some recent figures
DESCRIPTION
Computer Security: Friend, Foe or Failure? Dr. Ishbel Duncan School of Computer Science March 13 th 2009. Some recent figures. The American FBI Internet Crime Complaint Center received 207,000 complaints in 2007 relating to $240M of e-crimes. - PowerPoint PPT PresentationTRANSCRIPT
Computer Security: Friend, Foe or Failure?
Dr. Ishbel Duncan
School of Computer Science
March 13th 2009
Some recent figureso The American FBI Internet Crime Complaint Center
received 207,000 complaints in 2007 relating to $240M of e-crimes.
o Japanese cybercrime is at record levels tripling between 2004 and 2008. Threats and illegal access increased by 90% and 20% between 2007 and 2008 but fraud has decreased slightly.
o 33% increase in card fraud forecast for 2009
o 40% of UK children don’t know the people they are chatting to online. Half admitted to downloading music illegally using P2P software and 20% said their systems were infected by viruses after downloading. Half share their home systems with other members of the family.
UK bank cards
UK consumers lost £302M to card fraud in the first half of2008. In 2007 it was £535M.
Spending on credit cards was £124Bn in 2007 and £126Bn in2007.Debit card spending rose from £224Bn to £245Bn.
Debit cards accounted for 75% of all transactions and thenumber of debit cards in circulation overtook credit cards in2008. There are 75M debit cards in circulation and 71M creditcards.
Online banking fraud rose 185% in the first half of 2008 mainly
because of phishing attacks.
1 in 8 UK online firms lose more than 5% of income to fraud.
Military HackerGary McKinnon of London allegedly hacked into NASA, thePentagon and 12 other military networks between February2001 and March 2002.
In one attack on an army computer at Fort Myer, Virginia heobtained administrator privileges which allowed him to delete1300 user accounts and copy files containing usernames andencrypted passwords. He managed to shut down theInternet on 2000 military computers for three days.The US Government said it spent $1M cleaning up theirsystems.
McKinnon was indicted in November 2002 but is contestingextradition and the hearing is in July 2009 in London. His bailagreement prevents him from using any computer
equipment.
Online TheftOnline theft is currently estimated to cost $1Trillion a year.
and rising…..
But… card fraud identikits have fallen in price from $15 to $2.
More than half the world’s GDP is estimated to flow throughthe internet every day through the SWIFT network.
At the World Economics Forum in Davos in January, it wasstated that “the internet was vulnerable but as it was now partof society’s central nervous system, attacks could threaten
thewhole economy.”
A virtual group had redirected the details of 25M credit cardsto the Ukraine.
InfectionsThe safest country for computer virus infections is Australia.Only 1 in 574 emails contain a virus there compared to
1 in 213 here in the UK1 in 415 for the USA1 in 451 for Japan.
India is the most virus ridden with 1 in 197.
Spam emails this year spiked on Valentine’s Day, with 9% of all
email.
Phishing this year has taken advantage of the economic crisis with 1 in 190 emails a phish attack in February (up from 396).
France is the most spammed country with 75% of all emailsbeing spam. The UK get spam in 67% of all email.
Cyber WarfareCybercrime is one thing, cyber warfare is another.
Estonia came under a denial of service attack from Russia in
2007 and 2008 which disabled banking and utilities.
Cyber Warfare is now a real threat to all countries but do we
want governments to regulate the internet to prevent misuse?
Legal problems: o where an attack takes place is usually different from the
country of the perpetrator. o many satellites or servers may be used to target a
victim bringing in more “victims” or “accomplices”
A Short Security HistoryHerodotus chronicles how Demaratus of Greece sent tablets
coveredin wax to the Spartans to warn of a Persian invasion and,
separately,of Histaiaeus who shaved the head of a servant.
The Chinese wrote on fine silk and wrapped it in a small ball of wax.
Al-Kindi wrote on deciphering cryptographic messages in the 9th
Century by noting letter frequencies.
Chaucer encrypted plaintext (normal language) with symbols.
By the 15th Century, encryption was common among diplomats.
The Spartan ScytaleThe Spartans used a scytale in the 5th Century BC – a rod
ofwood with a strip of text wound around it.
The Caesar Cipher
Replace letters with another at a distance of N apart
Character Manipulationo The most basic character manipulation is a substitution
cipher. Here letters are exchanged in the alphabet.
o The most famous substitution cipher is the Caesar cipherwhere letters were replaced with one further down, or up, the alphabet.
o e.g. HAL = IBM with a shift of 1.
o Often letters were/ are arranged in groups of 5 to avoid noting word lengths.
kujdg nfpoe co
Mary of Scotland
The Babington Plot:
The code was a substitution cipher plus somesymbols representing words such as bearer, my and pray.
