before acceptance procedure to handle emergency situations Steinke 24 investigate error messages, reports, alarms monitor communication lines for failures, problems monitor network status for operational, outof-service stations monitor traffic queues for congestion control tapes, disks and other system materials to ensure proper labeling and retention Steinke 25 maintain backup for programs, tapes and other material examine system printouts, program dumps, recovery printouts monitor vendor and maintenance personnel control testing during operational hours ensure that changes to hardware and software are necessary Steinke 26 Identify people by measuring some aspect of individual anatomy or physiology, some deeply ingrained skill, or other behavioral characteristic or something that is a combination of the two ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ Handwritten signatures Face Recognition Fingerprints Iris Codes Voice Retina Prints DNA Identification Palm Prints Handwriting Analysis 27 All recognition systems are subject to error ‘Fraud’ / ‘false positive’ ◦ A client is accepted as authenticated when they should have been rejected ‘Insult’ / ‘false negative’ ◦ A client is rejected as NOT authenticated when in fact they should have been accepted. 28 The oldest way There is widespread acceptance (and requirement!) for photo ID The issuing of other authentication devices (like passwords, key cards, digital signatures) usually depends on facial recognition by the agents of the issuing authority Photo-ID is not particularly reliable, but has a very significant deterrent effect 29 Strengths: Database can be built from driver’s license records, visas, etc. Can be applied covertly (surveillance photos). (Super Bowl 2001) Few people object to having their photo taken Weaknesses: No real scientific validation Attacks: Surgery Facial Hair Hats Turning away from the camera Defenses: Scanning stations with mandated poses 30 Accounts for the majority of sales of biometric equipment ◦ The ridges that cover the fingertips make patterns, that were classified in the 1800’s ◦ These patterns have loops of several distinct types, branches, and endpoints. Because of the association with criminals, commercial users are very reluctant to impose fingerprinting systems upon their clients Fingerprint sensors on laptops 31 32 Iris patterns believed to be unique The patterns are easy enough to detect They do not wear out They are protected by the eyelids and cornea Easier to capture and process than fingerprints A processing technique is used to generate a 256 byte iris code Low false acceptance rates 33 Practical difficulties: ◦ Capturing the iris image is intrusive ◦ The subject has to be co-operative 34 Strengths: ◦ Most systems have audio hardware ◦ Works over the telephone ◦ Can be done covertly ◦ Lack of negative perception Weaknesses: ◦ Background noise ◦ No large database of voice samples Attacks: ◦ Tape recordings ◦ Identical twins / soundalikes 35 Typical systems measure 90 different features: Overall hand and finger width Distance between joints Bone structure Primarily for access control: Machine rooms Olympics Strengths: Weaknesses: No negative connotations – non-intrusive Reasonably robust systems Accuracy is limited 36 Retina Scan ◦ Very popular in the 1980s military; not used much anymore. Facial Thermograms Vein identification Scent Detection Gait recognition Handwriting 37 Biometric Approx Template Size Voice 70k – 80k Face 84 bytes – 2k Signature 500 bytes – 1000 bytes Fingerprint 256 bytes – 1.2k Hand Geometry 9 bytes Iris 256 bytes – 512 bytes Retina 96 bytes 38 39 impossible to provide complete security match to value of assets provide good security but keep system easy to use easy to use, little security <-----> difficult to use, high security Steinke 40