CNS-UNIT-1
CNS-UNIT-1
CNS-UNIT-1
Computer Security-generic name for the collection of tools designed to protect data and to
thwart hackers
Network Security-measures to protect data during their transmission.This area covers the use of
cryptographic algorithms in network protocols and network applications.
Cryptographic algorithms: This is the study of techniques for ensuring the secrecy and/or
authenticity of information
SECURITY GOALS:
SECURITY GOALS
CONFIDENTIALITYDATA INTEGRITYAVAILABILITY
CONFEDENTIALITY:
hiding information from an authorized access
information while exchange should remain secret
DATA INTEGRITY:
preventing information from un authorized modification
need techniques to ensure the integrity of the data
preventing the modification
detect any modification made
AVAILABILITY:
should be easily available to authorized users
data must be available to authorized users
cryptographic algorithms are used to achieve the above
goals THE OSI SECURITY ARCHITECTURE
The OSI security architecture focuses on security attacks, mechanisms, and services. These can
be defined briefly as
• Security attack: Any action that compromises the security of information owned by
an organization.
• Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security mechanisms to
provide the service.
SECURITY ATTACKS
Generic types of attacks
Passive attacks
Active attacks
. A passive attack attempts to learn or make use of information from the system but does not
affect system resources. An active attack attempts to alter system resources or affect their
operation.
Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted. Two types of passive attacks
are the release of message contents and traffic analysis.
1) Release of message contents:
The release of message contents is easily understood .A telephone conversation, an electronic
mail message, and a transferred file may contain sensitive or confidential information.We would
like to prevent an opponent from learning the contents of these transmissions.
2) Traffic analysis:
A second type of passive attack, traffic analysis, is subtler .Suppose that we had a way of
masking the contents of messages or otherinformation traffic so that opponents, even if they
captured the message, couldnot extract the information from the message. The common
technique formasking contents is encryption. If we had encryption protection in place,
anopponent might still be able to observe the pattern of these messages. Theopponent could
determine the location and identity of communicating hosts andcould observe the frequency and
length of messages being exchanged. Thisinformation might be useful in guessing the nature of
the communication thatwas taking place.
Passive attacks are very difficult to detect, because they do not involve anyalteration of the data.
Active attack: An active attack attempts to alter system resources or affect their operation.
Active attacks involve some modification of the data stream or the creation of a false stream.
Active attacks can be subdivided into four categories:
masquerade,
replay,
modification of messages, and
Denial of service.
Masquerade:
A masquerade takes place when one entity pretends to be a different entity (Figure:). A
masquerade attack usually includes one of the other forms of active attack.
For example, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those privileges.
Replay :
Replay involves the passive capture of a data unit and its subsequent retransmission to produce
an unauthorized effect.
Modification of messages:
Modification of messages simply means that some portion of a legitimate message is altered, or
that messages are delayed or reordered, to produce an unauthorized effect (Figure: c).
For example, a message meaning “Allow John Smith to read confidential file accounts” is
modified to mean “Allow Fred Brown to read confidential file accounts
Denial of service:
The denial of service prevents or inhibits the normal use or management of communications
facilities (Figure d). This attack may have a specific target;
For example, an entity may suppress all messages directed to a particular destination (e.g., the
security audit service).
Another form of service denial is the disruption of an entire network—either by disabling the
network or by overloading it with messages so as to degrade performance
1.7 SECURITY SERVICES
The classification of security services are as follows:
CONFIDENTIALITY: Ensures that the information in a computer system and transmitted
information are accessible only for reading by authorized parties. Confidentiality is the
protection of transmitted data from passive attacks. For example, when a TCP connection is set
up between two systems, this broad protection prevents the release of any user data transmitted
over the TCP connection.
Connection Confidentiality
The protection of all user data on a connection.
Connectionless Confidentiality
The protection of all user data in a single data block
Selective-Field Confidentiality
The confidentiality of selected fields within the user data on a connection or in a single data
block.
Traffic-Flow Confidentiality
The protection of the information that might be derived from observation of traffic flows.
AUTHENTICATION: The authentication service is concerned with assuring that a communication
is Authentic. The assurance that the communicating entity is the one that it claims to be.
