Law and Cybersecurity

(06407)

Instructor: Dr. Mohamed Abdelwahab Saleh

March 6, 2025

Lecture 1: Introduction
Outline Introduction Defense

Section 1

Outline

2 / 18
Outline Introduction Defense

Contents

1 Outline

2 Introduction

3 Defense

3 / 18
Outline Introduction Defense

Course Contents

Course Outline

Information Security Management.

Data Security Properties.
Sensitive Data and Privacy.
Human Factors in Security.
Cyber Crime and Cyber Warfare.
National and International Information Security Regulation.
Ethics and Legal Aspects of Software Development.

4 / 18
Outline Introduction Defense

Evaluation Methods

Course information

Evaluation:
Assignments + Quizzes: 20% Project: 10%
Mid-term: 20% Final: 50%

Schedule:
Day Time Location
Monday 8:30-10:10 402

5 / 18
Outline Introduction Defense

Bibliography

Books

A variety of cyber security laws and regulations.

E. Amoroso and M. Amoroso. “From CIA to APT: An Introduction to Cyber
Security”. Independently published.
W. Stallings. “Cryptography And Network Security”, 7th Edition. Pearson
Education.

6 / 18
Outline Introduction Defense

Section 2

Introduction

7 / 18
Outline Introduction Defense

The Big Picture

Node A

Security
What sort of attacks?
services
What security services?
How to implement the services? Attackers
Attacks rely on the capabilities of the intruder, so
to investigate the attacks, we must model the Trusted servers
intruder.
Knowing the attacks, we can defend the network Security
against them. services

Node B 8 / 18
Outline Introduction Defense

Attacks

What Can the Attacker Do? – Attacker Model

The attacker is the network, i.e., all network nodes exist in a hostile environment.
The following is assumed:
1 The attacker monitors all network messages (eavesdropping).
2 The attacker can peform computations on messages, e.g., encryption,
decryption.
3 The attacker is a legitimate network user.
4 The attacker can send messages to any user and receive messages from any
other user.
5 The attacker can block messages.
6 The attacker can impersonate other users.
Active and passive attackers: A passive attacker just monitors the network traffic
without interrupting it. An active one is involved in message reception and/or
transmission, i.e., items 3–5 in the list above.
9 / 18
Outline Introduction Defense

Attacks

Types of attacks
Eavesdropping (passive attacks).
Man-in-the middle attacks, i.e., opening parallel sessions with different network
nodes.
Impersonation attacks, i.e., pretend to be another network node.
Replay attacks, i.e., store a sequence of messages and “play” it again later.
Denial of Service (DOS) attacks.
Cryptanalysis attacks, i.e., trying to “break” an encypted text.
Password guessing (brute-force and dictionary attacks).
Malware (viruses, worms, trojan horses, time bombs, back door) attacks.
Software exploitation attacks, i.e., exploit a vulnerability.
Timing attacks.
Social engineering.
etc.
10 / 18
Outline Introduction Defense

Attacks

Types of Malware
The following are categories of malware. Malicious code may have more than one
characteristic of the ones listed below:
Viruses: It is malicious software, in the form of executable code that is attached
to a legitimate computer program. Once it runs on a machine, it can
self-replicate (copy itself) to other programs on the machine.
Worms: It is a malicious computer program that spreads across a network
causing harm and consuming resources.
Trojan horses: It is a computer program that appears legitimate and harmless
but has hidden malicious features.
Time bombs (logic bomb): It is malicious code that causes dmamage when a
certain event occurs or when a certain time is reached.
Back door: It is a hidden entry point to software giving remote users access to
the system without having proper authorization.
11 / 18
Outline Introduction Defense

Attack Examples

Examples of Attacks–SYN Flood

A B
SYN
SYN
SYN

SYN ACK

A does not reply with ACK

A uses the TCP three-way handshake to initiate many “half-open” connections. The
TCP server is too busy to respond to other users. This is a Denial of Service (DoS)
attack.

12 / 18
Outline Introduction Defense

Attack Examples

Examples of Attacks–UDP Storm

echo chargen
M A B
m1

In this attack, A is running the echo protocol on port 7, while B is running chargen (character
generator) on port 19.
Both A and B use UDP. Therefore chargen will reply to any request by a random number. M
the malicious node, sends message m1 to B, with source IP=A, source port=7, and
destination port=19. A and B will start bouncing messages off each other indefinitely. 13 / 18
Outline Introduction Defense

Attack Examples

Examples of Attacks–Ping Attack

M A
m1

The malicious node M, sends a broadcast echo message m1 with destination IP=A
to the network. A is then flooded with replies.

14 / 18
Outline Introduction Defense

Examples of Attacks–TCP Session Hijacking

A M B
od SYN, s
Syn flo ource=
A,X
A is SYN-flooded
,Y
SYN ACK, X+1
ACK, X
+1, Y+1

The malicious node M first attacks A by SYN flood then impersonates A. The
success of this attack depends on M knowing Y. It can intercept messages or guess
Y, in case there is a weakness in the algorithm for number generation.

15 / 18
Outline Introduction Defense

Section 3

Defense

16 / 18
Outline Introduction Defense

Security Plan

Security Properties
What properties do we want our network to have?
Below are very simple intuitive definitions.
Confidentiality: A message m should be revealed only to those parties who
have the right to read it.
Integrity: A message m should not be tampered with by an itruder. If an
intruder tampered with the message, the receiver should be able to detect this.
Availability: Sevices offered by the network should “always” be available to
legitiamte users, i.e., the network should be imune against denial of service
attacks.
Authentication: Users should be able to verify the identity of other users
communication with them.
Non-repudiation: A user should not be able to deny sending (Non-Repudiation
of Origin, NRO) or receiving (Non-Repudiation of Receipt, NRR) a message.
17 / 18
Outline Introduction Defense

Security Plan

Network Protection
We saw several examples of attacks. So, what should be done to protect a network?
⇒ There is no silver bullet. However, there are measures that should be taken:
Plan a security policy.
The policy is implemented using various mechanisms:
Access control (authentication + authorization).
Limiting access from/to private network using firewalls.
Filter network traffic using an Intrusion Detection System (IDS).
etc.
The basic building blocks of many of these security mechanisms are
cryptographic operations. They operate on data in order to achieve some security
objective.
For instance, encryption is a cryptographic operation that is used in order to
achieve data secrecy.
18 / 18