Basic Security concepts |
|
You will see certain terms throughout this chapter, so it is best to become familiar with them before going any further |
|
Threats |
|
The entire point of computer security is to eliminate or protect against threats. |
|
A threat is anything that can cause harm. In the context of computer security, a threat can be |
|
. A burglar. |
|
. A virus. |
|
. An earthquake |
|
. A simple user error. |
|
By itself, a threat is not harmful unless it exploits an existing vulnerability. Vulnerability is a weakness-anything that has not been protected against threats, making it open to harm. |
|
For instance, an unlocked car is vulnerable to theft. |
|
The vulnerability is meaningless unless a thief is in the neighborhood. But you probably always lock your car or park it in a safe place. |
|
Degrees of Harm |
|
That said, it's important to realize that threats, and the harm they can cause, are a matter of degree. |
|
If you live on top of a mountain, for example, there is probably no threat of flooding. |
|
If you don't use antivirus software, however, there is a very good chance that your computer will become infected, especially if it stays connected to the Internet. |
|
Because you can gauge the degree of harm that different threats can cause, you can prioritize them. |
|
That is, you can decide which threats are more likely to "get you" and take precautions against them. |
|
When people think of the ways their computer system can be damaged, they may think only of damage to the hardware or the loss of data. |
|
In reality, computer systems can be damaged in many ways. |
|
And remember, you (the user) are part of the computer system. You, too, can suffer harm of various kinds, from the loss of important data, to the loss of privacy, to actual physical harm. |
|
When protecting your computer system, it pays to think in the broadest possible terms about the types of harm that could affect you. |
|
A nasty virus or hacker can wipe out your programs as well as your data. |
|
If your PC is connected to a network, other systems on the network could suffer similar problems. |
|
Damages to your home or office-such as a fire or flood--can easily extend to your computer and everything stored on it. |
|
Countermeasures |
|
A countermeasure is any step you take to ward off a threat - to protect yourself, your data, or your computer from harm. |
|
For example |
|
. Regularly backing up your data is a countermeasure against the threat of data loss. |
|
. A firewall is a countermeasure against hackers. |
|
There are two classes of countermeasures. The first shields the user from |
|
. personal harm such as threats to personal property |
|
. confidential information |
|
. financial records |
|
. medical records and so forth. |
|
The second safeguard protects the computer system from |
|
. Physical hazards such as theft, |
|
. Vandalism, |
|
. Power problems, |
|
. And natural disasters or attacks on the data stored and processed in computers. |
|
|
|
Threats of User |
|
Networks and the Internet have created limitless possibilities for people to work, communicate, learn, buy and sell, play games, and interact with others around the world. |
|
These possibilities come from the openness of networks-especially the Internet, which is available to virtually everyone, for virtually any kind of use. |
|
However, the very openness that makes the Internet so valuable also has made it a conduit for many types of threats. |
|
Still, we cannot blame the Internet for all computer-related problems. |
|
Some issues, such as identity theft, are still best accomplished with little or no help from a computer. |
|
Others, such as injuries stemming from computer use, are often the fault of poor design or poor work habits. |
|
Identity Theft |
|
Identity theft occurs when someone impersonates you by using your name, Social Security number, or other personal information to obtain documents or credit in your name. |
|
With the right information, an identity thief can virtually "become" the victim, obtaining a drivers license, bank' accounts, mortgages, and other items in the victim's name. |
|
Beyond monetary losses, however, victims of Identity theft pay in other ways, spending many hours trying to repair the financial damages and regain their good reputation. |
|
Identity thieves can use several methods-low-techs as well as high-tech-to obtain the information they need: |
|
. Shoulder Surfing |
|
A trick known as shoulder surfing is as simple as watching someone enter personal identification information for a private transaction, such as an ATM machine. |
|
. Snagging |
|
In the right setting, a thief can try snagging information by listening in on a telephone extension, through a wiretap, or over a cubicle wall while the victim gives credit card or other personal information to a legitimate agent. |
|
. Dumpster Diving |
|
Other techniques are as simple as stealing mail containing personal information. A popular low-tech approach is dumpster diving. |
|
Thieves can go through garbage cans, dumpsters, or trash bins to obtain cancelled checks, credit card statements, or bank account information that someone has carelessly thrown out . |
|
The thief wins when he finds items that have account numbers or personal information. |
|
Some ID thieves are brazen enough to swipe documents right out of your mailbox. |
|
Some of the most important documents you use come to you in the mail every month: bills, account statements, credit card offers, financial records, and many others. |