Ensures that the origin of a message or electronic document is correctly identified, with an
assurance that the identity is not false.
Peer Entity Authentication
Used in association with a logical connection to provide confidence in the identity of the entities
connected.
Data-Origin Authentication
In a connectionless transfer, provides assurance that the source of received data is as claimed.
INTEGRITY: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating
and delaying or replaying of transmitted messages.
NON REPUDIATION: Requires that neither the sender nor the receiver of a message be able to
deny the transmission. when a message is sent, the receiver can prove that the alleged sender in
fact sent the message. Similarly, when a message is received, the sender can prove that the
alleged receiver in fact received the message
ACCESS CONTROL: Requires that access to information resources may be controlled by the
target system . access control is the ability to limit and control the access to host systems and
applications via communications links. To achieve this, each entity trying to gain access must
first be identified, or authenticated
AVAILABILITY: Requires that computer system assets be available to authorized parties when
needed
SECURITY MECHANISMS
One of the most specific security mechanisms in use is cryptographic techniques.
Encryption or encryption-like transformations of information are the most common means of
providing security. Some of the mechanisms are
1 ENCIPHERMENT
2 DIGITAL SIGNATURE
3 ACCESS CONTROL
ENCIPHERMENT: It refers to the process of applying mathematical algorithms for converting
data into a form that is not intelligible. This depends on algorithm used and encryption keys.
DIGITAL SIGNATURE: The appended data or a cryptographic transformation applied to any data
unit allowing to prove the source and integrity of the data unit and protect against forgery.
ACCESS CONTROL: A variety of techniques used for enforcing access permissions to the system
resources.
DATA INTEGRITY: A variety of mechanisms used to assure the integrity of a data unit or
stream of data units.
AUTHENTICATION EXCHANGE: A mechanism intended to ensure the identity of an entity by
means of information exchange.
TRAFFIC PADDING: The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
ROUTING CONTROL: Enables selection of particular physically secure routes for certain data and
allows routing changes once a breach of security is suspected.
NOTARIZATION: The use of a trusted third party to assure certain properties of a data exchange
GENERAL TERMS:
An original message is known as the plaintext, while the coded message is called the
ciphertext.The process of converting from plaintext to ciphertext is known as enciphering or
encryption; restoring the plaintext from the ciphertext is deciphering or decryption. The many
schemes used for encryption constitute the area of study known as cryptography. Such a
scheme is known as a cryptographic system or a cipher. Techniques used for deciphering a
message without any knowledge of the enciphering details fall into the area of cryptanalysis.
Cryptanalysis is what the layperson calls “breaking the code.”The areas of cryptography and
cryptanalysis together are called cryptology.
2) Monoalphabetic Ciphers:
With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the
key space can be achieved by allowing an arbitrary substitution. Before proceeding, we define
the term permutation. A permutation of a finite set of elements is an ordered sequence of all
the elements of , with each element appearing exactly once. For example, if , S = {a, b, c} there
are six permutations of S :
abc, acb, bac, bca, cab, cba
In general, there are 3! permutations of a set of elements, because the first element can be
chosen in one of n ways, the second in ways, the third in ways, and so on.
Recall the assignment for the Caesar cipher:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
If, instead, the “cipher” line can be any permutation of the 26 alphabetic characters, then there
are 26! or greater than 4 * 1026 possible keys.
Such an approach is referred to as a monoalphabetic substitution cipher, because a single
cipher alphabet (mapping from plain alphabet to cipher alphabet) is used per message.
3) Playfair Cipher
The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the
plaintext as single units and translates these units into ciphertextdigrams. The Playfair algorithm
is based on the use of a 5 5 matrix of letters constructed using a keyword.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the
keyword (minus duplicates) from left to right and from top to bottom,and then filling in the
remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count as
one letter. Plaintext is encrypted two letters at a time, according to the following rules:
1. Repeating plaintext letters that are in the same pair are separated with a fillerletter, such as
x, so that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix are each replaced bythe letter
to the right, with the first element of the row circularly following thelast. For example, ar is
encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letterbeneath, with
the top element of the column circularly following the last. Forexample, mu is encrypted as
CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in itsown row and
the column occupied by the other plaintext letter. Thus, hsbecomes BP and ea becomes IM (or
JM, as the encipherer wishes).
