Professional Documents
Culture Documents
Hackers, scammers, virus builders and other Web predators are looming in the shadows.
-- Paul Tinnirello
Computer Crimes
An information session for participants in the 57-201 Introduction to Forensic Science course
Technology of defence 32-50 Laws and group Efforts in Canada 51 A couple of general ideas, in conclusion
A Hacker: Someone using computers without authorization . . Hacker: Someone committing crimes by using computers
Hacker: people who access a computer resource, without authorization Crackers: a hacker who uses his or her skills to commit unlawful acts, or to deliberately create mischief Script Kiddies: a hacker who downloads the scripts and uses them to commit unlawful acts, or to deliberately create mischief, without fully understanding the scripts. Vandals
Reference:http://www.e2chameleon.btinternet.co.uk/hacking.htm
Terminology of Hacking
Security Technologies: A little history of an ancient art: The first printed book on cryptology
Johannes Trithemius, an abbot in Spanheim : One of the founders of cryptology
The first printed book of cryptology: titled Polygraphiae Libri Sex in German language in 1518 by Johannes Trithemius,published after the death of the writer.
The first two books: about cryptology. But the third book could not be understood, without understanding the encoding that he had used.
In the third book, which was considered to be incomplete, Trithemius explained why he had made it hard to understand:
This I did that to men of learning and men deeply engaged in magic, it might, by the Grace of God, be in some degree intelligible, while on the other hand, to the thick skinned turnip-eaters it might for all time remain a hidden secret, and be to their dull intellects a sealed book forever.
10
The third book: banned in 1609, ostensibly because it explained how to employ spirits for sending secret messages.
1676:Wolfgang Heidel, the archbishop of Mainz, Germany, claimed to have deciphered the third book of Trithemius. But his discovery was stated in a secret code of his own. So nobody knew whether Heidel had understood the book.
11
The challenge - of deciphering the book: met by three persons in 500 years
A little history:
Deciphering the third book of Trithemius
1996:Thomas Ernst, Prof of German at La Roche College, Pittsburgh published a 200-page Germanlanguage report in a small Dutch journal, Daphnis. WIDELY KNOWN SOLUTION: spring 1998: Jim Reeds of AT & T labs solved the riddle of understanding the third book independently. He did not know of the earlier work of Ernst. Trithemius work: basically simple: Ernst took two weeks and Reeds took two days to understand it. Both Ernst and Reeds, separately, deciphered Heidels work and found that Heidel had been able to decipher Trithemius third book.
12
utilized a security hole in the mail receipt software automatically replicated itself locally and to remote machines affected a wide class of machines and effectively shut down internet for 1-2 days. Cost estimate to fix: $5 million
13
Used SYN flooding and TCP Hijacking to connect to Shimomuras home machine. Stole copies of 1000s of files including specialized computer security software; modified log files to remove signs of entry. Shimomura found out about the entry and informed FBI.
14
As more of our infrastructure moves online, as more things, that someone might want to access or steal, move online . As our networking systems become more complex .. As our computers get more powerful and more useful..
15
Internet Technology: was developed based on trust Security features: added, as different types of attacks are mounted. Users: bother about ease of use and not about security
17
Security Threats
RFC 1244 identifies three distinct types of security threats associated with network connectivity:
Unauthorized access
A break-in by an unauthorized person. Break-ins may be an embarrassment that undermine the confidence that others have in the organization. Moreover unauthorized access one of the other threats:-- disclosure of information or --denial of service.
18
Disclosure of information
disclosure of valuable or sensitive information to people, who should not have access to the information.
Any problem that makes it difficult or impossible for the system to continue to perform productive work.
a system with highly classified information, or, if the risk of liability in case of disclosure is great.
19
Brent Chapmans
Three Categories of Security Threats
Brent Chapmans Classification:
Confidentiality
Of data Of existence of data Of resources, their operating systems, their configuration Of resources used, in case the resources are taken on rent from a service provider
20
integrity
Of data Of origin: Once someone has gained unauthorized access to a system, the integrity of the information on that system is in doubt.
21
Loss Breakdown
Human error 55% Outsider attacks 2% Physical security problems 20%
Reference: Jim Alves-Foss , Center for Secure and Dependable Systems, Univ of Idaho, http://www.cs.uidaho.edu/~jimaf/cs442/crime-talk.ppt
22
Types of Attacks
Web-site defacement or Revealing the data to unauthorized persons/theft of sensitive information/ stealing information having Intellectual Property Rights like
Damage to data
through
Hacking or Virus/Worms
23
Types of Attacks
continued
Hoax Letters:
Examples Malicious code (viruses and trojan horses) Urban myths Scam letters to entrap the receiver
Internet gambling Internet Pornography/ stalking Link Flooding Packet Intercepting, Password Sniffing
24
Types of Attacks
propagate false routing entries (black holes and sink holes, www.citibank.com, www.mybank.az) domain name hijacking
Phishing attacks: use e-mails that often appear to come from a legitimate e-mail address and include links to spoofed Web addresses. The receiver responds to the link, which takes the receiver to a site, other than what the receiver thinks he is going to. (announced by MS on 16 Dec 2003, as a problem with Internet Explorer).