|
On a good day, a thief could snag everything he needs right from your, mailbox. |
|
. Social Engineering |
|
This method is not as sophisticated as it sounds, but can still be effective. |
|
In social engineering, the ID thief tricks victims into providing critical information under the pretext of something legitimate. |
|
The thief can call an unwary victim, for example; claim to be a system administrator at the Web site of the victim's bank; and ask for the victim's user ID and password for a system check. |
|
With this information in hand, the thief can go online and access the victim's account information directly through the bank's Web site. |
|
. High-Tech Methods |
|
Sophisticated ID thieves can get information using a computer and Internet connection. |
|
For instance, Trojan horses can be planted on a system or a person's identity may be snagged from unsecured Internet sites. |
|
Although not common, it happens. One reason it is not common is because of the general use of security technologies such as Secure Sockets Layer (SSL) and Secure HTTP (S-HTTP) to ensure the integrity and confidentiality of credit card and financial transactions. |
|
Because so much attention is paid to protecting transmitted data, social engineering and lowtech swindles are the predominant sources of identity theft. |
|
Loss of Privacy |
|
Did you know that your buying habits are tracked electronically, in a range of commercial systems? This doesn't apply just to online transactions either. |
|
Any time you use a "store loyalty" card to rent movies or buy groceries; the purchases are logged in a database. |
|
Your medical, financial, and credit records are available to anybody authorized to view them. |
|
Many of the companies you deal with every day-from your local supermarket to your insurance company-maintain databases filled with information about you. |
|
You might expect these firms to know your name and address, but you might be surprised to learn that they know how many times each month you put gas in your car or buy a magazine. |
|
And a lot of companies do not keep this information confidential; they may sell it to other companies who are interested in knowing about you. |
|
Personal information is a business commodity that supports a huge shadow industry called data mining. |
|
Data mining is a business-intelligence-gathering process that every large organization, from banks to grocery stores, employs to sift through computerized data. |
|
Companies spot useful patterns in overall behavior to target individuals for special treatment. |
|
Data mining is a $200-million-a-year industry, and it is growing rapidly because it pays big dividends. |
|
Public Records on the Internet |
|
Your personal information is available to anybody who has the few rupees required to buy it from commercial public record services. |
|
For a minimal price, companies such as Intelius and WhoWhere.com will give you detailed reports about most people. |
|
These reports contain such detailed information as |
|
» Criminal records, including sex offender registry, felonies, misdemeanors, and federal and county offenses |
|
» Background information, including marriage records, divorce records, adoption records, driving records, credit history, bankruptcies in the past 20 years, tax liens, small claims, past address history, neighbors, property ownership, mortgages, and licenses. |
|
Records such as marriage licenses and divorce records are public records. |
|
This means that they, along with many other kinds of legal records, are available to anybody who wants to view them. |
|
There are a number of companies that collect public records, package them, and sell them to anyone who wishes to purchase them |
|
Internet Monitoring, Profiling, and Spying |
|
When using the Internet, you should be aware that your interests and habits are being monitored automatically. |
|
The monitoring activity can be carried out by programs running on your own computer or a connected server. |
|
This might not seem to be a problem since "if.you aren't doing anything wrong you have nothing to fear." |
|
However, the interpretation of why you visit a particular site is in the eye of the beholder. You may not be aware of how your browsing habits are interpreted by others. |
|
A single visit to one of the ubiquitous advertiser banner ads at the top of your browser identifies you as someone with an interest in related products. |
|
Data about when you visited, what you looked at, and how long you stayed is used by most commercial Web sites. |
|
Use of this data is called "online profiling" and is done to build a profile of your interests and habits. It is analyzed to learn more about you. |
|
There are commercial profiles for most people in the United States based on the browsing activity of a particular IP address. This address is tied to the name of the owner of that address no matter who is doing the actual browsing. |
|
The reports contain information about browsing habits and may contain accompanying marketing conclusions, called psychographic data. |
|
This data makes guesses about who you really are based on your surfing behavior and elaborate inferences are drawn about your interests, habits, associations, and other traits. |
|
These guesses are available to any organization willing to pay for access to the profile. |
|