example
Plaintext = meet me at the school house
Splitting two letters as a unit => me et me at thesch oxolho us ex
Corresponding cipher text => CL KL CL RS PD IL HY AV MP HF XL IU
Key 19 8 21 4 3 4 2 4 15 19 8 21 4
Plaintext 3 18 0 21 4 24 14 20 17 18 4 11 5
ciphertext 22 0 21 25 7 2 16 24 6 11 12 6 9
ci = pi ki
where
pi=ithbinarydigitofplaintext
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
We now show two different decryptions using two different keys:
ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
key: PXLMVMSYDOFUYRVZWCTNLEBNECVGDUPAHFZZLMNYIH
plaintext: MR MUSTARD WITH THE CANDLESTICK IN THE HALL
ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
key: MFUGPMIYDGAXGOUFHKLLLMHSQDQOGTEWBQFGYOVUHWT
plaintext: MISS SCARLET WITH THE KNIFE IN THE LIBRARY
Suppose that a cryptanalyst had managed to find these two keys.Twopausible plaintexts are
produced. How is the cryptanalyst to decide which is the correct decryption?
TRANSPOSITION TECHNIQUES:
a) Rail fence
Rail fenceis simplest of such cipher, in which the plaintext is written down as a sequence of
diagonals and then read off as a sequence of rows.
For example, to encipher the message “meet me after the toga party” with a rail fence of
depth 2, we write the following:
mematrhtgpry
etefeteoaat
The encrypted message is
MEMATRHTGPRYETEFETEOAAT
b) Row Transposition Ciphers:
A more complex scheme is to write the message in a rectangle, row by row, and read the
message off, column by column, but permute the order of the columns. The order of columns
then becomes the key of the algorithm.
For example,
Key: 4312567
Plaintext: attackp
ostpone
duntilt
woamxyz
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
A pure transposition cipher is easily recognized because it has the same letter frequencies as
the original plaintext.
Buffer Overflow: A buffer overflow occurs when a program or process tries to store moredata
in a buffer than it was intended to hold. Since buffers are created to contain a finite amount of
data, the extra information can overflow into adjacent buffers, corrupting or overwriting the
valid data held in them. Though this may occur accidentally because of a programming error,
at present it is an increasingly common type of security attack on integrity.
It happens when the attacker intentionally enters more data than a program was written
to handle. The data runs over and overflows the section of valid data like part of programming
instructions, user files, confidential information etcthere by enabling the attacker’s data to
overwrite it. This allows an attacker to overwrite data that controls the program and can take
over control of the program to execute the attacker’s code instead of programmer’s code.
Example:
#include<stdio.h>
#include<conio.h>
#include<strings.h>
int main(intargc,char *argv[])
{
Overflow_finction(*++argv);
Return (0);
}
In this C program, we can see the use of the strcpyfunction.data is taken from argv[1].then
copid into array of 8 bytes.since no size checking is performed on either variable,ehich results in
a buffer over flow.
Example 2:
#include<stdio.h>
#include<conio.h>
#include<strings.h>
int main()
{
Char buffer[8]; /*an 8 charecter buffer */
Strcpy(buffer,”AAAAAAAAAAAAAAAAAAAA”)
/*copy 20 bytes of A into the buffer*/
/*this will cause stack corruption*/
Return 1;
}
A SAMPLING OF PROBLEMATIC FUNCTIONS IN C
1) STRCPY(dest,src) this function will copy a string from source to destination
2)strcat(dest,src) this function adds a string to the end of another string in a
buffer 3)gets(buffer) gets a string of input from the stdin stream and stores it in
buffer
Consequences
Availability: Buffer overflows generally lead to crashes. Other attacks leading to lack
of availability are possible, including putting the program into an infinite loop.
Access control (instruction processing): Buffer overflows often can be used to execute
arbitrary code which is usually outside the scope of a program’s implicit security
policy
Defences
A format string vulnerability occurs when programmers pass externally supplied data to a
printffunction as or as part of the format string argument.