Pattern AnalysisThere are characteristic letter patterns in any language.
We know the most common letters in English are ASINTOER.
A 8.0% S 6.0%E 13.0% T 9.0%I 6.5% N 7.0%O 8.0% R 6.5%
The least frequent is?
Digrams and TrigramsJust as there are common letters so also are there
commonpairs or triples of letters (digrams and trigrams). Transpositions leave the plaintext letters intact so if theletter frequencies are similar to “normal” frequencies then
weinfer that transposition has taken place.
Some of the most common are:
er th en ed an or in gh
ent ion and ing ive for tio one
Charles Babbage
Babbage broke the Vigenere cipher which uses a keyword to determine a different cipher alphabet.
Vigenère Tableau ExampleUsing the key phrase:
I am I exist, that is certain
To send the message
Machines cannot think
i am i exist that is certainm ac h inesc anno tt hink
o Row M, column I is uo Row A column A is ao Row M column C is o …………uaopm kmkvt unhbl jmed
The Underground Railroad
Escaping Slaves in the American States would
allegedly follow signals in quilts laid out to air.
World War 2: The Enigma machine
Scherbius’s machine was patented in 1918. It had 3 scramblers to encipher the plaintext plus a plugboard that swapped 6 letters.Rejewski of Poland spent 8 years deciphering Enigma and his work was passed on to Bletchley Park where it was deciphered.
A story: Key ExchangeIn pre-revolutionary Ruritania, the postal service was not to betrusted. Boxes would be opened and contents removed. Onlythose that could not be opened were delivered. Stout boxesand padlocks were available but each padlock had a single
uniquekey that could open the lock.
How can Prince Rupert send a priceless necklace to his belovedPrincess Irena if there is no other way of transporting his gift other than via the postal service?
In other words, how can we send a secret message that onlythe sender and receiver can read.
Rupert sends his gift inside a padlocked box.Irena returns the box with her padlock on the box.Rupert removes his padlock and sends back the box to Irena with only her padlock attached.
History remembers those who publish first
One major stumbling block of any cryptographic system is theexchange of keys. Any public way of interchange may be overheard.
Whitfield Diffie, Martin Hellman and Ralph Merkle of Stanfordare remembered as the fathers of public key cryptography,publishing and patenting their idea in 1976.
There system allows two people to agree keys which allow themto communicate an encrypted message without them having thesame key.
However, James Ellis of GCHQ had the same idea 10 years earlierand Clifford Cocks and Malcolm Williamson discovered the keyexchange algorithm by 1975. However, their work was classified
andGCHQ did not contest the American patent.
Encryption and Decryption.
Crypto Basics
Meet Alice and Bob
Alice and Bob wish to converse secretly. Alice has message M
which she encrypts with a function E.
C = E(M)
She sends this to Bob who decrypts the message with function D.
D(C) = D( E(M)) = M
However, Eve wishes to listen in and can deduce the form of the
functions E and D or the message M. Bob and Alice now have to
use a more robust mechanism to pass their messages.
Symmetric Encryption
Symmetric algorithms use one key, a secret key encryption.
A and B share the key and as long as it is private it offersauthentication. But A and B have to agree on the key inadvance.
What happens if C is invited to share a secret with A and B.We may need two more keys for A-C and B-C
communication.
For an N-user system we would require n(n-1)/2 keys for each pair of users.
Cryptosystemo A cryptosystem is one in which rules are applied to
encrypt and decrypt text. These algorithms often use a key, denoted by K, as a mechanism to adapt the plaintext.
o The ciphertext is the plain text adapted by the algorithm and using the key value.
C = E(K,P)
o E is the Encryption Algorithm, or more precisely the set ofAlgorithms, and K is the Key which selects precisely onealgorithm.
o (Think of Yale keys – there are many but only one fits your door lock)
Alice and Bob again
o Alice and Bob could know each other’s key (or share a key).
o Eve would then be able to mount a ciphertext only attack as she knows C but not P. If she had previous knowledge of plaintext she may still be able to deduce the messages, or she may use probabilities and distribution characteristics of the language.
Asymmetric EncryptionIn public key or asymmetric encryption, each user has two keys:a public and a private key. The public key is published freely because it is only one half of an inverse pair.
Using keys for decryption and encryption we have: P = D(KD, E(KE,P))
Now we have P = D(Kprivate, E(Kpublic,P))
The public key encryption is decrypted via the private key.