Online marketers, commercial information service providers, and, in some cases, federal agencies may have access. |
|
|
|
On line Spying Tools |
|
Software developers have created a number of ways to track your activities online. |
|
Although many of these tools were created for benign purposes-such as helping legitimate Webmasters determine who visits their sites most often-they are also being used in ways most consumers do not appreciate. |
|
Cookies |
|
A cookie is a small text file that a Web server asks your browser to place on your computer. |
|
The cookie contains information that identifies your computer (its IP address), you (your user name or e-mail address), and information about your visit to the Web site. |
|
For instance, the cookie might list the last time you visited the site, which pages you downloaded, and how long you were at the site before leaving. |
|
If you set up an account at a Web site such as an e-commerce site, the cookie will contain information about your account, making it easy for the server to find and maintain your account whenever you visit. |
|
Despite their helpful purpose, cookies are now considered a significant threat to privacy. |
|
This is because they can be used to store and report many types of information. |
|
For example, a cookie can store a list of all the sites you visit. |
|
This data can be transferred to the site that placed the cookie on your system, and that information can be used against your wishes. |
|
Web Bugs |
|
A Web bug is a small GIF-format image file that can be embedded in a Web page or an HTML-format e-mail message. |
|
A Web bug can be as small as a single pixel in size and can easily be hidden anywhere in an HTML document. |
|
Behind the tiny image, however, lies code that functions in much the same way as a cookie, allowing the bug's creator to track many of your online activities. |
|
A bug can record what Web pages you view, keywords you type into a search engine, personal information you enter in a form on a Web page, and other data. |
|
Because Web bugs are hidden, they are considered by many to be eavesdropping devices. |
|
Upon learning about Web bugs, most consumers look for a way to defeat them. A number of anti-Web bug programs now exist. |
|
Spyware |
|
The term spyware is used to refer to many different kinds of software that can track a computer user's activities and report them to someone else. |
|
There are now countless varieties of spyware programs. Another common term for spyware is adware, because Internet advertising is a common source of spyware. |
|
Some types of spyware operate openly. For example, when you install and register a program, it may ask you to fill out a form. |
|
The program then sends the information to the developer, who stores it in a database. |
|
When used in this manner, spyware-type programs are seen as perfectly legitimate because the user is aware that information is being collected. |
|
More commonly, however, spyware is installed on a computer without the user's knowledge and collects information without the user's consent. |
|
Spyware can land on your PC from many sources: Web pages, e-mail messages, and popup ads are just a few. |
|
Once on your machine, spyware can track virtually anything you do and secretly report your activities to someone else. |
|
Spyware can record individual keystrokes, Web usage, e-mail addresses, personal information, and other types of data. Generally, the program transmits the collected data via e-mail or to a Web page. |
|
|
|
Spam |
|
Although the availability of your private information might be troubling, the consequence for most users is something called spam. |
|
Spam is Internet "junk mail." After all, your e-mail address is often included in the personal information that companies collect and share. |
|
The correct term for spam is unsolicited commercial e-mail (UCE). Almost all spam is commercial advertising. |
|
According to reports filed with Congress in early 2004, about two-thirds of all e-mail traffic was spam messages. In the United States, nearly 80 percent of all e-mail was spam. |
|
You might think that the answer to spam e-mail is simple: just delete the messages when they arrive. |
|
But for many computer users, spam is much too big a problem for such a simple solution. Some people receive dozens, even hundreds, of spam messages daily. The problem is huge for businesses, where corporate e-mail |
|
Servers needlessly store and transfer countless spam messages each month. At the personal level, spam recipients spend time reviewing unwanted messages, in fear they may accidentally delete legitimate mail. |
|
This alone costs untold hours of wasted time. The real solution to spam, therefore, is to control it before it reaches all the people who don't want it. |
|
Defining spam is important to controlling it. One person's important message, after all, is another person's spam. This difference makes it hard to establish a legal basis for prevention. |
|
Since 2003, the legally accepted definition of the characteristics of spam is commercial e-mail, bulk transmitted to millions of people at a time. |
|
The volume and the fact that each message contains substantially the same content define spam. |
|
People who send out these endless streams of spam get e-mail addresses in three ways: |
|
» Purchasing lists of e-mail addresses through brokers. |
|
» "Harvesting" e-mail addresses from the Internet. |
|