Format string attacks can be used to crash a program or to execute harmful code. The
problem stems from the use of unfiltered user input as the format string parameter in certain
C functions that perform formatting, such as printf().
A malicious user may use the %s and %x format tokens, among others, to print data from the
stack or possibly other locations in memory
EXAMPLE:
#include<stdio.h>
#include<conio.h>
char *s;
clrscr();
printf(“enter a string”);
scanf("%s",s);
printf(s);
getch();
Ouput1:enter a string hi
Ouput2:enter a string %S
the string you entered is this is secret two
Ouput3:enter a string %S %S
the string you entered is this is secret two this is secret one
Format string vulnerability attacks fall into three categories: denial of service, reading and
writing.
Format string vulnerability denial of service attacks are characterized by utilizing multiple
instances of the %s format specifier to read data off of the stack until the program attempts to
read data from an illegal address, which will cause the program to crash.
Format string vulnerability reading attacks typically utilize the %x format specifier to print
sections of memory that we do not normally have access to. This is a serious problem and can
lead to disclosure of sensitive information.
PHISHING AND DEFENSIVE MEASURES
Phishing is a fraudulent process, which attempts to acquire sensitive information, such as
usernames, passwords, credit card numbers, and SSNs, by masquerading as a trustworthy entity
in an electronic communication. Spear-phishing emails have a high success rate because they
mimic messages from an authoritative source, such as a financial institution, a communications
company, or some other easily recognizable entity with a reputable brand.
Pharming is yet another technique in which the DNS tables are poisoned so that a victim’s
address, e.g., www.amazon.com, points to the phishing site.
DEFENSES
1) safe browsing tool
Since the web is the most frequently used attack vector, it is important to have protection for
browsers, especially when a search is used
Example :The Web of Trust (WOT) Plugin for Safe Browsing
The WOT is a community-based collection of websites, based on a reputation achieved
through the ratings of millions of users. It is a free safe surfing plugin for major browsers
and provides website ratings and reviews to help web users as they search, surf and shop
online. WOT uses color-coded symbols to show the reputation of a site: Green indicates
the site is trusted by the community, yellow warns a user to be cautious and red indicates
potential danger. A gray symbol with a question mark means that there is no rating due to
a lack of sufficient data.
When a “hot” keyword like free ipad is used in the search, Figure 26.14 illustrates theratings for
the websites found
Figure 26.14
Both Internet Explorer (IE), Chrome, and Firefox provide phishing filters. Phishing and malware
protection is accomplished by checking the site that is being visited against lists of reported
phishing and malware sites. These lists are automatically downloaded and updated by browsers.
SQL injection is a technique where malicious users can inject SQL commands into an SQL
statement, via web page input.
SQL injection is the top vulnerability of websites. It exploits improper input validation in
database queries. A successful exploit will allow attackers to access, modify, or delete
information in the database. It permits attackers to steal sensitive information stored
within the backend databases of affected websites, which may include such things as
user credentials, email addresses, personal information, and credit card numbers
Example 26.39: The Manner in Which to Execute a SQL Injection Attack
As an example of a SQL injection attack, consider the normal user login request shown
in Figure 26.38. A user supplies their username and password, and this SQL query
checks to see if the user/password combination is in the database. The query is of the
form
$query = “SELECT username,password FROM login WHERE username =‘$username’ AND
password = ‘$password’“;
The attacker wants to take over the administrative privilege of the database and therefore
uses the user name: administrator’#, as indicated in Figure 26.39. The # sign indicatesthe start of
a line comment, which although generally useful can typically be ignored. The
password can be anything, since the server will ignore anything that follows the # sign. The
form of the query and the ignored comment, indicated by the strikethrough, are then
$query = “SELECT username,password FROM login WHERE username =‘administrator’#
AND password = ‘$password’“;
Through the use of this approach, the attacker gains administrator privilege by dropping
the password verification, as indicated in Figure 26.40.
FIGURE 26.38 A SQL injection attack
Example2
Look at the example below .Let's say that the original purpose of the code was to create an SQL
statement to select a user with a given user id.
If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart"
input like this:
UserId:
105 or 1=1
Server Result
SELECT * FROM Users WHERE UserId = 105 or 1=1
The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is
always true.