25
Anti-Phishing.org
A Web site www.antiphishing.org,, for reporting incidents, set up by a group of global banks and technology companies, led by Secure-messaging firm Tumbleweed Communications Corp Fast Response required: The Web sites designed for collecting personal information in phishing attacks are often alive for a day only. Example: Dec 2003:The e-mail appeared to come from the U.K. bank NatWest. Anti-Phishing.org tracked the IP address to a home computer in San Francisco. But a clear case of spoofingthe mail was relayed from a hijacked computer (called a zombie)
26
An Example:
time-to-market for Internet Security products
16 December, 2003: Discovery of the problem of Phishing 5 January 2004: Announcement of development of a new Anti-phishing service by Netcraft, of Bath, England.
Netcraft says that the service is mainly for banks and other financial organizations
27
Spoofing or Masquerading of a host or a service-provider (Distinguish it from Delegation) Repudiation of origin or of creation of some file Denial of receipt Usurpation: unauthorized control Data Diddling (To enter false data intentionally)
28
To be an effective Information Warrior, individuals need superior computer skills, as well as an in-depth understanding of information technology architectures, protocols and processes. --- Michael Erbschloe
author of
Information Warfare: How to Survive Cyber Attacks
29
encrypting sensitive data reduce size of target: disable unneeded services limit access of attacker to target systems hardening the OS and applications
30
It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.
---Bruce Schneier in Applied Cryptography
31
CRYPTOGRAPHY
Cryptography (from two words in Greek): means secret writing. Cryptoanalysis: breaking of a cryptographic code CRYPTOGRAPHY: process data into unintelligible form,
Cryptography
Services, provided by cryptographic tools:
Encoding information into a form which makes the information unintelligible to an unauthorized person integrity checking: no tampering authentication: not an impostor
Encryption or Enciphering
Plaintext
Encryption Algorithm
Key
Ciphertext
33
Encryption
34
Reversible Encryption
Reversible ENCRYPTION:
cleartext ENCRYPTION DEVICE
Decryption key
encryption key
ciphertext
cleartext
can be used only when the same type of encryption software/equipment is available at both the ends
35
Decryption Device
Decryption
Decryption or Deciphering
Decryption Algorithm Key Plaintext
Ciphertext
36
H : A transformation: One way m = variable size input h = hash value : a fixed size string,
also known as message digest or fingerprint or compression function.
m H(m) h
37
Message Digest
(recapitulation)
Hashing Algorithm
38
Simpler and faster (than ?) and, of course, secure For Integrity check, a fixed-length checksum for the message may have to be used; CRC* not sufficient
39
Pr-key
Message at receiver
Pr-key
Encrypted Message
Receiver-end
40
public-key cryptography
(continued)
41
public-key cryptography
(continued)
43
public-key cryptography
(continued) Applications and Advantages: Storage: for safety: use public key of trusted person Secret vs. Public Key system: secret key system: needs secret key for every pair of persons, that wish to communicate n users n(n-1)/2 keys public key system: needs two keys for every person, who wants to communicate. n users 2n keys
44
The recipient of the encrypted certificate uses the public key of the Certification Authority to decode the certificate. Examples of CAs: www.verisign.com or www.thawte.com (Verisigns liability limited to $100 only!) Standard for certificate: X.509 45
Digital signatures
Digest Algorithm
Digest
Msg Digest Algorithm Digest
46
Compare
No separate cyberspace law in Canada But the Canadian Criminal Code and the Canadian Human Rights Act apply in cyberspace. The Internet Protection Portal, established by the Canadian Association of Internet Providers (CAIP): an on-line window to resources for a user to safeguard the Internet experience. Media Awareness Network (MNet): supports media education in Canadian homes, schools and communities.
47
Birthday paradox
A result from probability theory: Consider an element that has an equal probability of assuming any one of the N values. The probability of a collision is more than 50% after choosing 1.2N values. Function
One of k equally likely values
Random input
The same output can be expected after 1.2k1/2 inputs. Thus in a group of 23, two or more persons are likely to share the same birthday. (Put k = 365) Birthday attacks are used to find collisions of Hash functions
48
50
Described by Wyner in Byte Kodak photo CD resolution of 2048x3072 pixels. Each pixel: 24-bit RGB color information. Modify the last bit (out of 8 bits) for each color. Amount of data that can be hidden in a single picture: 2048 * 3072*3 = 2.359296 Mb = about 300,000B 10^6
If four bits of intensity for each of the three colors RGB are altered 1.5 text characters hidden in each pixel of the photo. A 640x480 pixel image can store over 400,000 characters, equal to a whole book.
51
53
References:
The Trithemius riddle :1. Thomas (Penn) Leary,
Cryptology in the 16th and 17th Centuries, Cryptologia, July 1996, available at http://home.att.net/~tleary/cryptolo.htm 2. http://www.postgazette.com/healthscience/19980629bspirit1.asp 3. Gina Kolata, A Mystery Unraveled, Twice, The New York Times, April 14, 1998, pp. F1, F6, available at http://cryptome.unicast.org/cryptome022401/tricrack.htm Hoax letters: http://hoaxbusters.ciac.org/
54