CRYPTOGRAPHY, NETWORK SECURITY

AND CYBER LAW

Subject Code: 17CS61

Text Book:
Cryptography, Network Security and Cyber Laws –
Bernard Menezes, Cengage Learning, 2010 Edition
MODULE – 1.1

INTRODUCTON
 CYBER ATTACKS
• MOTIVE:
– What are the main goals of an attacker/hacker?
– The thrill of mounting a successful cyber attack
has motivated enough hackers.
– Hacking is a process of gaining unauthorized
access to any system with an intent to read/write
or delete data.
 CYBER ATTACKS
• TYPES:
– Theft of sensitive information ( New product
details, military plan and details)
– Disruption of service (organizations server’s
unavailable or inaccessible: e-commerce sites)
– Illegal access to or use of resources (free access to
paid service)
 COMMON ATTACKS
• PHISHING AND PHARMING ATTACKS: attacks those
attempt to retrieve personal information from an
individual.
– lures its victims to a fake website (Bank websites and
reveal sensitive information)
• SKIMMING ATTACKS: Personal info leaked out of
credit cards, smart cards and ATM cards.
– Side channel attacks- attempt to deduce sensitive info
from lost or stolen cards through advanced power and
timing measures.
 COMMON ATTACKS
• EAVESDROPPING or SNOOPING: Leakage of info
on the link between two communicating
parties.
• DICTIONARY ATTACKS: means intruding into a
computer system by password-guessing attacks.
• All of the above mentioned forms are of
‘Identity theft’ – goal is to impersonate his/her
victim.
 COMMON ATTACKS
• DENIAL OF SERVICE (DOS): Interruption or
disruption of computing services
– Exhaust the computing power, memory capacity
or communication bandwidth of their targets such
that they become unavailable.
• ATTACKS CAUSED BY MALWARE: Worms and
viruses are malware that replicate themselves.
– Virus typically infects a file, so virus spreads from
one file to another
 COMMON ATTACKS
– A worm is a standalone program that infects a
computer, so worm spreads from one computer to
another
– Media is the propagation vector for worms and
viruses.
• TROJAN: is a kind of malware that masquerades
as a utility but has other insidious goals such as
modification of files, data theft etc.
• SPYWARE: installed on a machine can be used to
monitor user activity and as a key logger to
recover valuable info.
COMMON ATTACKS AND VULNERABILITIES:
 VULNERABILITIES
• Vulnerability is a weakness in a procedure,
protocol, hardware or software within an
organization that has the potential to cause
damage.
• There are four vulnerability classes in the domain
of security:
1. HUMAN VULNERABILITIES: induced by human
behavior or action. EX: User clicks on link in an email
received from questionable source. Phishing attack or
cross-site scripting attack.
 VULNERABILITIES
• PROTOCOL VULNERABILITIES: A no. of
networking protocols used in LAN’s have
features that have been used in unanticipated
ways to craft attacks.
– Pharming attacks (DNS Cache poisoning) and
various hijacking attacks (Domain hijacking)
– Vulnerabilities in design of security protocols lead
to man-in-the-middle or replay attacks which lead
to identity theft, compromise of secret keys etc.
 VULNERABILITIES
• SOFTWARE VULNERABILITIES: sloppily written
system or application software with instances as
follows:
– Buffer overflow scenario not considered
– Insufficient validation of user input which can lead to
cross-site scripting vulnerability.
– An attacker will type a part of SQL Query and if the
Query is not validated the result could be obtaining
credit card details! Thus causing SQL Infection
vulnerability.
 VULNERABILITIES
• CONFIGURATION VULNERABILITIES: this relates
to configuration settings on a newly installed
application, files etc.
– Read-write-execute permissions on files can be
susceptible to abuse/attacks
– Privilege escalation attacks – privilege assigned to a
process may be higher than what it should be to
carry out a task
– Misconfiguration of firewalls may have devastating
effect.
DEFENCE STRATEGIES AND TECHNIQUES

1. ACCESS CONTROL – AUTHENTICATION AND

AUTHORIZATION: First defence strategy to
prevent intrusions is a access control. A
trusted third party mediates access to a
protected system.
• This involves Authentication, - a process by
which a subject establishes that it is indeed
the entity it claims to be. Ex: user ID & PW
• Ex: Access cards in organizations.
DEFENCE STRATEGIES AND TECHNIQUES

• An important application of access control is

to forward network traffic from the external
insecure internet into the protected
environment of an organization.
– Clear-cut rules to be formulated in order to govern
such traffic
– A device called firewall sits at the perimeter of the
organization and it is configured to filter packets
based on source/destination addresses and ports.
DEFENCE STRATEGIES AND TECHNIQUES

2. DATA PROTECTION: Data in transit or in

storage has to be protected.
• This implies data confidentiality – that the data
should not be readable by any intruder.
• Preservation of data integrity – data should not
modified
• Cryptographic techniques is used for above
two approaches.
• Cryptography is the science of disguising data.
DEFENCE STRATEGIES AND TECHNIQUES
• Encryption is performed by the sender on a
message to disguise it before sending it
• Decryption is performed on the disguised
message in order to retrieve the original
message on the receiver side
• In most cases both encryption and decryption
use the same secret key (Known only to the
sender and receiver) thus prevent an
eavesdropper from decrypting the message.
DEFENCE STRATEGIES AND TECHNIQUES
• Some of the integrity check techniques that may
be used are – Cryptographic checksum.
• Computation of Cryptographic checksum uses a
secret shared by the sender and receiver.
• The sender computes checksum as a one-way
function of the message and secret and transmits
the message and checksum.
• The receiver also computes the checksum and if it
matches with the one received, there is no error.
DEFENCE STRATEGIES AND TECHNIQUES
3. PREVENTION AND DETECTION:
– Black box testing is used when the source code is not
available in order to study the pattern of the program
and how it handles unexpected or malicious inputs.
– White box testing is when a security engineer has
access to the source code and this method is highly
preferable.
• Intrusion prevention may not always be practical
or affordable or even effective at times.
DEFENCE STRATEGIES AND TECHNIQUES

• Intrusion detection system also look for patters

of behavior. Ex: multiple instances of a given
worm often exhibit a characteristic pattern
called worm signature.
• Anti-virus products are signature based.
• Certain malware have peculiar sequence of
system calls or pattern of file access.
DEFENCE STRATEGIES AND TECHNIQUES
4. RESPONSE, RECOVERY AND FORENSICS: Once any
attack is detected response measures should be
instantly taken which include shutting down all or
part of the system.
• In case of worm epidemic the infected part of the
system should be separated and necessary patches
applied.
• Cyber forensics is an emerging discipline with a set of
tools that help trace back the worm/virus
responsible of cyber crime.
 GUIDING PRINCIPLES
1. Security is as much (or more) a human problem
than technical problem and must be addressed
at different levels.
2. Security should be factored in at inception, not
as an afterthought.
3. Security by obscurity (or by complexity) is often
bogus.
4. Always consider “Default Deny” policy for
adoption in access control.
 GUIDING PRINCIPLES
5. An entity should be given the least amount/level
of permissions/privileges to accomplish a given
task.
6. Use ‘Defence in dept’ to enhance security of an
architectural design.
7. Identify vulnerabilities and respond appropriately.
Risk = Assets X Vulnerabilities X Threat
8. Carefully study the tradeoffs involving security
before making any.