P = D(Kpublic, E(Kprivate,P))
The private key encryption is decrypted via the public key.Multiple users can send messages privately to each other usingpublic keys.
Encryption with Keys.
Diffie-Hellman (1976)Diffie and Hellman published the first paper on public keycryptography. There are three conditions:
o It must be computationally easy to encode/ decode with the a key.
o It must be computationally infeasible to derive the private key from the public key.
o It must be computationally infeasible to determine the private key from a plaintext attack.
Mathematically we require to find k such that
n = gk mod p
Where p is prime and g <> 0,1, or p-1
Asymmetric Encryption ExampleAlice and Bob have chosen
p = 53 g = 17p is the prime modulus, g is the mantissa.
Their private keys are kalice = 5 kbob = 7
Their public keys are kalice = 175 mod 53 = 40
kbob = 177 mod 53 = 6
Bob sends Alice a message by computing a shared key:S Bob, Alice = K Alice
kBob mod p = 407 mod 53 = 38
Alice decrypts using her private key:S Alice, Bob = K Bon
kAlice mod p = 65 mod 53 = 38
RSAThe Rivest-Shamar-Adelman (1978) cryptosystem is a
publickey system and has been a de facto standard for many
years.
n =pq, where p and q are prime numbers. The totient Φ(n) is the
number of numbers < n with no factors in common with n.
Example: p = 7, q = 11, n = 77, Φ(n) = 60.e, the encryption key, is relatively prime to (p-1)
(q-1)d, the decryption key, is e-1 mod ((p-1)(q-1))
Encrypt as c = me mod nDecrypt as m = cd mod n
RSA ExampleAlice chooses public key as 17, private as 53.
Bob sends “Hello World” which is encoded as 07 04 11 11 14 26 22 14 17 11 03
Bob’s ciphertext is 0717 mod 77 = 280417 mod 77 = 16 etc
=> 28 16 44 44 42 38 22 42 19 44 75
NonrepudiationThe use of a public key system provides non repudiation of
thethe source of the message and the message itself as only
theprivate and public key pair can encode and decode the
system.
The security of RSA depends on the factoring problem and is
an obvious means of attack; knowledge of one pair ofexponents or use of a common modulus will allow attacks.
Messages should be padded with random values when lowencryption exponents are used.
General Users: passwords• Consider what is at risk if you password is
compromised.
• Consider how much you trust the systems that see yourpasswords.
• Which is better – write down a few important passwords orreuse passwords or make them “weak”?
• Use a phrase or a song rather than single word.
• If the password is 6 characters, 99.95% of variants will be non words – use one of them!
PasswordsFeb 2009:28,000 log in details stolen from a well known website
wereposted online. It was noted that o 14% of users used sequential passwords such as
123456 or QWERTYo 16% used their first name as a password o 5% used the names of popular celebrities.o 4% used “password” o 3% chose “idontcare”, “whatever”, “yes” and “no”
Are these users naïve?
Biometricso Voice recognizers, handprint detectors, thumbprint
analysis,retinal scanners are coming into more use for other thanmilitary security or government systems.
o Biometrics are biological authenticators based on physicalcharacteristics. These cannot be lost, but may be stolen!
o Authentication is not always easy – fingerprints may bedamaged by scarring, voice recognition systems must be trained to the user’s voice/ accent.
o Current biometric systems are expensive, bulky and slow. Users are still unsure about the privacy issues and someconsider the systems intrusive.
Biometric Systemso Fingerprint recognition Voice recognitiono Iris Scanners Face Recognitiono Keystrokes Signatures
o Combination systems use two or more of the above. Most systems are used in supervised areas, e.g. airports.
o Systems use sampling and thresholds for pattern matching.This requires training the systems and a lot of statistical data.
o Performance:False acceptance rate (fraud rate), False rejection rate (insult rate) are major issues.
Today’s problemsComputers have come a long way in 25 years from being researchinstruments to everyday tools for schools, libraries, telephones,transport etc.
Most people have over 6 computers in their home: mobiles, tv,video, CD players/ recorders, microwave, cookers, a Wii plus thecomputer itself.
Walking in the street we may have cameras watching us and allour movements recorded and analysed by computer.
We assume that computers are safe and reliable.
But… they can also be our enemy.
Key Principleso Principle of Easiest Penetration:
An intruder must be expected to attempt any available means of penetration and the one that succeeds may not be the obvious one.
o Principle of Adequate Protection:Computer Items must be protected until they lose their value and they must be protected to a degree consistent with their value.
o Principle of the Weakest Link:Security is as strong as the weakest link.
o Principle of Effectiveness:Controls must be used, be appropriate and be applied properly
Security FailuresThe vast majority of attacks are done by Bots or Botnets.
