Gerhard Steinke
BUS 3620
According to Internetworldstats.com, there are 2,095,006,005
internet users worldwide
Steinke
1
It is now unsafe to turn
on your computer...
Steinke
2
Slammed on All Sides
Employee Error
Viruses
Rogue Insiders
Software Bugs
Corporate Spies Script Kiddies
Web Defacements
Denial of Service
Network vulnerabilities
“SneakerNet”
Password
Crackers
War Drivers
Trojans
Worms
Buffer Overflows
Backdoors
“Blended Threats”
3
Steinke

Confidentiality
 Protecting information from unauthorized
disclosure

Integrity
 Protecting information from unauthorized
alternation/destruction

Availability
 Ensuring the availability and access to the
information
Availability
Confidentiality
Integrity
4






Internal (authorized users (intentional &
unintentional), contract worker, etc.)
Hackers (‘script kiddies’ to experts)
Industrial Espionage (legal? acceptable in
some countries and sometimes government
funded)
Foreign Espionage
Criminal (financial or criminal motivation)
Other (terrorists, political activists)
Steinke
5





The threat is global
The attack sophistication is increasing
The skill level required to become a threat is
decreasing
We live in a “Target Rich” environment
Exposure time and response time are critical
Steinke
6

Corrupting Information

Disclosing Information

Stealing Service

Denial of Service (preventing the use of IT
resources)
 Viruses, worms
 File deletion
 Data tampering (medical & financial), Web page hacks
 Public release of private data
 Selling of private or financial data (e.g., stolen charge
card numbers)
 Using site as intermediary for attacks
 Network flooding
 Crashing systems or services
Steinke
7
Steinke
8

A system which examines network packets
entering/leaving an organization and
determines whether the packets are allowed
to travel ‘through’ the firewall
Organization
Steinke
9
Steinke
10


attempts to detect/prevent someone
breaking into your system
running in background and notifies you
when…
Match
Steinke
Alarm
11
Can you decrypt these?

mfuttubsu

cepninotry
Steinke
12

Disguising message in order to hide its substance
Based in logic and mathematics

Confidentiality

Authentication

Integrity

Non-repudiation

◦ Message wasn’t changed
◦ who really sent message?
◦ was message altered?
◦ so sender cannot deny they sent message
Steinke
13
Substitution Cipher (13)
ABCDEFGHIJKLMNOPQRSTUVWXYZ

NOPQRSTUVWXYZABCDEFGHIJKLM
 Transposition Cipher

 Rearranging all characters in the plaintext



Attack: frequency of letters
Concealment – hide in text
Break Encryption by brute force - try all possible
keys
 key length

Steal, bribe, replace encryption software, flaws in
system
Steinke
14




Hiding information
http://www.jjtc.com/Steganography/
http://wwwusers.aston.ac.uk/~papania1/stegano.html
S-tools demo
Steinke
15



same key for encryption and decryption
confidentiality
secure key distribution required
◦ otherwise could impersonate sender as well

scalability - n users require n*(n-1)/2 keys
Steinke
16


Two keys – one encrypts, the other
decrypts
Public and Private keys generated as a pair
 Private key for user
 Public key for distribution



Each key decrypts what the other encrypts
Confidentiality, integrity, authentication
and non-repudiation
Intensive computations, slow
17
18






Create hash value / digital fingerprint
Provides integrity checking
Shorter than original message
◦ Variable length message to fixed length hash value
One way function, can’t go back
Appended to message
Examples:
◦ MD5 - 128 bit hash
◦ SHA - 160 bit, by NIST, NSA in DSS (Digital
Signature Standard)
19





Create a hash value
Encrypt hash value with your private key
Attach to message to be sent
Encrypt with recipients public key
Send
20




Integrity – Message not changed
Authentication - Verify sender identity and
message origin
Creates non-repudiation
Applications:
◦ Used to authenticate software, data, images
◦ Used with electronic contracts, purchase orders
◦ Protect software against viruses
21