» Generating random strings of characters in an attempt to match legitimate addresses. |
|
|
|
Symmetric-Key Cryptography |
|
In symmetric-key cryptography, the same key is used by both parties. |
|
The sender uses this key and an encryption algorithm to encrypt data; the receiver uses the same key and the corresponding decryption algorithm to decrypt the data |
|
|
|
In symmetric-key cryptography, the algorithm used for decryption is the inverse of the algorithm used for encryption. |
|
This means that if the encryption algorithm uses a combination of addition and multiplication, the decryption algorithm uses a combination of division and subtraction. |
|
Traditional Ciphers |
|
In the earliest and simplest ciphers, a character was the unit of data to be encrypted. These traditional ciphers involved either substitution or transposition. |
|
Substitution Cipher |
|
A cipher using the substitution method substitutes one symbol with another. If the symbols in the plaintext are alphabetic characters, we replace one character with another. |
|
For example, we can replace character A with D and character T with Z. If the symbols are digits (0 to 9), we can replace 3 with 7 and 2 with 6. |
|
We will concentrate on alphabetic characters. Substitution can be categorized as either monoalphabetic or polyalphabetic. |
|
Monoalphabetic Substitution |
|
In mono alphabetic substitution, a character in the plaintext is always changed to the same character in the ciphertext regardless of its position in the text. |
|
For example, if the algorithm says that character A in the plaintext must be changed to character D, every character A is changed to character D, regardless of its position in the text. |
|
The first recorded ciphertext was used by Julius Caesar and is still called the Caesar cipher. |
|
Example |
|
ATTACK becomes |
|
DWWDFN |
|
Polyalphabetic Substitution |
|
In polyalphabetic substitution, each occurrence of a character can have a different substitute. The relationship between a character in the plaintext to a character in the ciphertext is one-to-many. |
|
Character A can be changed to D in the beginning of the text, but it could be changed to N at the middle. We discuss a very simple one. |
|
It is obvious that if the relationship between plaintext characters and ciphertext characters is one-to-many, the key must tell us which of the many possible characters can be chosen for encryption. |
|
Let us define our key as "take the position of the character in the text, divide the number by 9, and let the remainder be the shift value." |
|
With this scenario, the character at position 1 will be shifted one character, the character at position 2 will be shifted two characters, and the character in position 14 will be shifted four characters (14 mod 9 is 4).So now the word ATTACK becomes |
|
A T T A C K -plaintext |
|
B V W E H Q -encrypted |
|
Transpositional Cipher |
|
In a transpositional cipher, the characters retain their plaintext form but change their positions to create the ciphertext. |
|
The text is organized into a two-dimensional table, and the columns are interchanged according to a key. The key defines which columns should be swapped. |
|
As you have guessed, transpositional cryptography is not very secure either. |
|
The character frequencies are preserved, and the attacker can find the plaintext through trial and error. |
|
This method can be combined with other methods to provide more sophisticated ciphers. |
|
Example |
|
7 4 5 1 2 9 3 6 KEY |
|
P L E A S E T R |
|
A N S F E R O N |
|
E M I L L I O N |
|
D O L L A R S T plain text |
|
O M Y S W I S S |
|
B A N K A C C O |
|
U N T S I X T W |
|
O T W O A B C D |
|
Plaintext |
|
PLEASE TRANSFER ONE MILLION DOLLARS IN MY SWISS BANK ACCOUNT SIX TWO TWO. |
|
Ciphertext |
|
AFLLSKSOSELAWAIATOOSSCTCLNMOMANTESILYNTWRNNTSOWDPAEDOBUOERIRICXB |
|
Block Cipher |
|
Traditional ciphers used a character or symbol as the unit of encryption/decryption. Modem ciphers, on the other hand, use a block of bits as the unit of encryption/decryption. |
|
Figure shows the concept of the block cipher; the plaintext and ciphertext are blocks of bits. |
|
|
|
Operation Modes |
|
Ciphers that operate on eight-character segments are too short now the question arises, Can we encrypt and decrypt longer messages (900 characters, e.g.)? |
|
Several modes have been defined, and we briefly describe the most common one. |
|
Electronic Code Block (ECB) Mode |
|
In electronic code block (ECB) mode, we divide the long message into 64-bit blocks and encrypt each block separately, as shown in Figure. |
|
|
|
|
|
Public-Key-Cryptography |
|
In public-key cryptography, there are two keys: a private key and a public key. The private key is kept by the receiver. The public key is announced to the public. |
|
Imagine Sender, as shown in Figure, wants to send a message to receiver. Sender uses the public key to encrypt the message. |
|
When the message is received by Receiver, the private key is used to decrypt the message. |
|
|
|
In public-key encryption/decryption, the public key that is used for encryption is different from the private key that is used for decryption. |
|
The public key is available to the public; the private key is available only to an individual. |
|
Public-key encryption/decryption has two advantages. First, it removes the restriction of a shared symmetric key between two entities (e.g., Persons) Who need to communicate with each other. |
|