These are automatic, and to some extent autonomous, smallprograms which trawl the internet. They can be:o Spamo Viruses & Wormso Rootkitso DDOS attackso Phishing attackso Bots
Another technique is Social engineering
We need to secure networks, operating systems, applicationsand files.
BotnetsLarge numbers of computers have been brought underNon-owner control (?) to launch attacks, spam, DoS or
somefraudulent activity.
The BBC (25 Jan 2007): “Of the 600 million computerscurrently on the internet, between 100 and 150 million
werealready part of these botnets.”
Yahoo suffered one botnet using up 15% of search capacity.
Whose Failure?Security is not just technical, it also requires educating users.
If users fail to follow advice then it is not surprising attacksand failures happen. But, can the user be blamed for notfollowing advice when most computer users are non technicaland believe they are safe because they buy protection.
Users are led to believe that if they pay for cover they aresafe. But measures against security are allegedly directlyproportional to the perceived threat. Every breach will make usprotect even more.
All companies have losses, perhaps we should expect failure inour protection systems?
If you build it, they will come….You can build a secure system but if you can’t enforce asecurity policy then you can’t be 100% secure.
This is not unknown in history:You can build a fortress but attacks will happen if people canclimb the walls or break down the small servants back door.
We don’t want to live in isolation so we need to communicate,therefore choices must be made between total security andopenness.
Companies are the same: they want network and file security as
long as it doesn’t cost too much in money and effort.
Lost DiscsHMRC sent two discs containing the entire Child Benefitdatabase to the National Audit Office unregistered andunencrypted in 2007. The data contained personal details
of25 Million people and was reckoned to be worth up to £1.5B
tocriminals.
The discs were lost
90,000 staff at HMRC have been given extra training and 20,000 MoD laptops have been encrypted.
An ex contractor of the DWP had two discs with benefitclaimant details. She forgot to return them but was neverasked for them (2007).
More Lost DataIt was estimated that sensitive data affecting 4M people waslost in 2007/8:o NI numbers of 17,000 people lost on a disco theft of a laptop with encrypted details of 17,000 Sats
markerso The Ministry of Justice lost information on 45,000 people
regarding their criminal histories.o The FO lose data on 190 people in 5 separate cases.o The Dept. of Transport lost 3M records of driving test
applicants.o The HSBC lost a disc with data on 370,000 customers.o HMRC sent Standard Life a CD through the post containing
data on 15,00 Standard Life customers. It didn’t arrive.o Documents from the DWP were dumped on a roundabout
in Devon.
Missing LaptopsIn 2007, a laptop was stolen from the boot of an HMRCcar. It was suggested that the computer contained data on400 customers holding high value ISAs at five differentcompanies.
Also in 2007, a laptop was stolen from a Nationwide employee’s
home. It contained 11M customer records. Nationwide wereFined £980,000 by the City watchdog.
A Royal Navy officer had his laptop stolen from his car. Itcontained information on 600,000 people.
Hard drives were reported missing from the MoD and theNational Offender Management Service.
More Government mishaps…The MoD lost an encrypted laptop with 620,000 personalrecords including bank account and NI numbers as well as45,000 people named as referees or next-of-kin for serviceapplicants.
An external contractor downloaded information onto a memory
stick and then lost it. The data concerned 10,000 offendersand the names, dates of birth and release dates of 84,000prisoners in England and Wales.
The MoD confirmed 121 computer memory sticks had been lost
or stolen since 2005 and 658 laptops since 2004.Only 5 memory sticks contained secret data!
Security Mechanisms: Access Control List
An Access Control Matrix describes the rights of subjects and
objects.
ACLs work well with data oriented system where permissions
are stored with the data or the owner can set up the ACL.ACLs are less suited to systems with large user
populations.
RolesRole based access control (RBAC) is an example of accesscontrol that applies at the application layer. Here we havefunctional groups or user roles.
A user could be a system administrator, a general user, a tutor
etc. Some roles could be qualified such as a tutor on a module.
Each role allows the certain privileges or allows them toexecute some tasks (procedures).
Rings of ProtectionRings of protection offer different levels of privilege for theusers or system programs. (Multics, Unix, Intel 80286
onwards)
Ring 0 : kernel, access to diskRing 1 : process managerRing 3 : all other programs.
Current privilege can only be changed by a process in Ring 0.
Outer rings have fewer privileges, I/O forbidden, memorymapping disallowed.
