9. Computer Security and Issues

8/6/2019 9. Computer Security and Issues

1/27

1

Spring 2009

Lesson - 9

Computer Security andIssues That Affect Us All

CSE 101


2/27

2

Computer Crime

Software Piracy

Protections from Piracy


3/27

3

Computer Crime Software Piracy

Software piracy the illegal copying of software programs isthe biggest legal issue affecting the computer industry.

Piracy is of greatest concern to developers of commercialsoftware, or programs that must be purchased before using.

Piracy is less of a concern for shareware makers, whoseprograms must be registered but not always purchased.

Piracy is not a concern for freeware, which is software that canbe freely distributed by anyone.


4/27

4

Computer Crime Protection From Piracy

Various forms of copy protection have been usedto discourage piracy, including:

Installation diskettes that record the number oftimes the software is installed.

Hardware locks, without which the program cannotfunction.

Passwords, serial numbers, or other codes requiredfor installation.


5/27 5

Computer Viruses

Categories of Viruses

Preventing Infection


6/27 6

Computer Viruses Categories of Viruses

Boot sector viruses Self-encrypting viruses

Cluster viruses Self-changing virusesFile-infecting viruses Stealth viruses

Worms Macro viruses

Bombs Joke programs

Trojan Horses Bimodal viruses

Polymorphic viruses Bipartite viruses

Self-garbling viruses Multipartite viruses

E-mail viruses Macro viruses

A virus is a parasitic program that infects anotherprogram (the host). Most viruses fall into the following

categories:


7/27 7

Computer Viruses Preventing Infaction

Viruses are spread in several ways. The most common are:

Treat all disks as though they are infected.

Install an antivirus program and keep its virus definitions(database of virus information) up to date.

Run your antivirus program regularly.

Receiving an infected disk. Downloading an infected executable file from a

network or the Internet. Copying a document file that is infected with a

macro virus.

To avoid viruses, you should:


8/27 8

Theft

Hardware and Software Theft

Data Theft

Protecting Networks


9/27 9

Theft Hardware and Software Theft

As PCs become smaller and as more people uselaptop and handheld computers hardware theft isbecoming a growing problem.

Software theft is also a major problem for companies,

many of which must purchase large quantities ofexpensive software programs.

To combat hardware and software theft, many

companies are locking hardware to desks and securingsoftware in libraries, granting access to employees onlyas needed.


10/2710

Theft Data Theft

Data theft can be far more serious than software or hardwarelosses, because data can be difficult or impossible to replace.

Hackers are a threat to sensitive corporate and governmentdata because they pride themselves on getting around securitymeasures.

Organizations can keep hackers at bay by protecting theirnetworks. This can be done by enforcing the use of user IDsand passwords.

Data can also be protected through encryption, making ituseless to anyone who does not have the encryption key.


11/2711

Computer and The Environment

Planned Obsolescence

Use of Power

C t d th E i t Pl d


12/2712

Computers and the Environment Planned

Obsolescence

Because hardware and software products becomeobsolete after a given time, older systems aredisposed of in large numbers.

Large-scale disposals add to the clogging of landfills

and pollution.

To reduce these problems, organizations candownload software from the Internet (reducing the

number of disks and manuals used). Hardware canbe recycled or donated to charities or schools.


13/27

13

Computers and the Environment Use of Power

Many people leave their computers runningcontinuously, whether in use or not. This consumespower unnecessarily.

To solve this problem, you can use a "green PC,"

which automatically powers down the monitor andhard drive after a period of non-use.

Another way to conserve energy is to use hardware

that conforms to the EPA's "Energy Star" program,which sets standards for power consumption.


14/27

14

Ergonomics and Health Issues

Ergonomics Defined

Repetitive Stress Injuries

Avoiding Repetitive Stress Injuries

Eyestrain

Electromagnetic Fields


15/27

15

Privacy Issue

Junk Faxes and E-Mail

Beating Spammers at Their Own Game

Privacy Issues Facing Corporate Computer

Users


16/27

16

Network Security

Classic properties of secure systems:

Confidentiality Encrypt message so only sender and receiver can understand it.