A shared symmetric key is shared by the two parties and cannot be used when one of them wants to communicate with a third party. |
|
In public-key encryption/ decryption. each entity creates a pair of keys; the private one is kept, and the public one is distributed. Each entity is independent. and the pair of keys created can be used to communicate with any other entity. |
|
The second advantage is that the number of keys needed is reduced tremendously. |
|
In this system, for 1 million users to communicate, only 2 million keys are needed, not 500 billion. as was the case in symmetric-key cryptography. |
|
Public-key cryptography also has one disadvantage, the complexity of the algorithm. If we want the method to be effective. the algorithm needs large numbers. |
|
Calculating the ciphertext from plaintext using the long keys takes a lot of time. |
|
That is the main reason that public-key cryptography is not recommended for large amounts of text. |
|
RSA |
|
The most common public-key algorithm is called the RSA method after its inventors (Rivest, Shamir, and Adleman). |
|
The private key here is a pair of numbers (N, d); the public key is also a pair of numbers (N: e). "Note that N is common to the private and public keys. |
|
The sender uses the following algorithm to encrypt the message: |
|
C= Pe mod N |
|
In this algorithm, P is the plaintext, which is represented as a number; C is the number that represents the ciphertext. The two numbers e and N are components of the public key. |
|
Plaintext P is raised to the power e and divided by N. The mod term indicates that the remainder is sent as the ciphertext. |
|
The receiver uses the following algorithm to decrypt the message: |
|
p=Cd mod N |
|
In this algorithm, P and C are the same as before. The two numbers d and N are components of the private key. |
|
For example |
|
Imagine the private key is the pair (109, 77) and the public key is the pair (109, 5). The sender needs to send the character F. |
|
This character can be represented as number 6 (F is the sixth character in the alphabet), The encryption algorithm calculates C = 65 mod 109 = 41. |
|
This number is sent to the receiver as the ciphertext. The receiver uses the decryption algorithm, to calculate P = 4177 mod 109 = 6 (the original number). The number 6 is then interpreted as F. |
|
The reader may question the effectiveness of this algorithm. If an intruder knows the decryption algorithm and N = 109, the only thing missing is d = 77. |
|
Why couldn't the intruder use trial and error to find d? The answer is yes; in this trivial example an intruder could easily guess the value of d. |
|
But a major concept of the RSA algorithm is to use very large numbers for d and e. |
|
In practice, the numbers are so large (on the scale of tens of digits) that the trial-and-error approach of breaking the code takes a long time (years, if not months) even with the fastest computers available today. |
|
Choosing Public and Private Keys |
|
One question that comes to mind is, How do we choose the three numbers N, d, and e for encryption and decryption to work? |
|
The inventors of the RSA used number theory to prove that using the following procedure will guarantee that the algorithms will work. |
|
1. Choose two large prime numbers p and q. |
|
2. Compute N = P x q. |
|
3. Choose e (less than N) such that e and (p - l) (q - 1) are relatively prime (having no common factor other than 1). |
|
4. Choose d such that (e x d) mod [(p - l) (q - 1)] is equal to 1. |
|
|
|
Message Security |
|
Let us first discuss the security measures applied to each single message. |
|
We can say that security provides four services: privacy (confidentiality), message authentication, message integrity, and nonrepudiation. |
|
Privacy |
|
Privacy means that the sender and the receiver expect confidentiality. |
|
The transmitted message must make sense to only the intended receiver. To all others. the message must be unintelligible. |
|
The concept of how to achieve privacy has not changed for thousands of years: The message must be encrypted. |
|
That is. the message must be rendered unintelligible to unauthorized parties. |
|
A good privacy technique guarantees to some extent that a potential intruder (eavesdropper) cannot understand the contents of the message. |
|
Message Authentication |
|
Message authentication means that the receiver needs to be sure of the sender's identity and that an imposter has not sent the message. |
|
The techniques like digital signature can provide message authentication. |
|
Integrity |
|
Integrity means that the data must arrive at the receiver exactly as they were sent, There must be no changes during the transmission, either accidental or malicious. |
|
As more and more monetary exchanges occur over the Internet, integrity is crucial. |
|
For example, |
|
it would be disastrous if a request for transferring $90 changed to a request for $9,000 or $90,000. The integrity of the message must be preserved in a secure communication. |
|
Nonrepudiation |
|
Nonrepudiation means that a receiver must be able to prove that a received message came from a specific sender. |
|
The sender must not be able to deny sending a message" that he or she, in fact, did send. |
|
The burden of proof falls on the receiver. |
|
For example, |
|
when a customer sends a message to transfer money from one account to another, the bank must have proof that the customer actually requested this transaction. |
|
|
|
Post a Comment