Bell-LaPadula (Multilevel Security)David Bell and Len LaPadula (1973) responded to
problems withthe US Air Force mainframe security. The goal is to identifyAllowable communication when maintaining secrecy.
Information cannot flow downwards:o The simple security policy (ss-property): no process can
read data at a higher level, i.e. no read up (NRU)o The *-property: no process can write data to a lower
level, i.e. no write down (NWD)
i.e sensitive data can only be written to the same or a higher level.
BLP Secure Flow of Information.
The Chinese WallBrewer and Nash (1989) defined the Chinese Wall to reflectprotection requirements for commercial information.
Objects: files, low level information pertaining to one company
Groups: All objects pertaining to one company is grouped together
Conflict Classes: all groups of objects for competing companies are clustered together
A person can access any information as long as they have not
accessed information from a different company is the sameconflict class.
Chinese Wall Security Policy for chocolate companies, airlines and banks.
Chinese Walls for Banks and Chocolate Makers
Attacks• What?• Fraud Destructive Attacks• Monetary Theft Reputation destruction• Denial of Service Identity Theft• Brand Theft Intellectual Property Theft• Publicity Terrorism• Surveillance
• Who?• Hackers System Crackers• Organised Crime Career Criminals• Malcontents Industrial spies• Press Police• Intelligence Services Terrorists• Info Warriors
Attack Trees (Schneier)The goal is the root and the lower nodes the possible routes/ subgoals . Each node can have an associated risk assessment. Logical or/and may be applied.
Costs
FirewallsA firewall is a special monitor which mediates access to anetwork and hides the structure of the internal network.
Firewalls may be:o Packet filters // looks at packet headerso Stateful inspection filters // maintains state informationo Application proxies //simulates application and performs
access controlo Personal firewalls //blocks traffic
Types of Attacks: DoS, DDoS, Flash Crowds (not really anattack but can still bring down a network)
Firewall Problemso No protection against attacks based on bugs.
o No protection against internal attackers.
o No protection inside once an internal machine is compromised.
o Accidental routes around the firewall – dialup servers, cross links.
o Can be too restrictive and interfere with wanted traffic.
o Encryption prevents the firewall blocking malicious traffic.
o A lot of services are done through HTTP so the firewall just sees Web traffic.
Information WarfareInformation warfare isn’t a new post WW2 issue:5000 years ago Chinese emperors guarded secrets of silk production,3500 years ago Mesopotamians guarded secrets of pottery glazing,2000 years ago Julius Caesar wrote messages in code.
However, it is true to say the post Internet world has increasedproblems of secrecy, privacy, trust and integrity. The current onlinepopulation is 1,574,313,184 as of December 31 2008, 23.7% of thePlanet. (http://www.internetworldstats.com/stats.htm)
Advances in computers have also led to advances in sensors andubiquitous computing (Pervasive Computing, Gloss Project).Information technologies will increasingly be worn (biosensors), andtherefore used to monitor, predict, perhaps manage people.
Offensive Information Warfare
o Computers and telecomm systems support energy distribution, emergency services, financial services. The critical infrastructure of many western countries are now solely dependent on technology.
o 95% of military communications are routed over civilian networks.
o The number of potential targets and critical points for failure is increasing. Operations or attacks can be launched by governments, military or civilians. Conventional warfare is expensive (cost of weaponry, vehicles, manpower, lives) but computational power is a lot cheaper. Automated scripts for eavesdropping, password cracking etc are available online.
The Enemy WithinWe trust computers -
We store a lot of personal information on it –We use an internet provider to attach to the WWW
–
Our machine gets virusesHackers may hack into our systems (our own PC or the businesses we log into)
We lose information, identity, money…..
The computer itself is not our enemy but the amount of trustwe put into it is. It has no loyalty like a dog or best friend.We presume privacy and integrity but a computer is only assecure as we can make it.
The Future: Big Brother?• Your computer may be watching you!
• The government certainly is, via cameras, banking records,automatic licence plate scanners, RFID chips etc.
Can a computer ever be as secure as we want it to be?Can we stop it from watching us?
The latest thing in Computer Science is Cloud Computing.Yesterday, an article in the Register (
www.theregister.co.uk) indicated a flaw in a search service that could attack many users.
A Scottish AphorismAs my granny used to say:
Ye cannae keep what ye cannae hud in yer hands
Bibliographyo Simon Singh “The Code Book”o www.securitywatch.co.uko Pfleeger and Pfleeger “Security in Computing”o News.bbc.co.uko http://www.internetworldstats.com/stats.htm