Gerhard SteinkeBUS 3620

Steinke 1

According to Internetworldstats.com, there are 2,095,006,005 internet users worldwide

It is now unsafe to turn on your computer...

Steinke 2

Steinke3

Web Defacements

Software Bugs

Buffer Overflows

Backdoors

Viruses

Denial of Service

Worms

“SneakerNet”

Corporate Spies Script Kiddies

Employee Error

War Drivers

Trojans

Password Crackers

“Blended Threats”

Slammed on All Sides

Rogue Insiders

Network vulnerabilities

Confidentiality Protecting information from unauthorized

disclosure Integrity

Protecting information from unauthorized alternation/destruction

Availability Ensuring the availability and access to the

information

4

CConfidentialityonfidentiality IIntegrityntegrity

AAvailabilityvailability

Internal (authorized users (intentional & unintentional), contract worker, etc.)

Hackers (‘script kiddies’ to experts) Industrial Espionage (legal? acceptable in

some countries and sometimes government funded)

Foreign Espionage Criminal (financial or criminal motivation) Other (terrorists, political activists)

Steinke 5

The threat is global The attack sophistication is increasing The skill level required to become a threat is

decreasing We live in a “Target Rich” environment Exposure time and response time are critical

Steinke 6

Corrupting Information Viruses, worms File deletion Data tampering (medical & financial), Web page hacks

Disclosing Information Public release of private data Selling of private or financial data (e.g., stolen charge

card numbers) Stealing Service

Using site as intermediary for attacks Denial of Service (preventing the use of IT

resources) Network flooding Crashing systems or services

Steinke 7

Steinke 8

A system which examines network packets entering/leaving an organization and determines whether the packets are allowed to travel ‘through’ the firewall

Steinke 9

Organization

Steinke 10

MailServer

ExternalFirewall

Internet

InternalFirewall

Client

ClientInternalServer

WebServer

attempts to detect/prevent someone breaking into your system

running in background and notifies you when…

Steinke 11

Match

Alarm

Can you decrypt these?

mfuttubsu

cepninotry

Steinke 12

Disguising message in order to hide its substance Based in logic and mathematics

Confidentiality ◦ Message wasn’t changed

Authentication◦ who really sent message?

Integrity◦ was message altered?

Non-repudiation◦ so sender cannot deny they sent message

Steinke 13

Substitution Cipher (13)ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM Transposition Cipher

Rearranging all characters in the plaintext Attack: frequency of letters Concealment – hide in text Break Encryption by brute force - try all possible

keys key length

Steal, bribe, replace encryption software, flaws in system

Steinke 14

Hiding information http://www.jjtc.com/Steganography/ http://www-users.aston.ac.uk/~papania1/ste

gano.html S-tools demo

Steinke 15

same key for encryption and decryption confidentiality secure key distribution required

◦ otherwise could impersonate sender as well scalability - n users require n*(n-1)/2 keys

Steinke 16

Two keys – one encrypts, the other decrypts

Public and Private keys generated as a pair Private key for user Public key for distribution

Each key decrypts what the other encrypts Confidentiality, integrity, authentication

and non-repudiation Intensive computations, slow

17

18

Create hash value / digital fingerprint Provides integrity checking Shorter than original message

◦ Variable length message to fixed length hash value

One way function, can’t go back Appended to message Examples:

◦ MD5 - 128 bit hash◦ SHA - 160 bit, by NIST, NSA in DSS (Digital

Signature Standard)

19

Create a hash value Encrypt hash value with your private key Attach to message to be sent Encrypt with recipients public key Send

20

Integrity – Message not changed Authentication - Verify sender identity and

message origin Creates non-repudiation Applications:

◦ Used to authenticate software, data, images◦ Used with electronic contracts, purchase orders◦ Protect software against viruses

21

Security policy◦ document security principles

Educate users - what and why of security Physical Security Monitor network Passwords

Steinke 22

gateway to network access to information on PC power on password, screen saver password encryption password protect files, disk drive erase information when deleting a file

Steinke 23

control program change requests require multiple authorizations require full documentation independent testing of changes check with operations before acceptance procedure to handle emergency situations

Steinke 24

investigate error messages, reports, alarms monitor communication lines for failures,

problems monitor network status for operational, out-

of-service stations monitor traffic queues for congestion control tapes, disks and other system

materials to ensure proper labeling and retention

Steinke 25

maintain backup for programs, tapes and other material

examine system printouts, program dumps, recovery printouts

monitor vendor and maintenance personnel control testing during operational hours ensure that changes to hardware and

software are necessary

Steinke 26

Identify people by measuring some aspect of individual anatomy or physiology, some deeply ingrained skill, or other behavioral characteristic or something that is a combination of the two◦ Handwritten signatures◦ Face Recognition◦ Fingerprints◦ Iris Codes◦ Voice◦ Retina Prints◦ DNA Identification◦ Palm Prints◦ Handwriting Analysis

27

All recognition systems are subject to error ‘Fraud’ / ‘false positive’

◦ A client is accepted as authenticated when they should have been rejected

‘Insult’ / ‘false negative’◦ A client is rejected as NOT authenticated when in

fact they should have been accepted.

28

The oldest way There is widespread acceptance (and

requirement!) for photo ID The issuing of other authentication devices

(like passwords, key cards, digital signatures) usually depends on facial recognition by the agents of the issuing authority

Photo-ID is not particularly reliable, but has a very significant deterrent effect

29

Strengths: Database can be built from driver’s license records,

visas, etc. Can be applied covertly (surveillance photos). (Super

Bowl 2001) Few people object to having their photo taken

Weaknesses: No real scientific validation

Attacks: Surgery Facial Hair Hats Turning away from the camera

Defenses: Scanning stations with mandated poses

30

Accounts for the majority of sales of biometric equipment◦ The ridges that cover the fingertips make

patterns, that were classified in the 1800’s◦ These patterns have loops of several distinct

types, branches, and endpoints. Because of the association with criminals,

commercial users are very reluctant to impose fingerprinting systems upon their clients

Fingerprint sensors on laptops

31

32

Iris patterns believed to be unique The patterns are easy enough to detect They do not wear out They are protected by the eyelids and

cornea Easier to capture and process than

fingerprints A processing technique is used to generate

a 256 byte iris code Low false acceptance rates

33

Practical difficulties:◦ Capturing the iris image is intrusive◦ The subject has to be co-operative

34

Strengths:◦ Most systems have audio hardware◦ Works over the telephone◦ Can be done covertly◦ Lack of negative perception

Weaknesses:◦ Background noise ◦ No large database of voice samples

Attacks:◦ Tape recordings◦ Identical twins / soundalikes

35

Typical systems measure 90 different features: Overall hand and finger

width Distance between joints Bone structure

Primarily for access control: Machine rooms Olympics

Strengths: No negative

connotations – non-intrusive

Reasonably robust systems

Weaknesses: Accuracy is limited

36

Retina Scan◦ Very popular in the 1980s military; not used much

anymore. Facial Thermograms Vein identification Scent Detection Gait recognition Handwriting

37

Biometric Approx Template Size

Voice 70k – 80k

Face 84 bytes – 2k

Signature 500 bytes – 1000 bytes

Fingerprint 256 bytes – 1.2k

Hand Geometry 9 bytes

Iris 256 bytes – 512 bytes

Retina 96 bytes

38

39

Awareness and Training

Management Sponsorship

Assessment

Policies &Procedures

Practices and Procedures

Reporting

Service Provider Compliance

impossible to provide complete security match to value of assets provide good security but keep system easy

to useeasy to use, little security <-----> difficult to use, high security

Steinke 40