Authentication Both sender and receiver need to verify the identity of the other party in

a communication: are you really who you claim to be?

Authorization Does a party with a verified identity have permission to access (r/w/x/

) information? Gets into access control policies.


17/27

17

Classic properties of secure systems: (cont.)

Integrity During a communication, can both sender and receiver detect whether a

message has been altered?

Non-Repudiation Originator of a communication cant deny later that the communication

never took place Availability

Guaranteeing access to legitimate users. Prevention of Denial-of-Service (DOS) attacks.


18/27

18

Cryptography

Encryption algorithm also called a cipher Cryptography has evolved so that modern

encryption and decryption use secret keys Only have to protect the keys! => Key distribution

problem Cryptographic algorithms can be openly published

Encryption Decryptionplaintext ciphertext plaintext


Key KA Key KB


19/27

19

Cryptography

Cryptography throughout history: Julius Caesar cipher: replaced each character by a

character cyclically shifted to the left.Weakness? Easy to attack by looking at frequency of characters

Mary Queen of Scots: put todeath for treason after QueenElizabeths Is spymaster crackedher encryption code

WWII: Allies break GermanEnigma code and Japanese navalcode Enigma code machine (right)


20/27

20

Cryptography

Cryptanalysis Type of attacks:

Brute force: try every key

Ciphertext-only attack: Attacker knows ciphertext of several messages encrypted with same

key (but doesnt know plaintext).

Possible to recover plaintext (also possible to deduce key) by looking at

frequency of ciphertext letters Known-plaintext attack:

Attacker observes pairs of plaintext/ciphertext encrypted with samekey.

Possible to deduce key and/or devise algorithm to decrypt ciphertext.

C t h


21/27

21

Cryptography

Cryptanalysis Type of attacks:

Chosen-plaintext attack: Attacker can choose the plaintext and look at the paired ciphertext.

Attacker has more control than known-plaintext attack and may be ableto gain more info about key

Adaptive Chosen-Plaintext attack:

Attacker chooses a series of plaintexts, basing the next plaintext on theresult of previous encryption

Differential cryptanalysis very powerful attacking tool

But DES is resistant to it

Cryptanalysis attacks often exploit the redundancy of

natural language Lossless compression before encryption removes redundancy

P i i l f C f i d Diff i


22/27

22

Principle of Confusion and Diffusion

Terms courtesy of Claude Shannon, father ofInformation Theory Confusion = Substitution

a -> b

Caesar cipher Diffusion = Transposition or Permutation abcd -> dacb DES


Key KA Key KB

P i i l f C f i d Diff i


23/27

23


Modern substitution ciphers take in N bits andsubstitute N bits using lookup table: called S-Boxes

Confusion : a classical Substitution Cipher

Cryptographers often think in terms of the plaintextalphabet as being the alphabet used to write the originalmessage, and the cipher text alphabet as being the lettersthat are substituted in place of the plain letters. A cipher isthe name given to any form of cryptographic substitution, in

which each letter is replaced by another letter or symbol.

C Ci h


24/27

24

Caesar Cipher

According to Suetonius, Caesar simply replaced each letter in a message withthe letter that is three places further down the alphabet.

As shown below, it is clear to see that the cipher text alphabet has beenshifted by three places. Hence this form of substitution is often called theCaesar Shift Cipher.

Courtesy:

Andreas

Steffen

Pi Ci h


25/27

25

Pigpen Cipher

Plain Text : I Love Computer Science

Cipher text :

The Pigpen Cipher was used by Freemasons in the 18th Century to keep theirrecords private. The cipher does not substitute one letter for another; rather

it substitutes each letter for a symbol. The alphabet is written in the gridsshown, and then each letter is enciphered by replacing it with a symbol thatcorresponds to the portion of the pigpen grid that contains the letter. Forexample:



26/27

26


Diffusion : a classical Transposition cipher

modern Transposition ciphers take in N bits andpermute using lookup table : called P-Boxes

Courtesy:

Andreas

Steffen


27/27

Documents

9. Computer Security and Issues