Security policy
◦ document security principles




Educate users - what and why of security
Physical Security
Monitor network
Passwords
Steinke
22






gateway to network
access to information on PC
power on password, screen saver password
encryption
password protect files, disk drive
erase information when deleting a file
Steinke
23






control program change requests
require multiple authorizations
require full documentation
independent testing of changes
check with operations before acceptance
procedure to handle emergency situations
Steinke
24





investigate error messages, reports, alarms
monitor communication lines for failures,
problems
monitor network status for operational, outof-service stations
monitor traffic queues for congestion
control tapes, disks and other system
materials to ensure proper labeling and
retention
Steinke
25





maintain backup for programs, tapes and
other material
examine system printouts, program dumps,
recovery printouts
monitor vendor and maintenance personnel
control testing during operational hours
ensure that changes to hardware and
software are necessary
Steinke
26

Identify people by measuring some aspect of
individual anatomy or physiology, some deeply
ingrained skill, or other behavioral characteristic or
something that is a combination of the two
◦
◦
◦
◦
◦
◦
◦
◦
◦
Handwritten signatures
Face Recognition
Fingerprints
Iris Codes
Voice
Retina Prints
DNA Identification
Palm Prints
Handwriting Analysis
27


All recognition systems are subject to error
‘Fraud’ / ‘false positive’
◦ A client is accepted as authenticated when they
should have been rejected

‘Insult’ / ‘false negative’
◦ A client is rejected as NOT authenticated when in
fact they should have been accepted.
28




The oldest way
There is widespread acceptance (and
requirement!) for photo ID
The issuing of other authentication devices
(like passwords, key cards, digital signatures)
usually depends on facial recognition by the
agents of the issuing authority
Photo-ID is not particularly reliable, but has a
very significant deterrent effect
29




Strengths:
 Database can be built from driver’s license records,
visas, etc.
 Can be applied covertly (surveillance photos). (Super
Bowl 2001)
 Few people object to having their photo taken
Weaknesses:
 No real scientific validation
Attacks:
 Surgery
 Facial Hair
 Hats
 Turning away from the camera
Defenses:
 Scanning stations with mandated poses
30

Accounts for the majority of sales of
biometric equipment
◦ The ridges that cover the fingertips make patterns,
that were classified in the 1800’s
◦ These patterns have loops of several distinct types,
branches, and endpoints.


Because of the association with criminals,
commercial users are very reluctant to
impose fingerprinting systems upon their
clients
Fingerprint sensors on laptops
31
32







Iris patterns believed to be unique
The patterns are easy enough to detect
They do not wear out
They are protected by the eyelids and cornea
Easier to capture and process than
fingerprints
A processing technique is used to generate a
256 byte iris code
Low false acceptance rates
33

Practical difficulties:
◦ Capturing the iris image is intrusive
◦ The subject has to be co-operative
34



Strengths:
◦ Most systems have audio hardware
◦ Works over the telephone
◦ Can be done covertly
◦ Lack of negative perception
Weaknesses:
◦ Background noise
◦ No large database of voice samples
Attacks:
◦ Tape recordings
◦ Identical twins / soundalikes
35

Typical systems measure
90 different features:
 Overall hand and finger
width
 Distance between joints
 Bone structure

Primarily for access
control:
 Machine rooms
 Olympics

Strengths:

Weaknesses:
 No negative connotations
– non-intrusive
 Reasonably robust
systems
 Accuracy is limited
36

Retina Scan
◦ Very popular in the 1980s military; not used much
anymore.





Facial Thermograms
Vein identification
Scent Detection
Gait recognition
Handwriting
37
Biometric
Approx Template Size
Voice
70k – 80k
Face
84 bytes – 2k
Signature
500 bytes – 1000 bytes
Fingerprint
256 bytes – 1.2k
Hand Geometry
9 bytes
Iris
256 bytes – 512 bytes
Retina
96 bytes
38
39



impossible to provide complete security
match to value of assets
provide good security but keep system easy to
use
easy to use, little security <-----> difficult to use, high security
Steinke
40