the goodthe badthe ugly? the good side rst! cyber crime ...siva/talks/ips-handout.pdfthe goodthe...
Post on 23-Oct-2020
3 Views
Preview:
TRANSCRIPT
-
The Good The Bad The Ugly?
Cyber Crime and Internet Security
G. Sivakumar
Computer Science and Engineering(IIT Bombay)siva@iitb.ac.in
October 7, 2007
The Good (Web 1.0, 2.0, 3.0)
The Bad (CyberCrime, Laws)
The Ugly? (Security, Forensics)
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
The Good side first!
How is learning affected?G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Internet’s Growth and Charter
Information AnyTime, AnyWhere, AnyForm, AnyDevice, ...WebTone like DialTone
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Search Engines and Page Rank
How to drink water from a firehose?
Search Engines (google) crawl the web for us.
Recall (all available?) and Precision (all relevant?)
How to rank the pages? (syntactic?)
Reliability/Trust/Security issues
What do profs do?
Visit www.phdcomics.com to find out!
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
-
The Good The Bad The Ugly?
Web 2.0 Definition (O’Reilly)
Web 2.0
Web 2.0 is the network as platform, spanning all connected devices;
delivering software as a continually-updated service that gets better the
more people use it, consuming and remixing data from multiple sources,
including individual users, while providing their own data and services in
a form that allows remixing by others, creating network effects through
an architecture of participation, and going beyond the page metaphor of
Web 1.0 to deliver rich user experiences.
Examples
RSS/Blogs/FeedReaders, Slashdot/Digg, Wikipedia (printingpress: people can read, Web2.0: people can write!)Mashups- ingeniously combining web services e.g. Google Maps inother applications e.g. Mumbai Navigator
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Semantics and Intelligence (Web 3.0)
Collaboration is necessary, but is it sufficient?Want to know
When cheap Mumbai-Chennai round trips are available
with package tours to Mahabalipuram, if possiblebut not on weekdays...
Whenever new articles on chess appear
only in English, Tamil or Germanbut other langauges ok if it is about V. Anand!but not written by ......
Two margas for moksha
Monkey way is Web 1.0/2.0 (syntactic web)
Cat way is Web 3.0 ( sematic web )
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Desired Goal
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
What are Cyber crimes?
Cybercrime
Activity in which computers or networks are a tool, a target, or aplace of criminal activity. These categories are not exclusive.
Examples
Against People
Cyber Stalking and Harrassment(Child) PornographyPhishing, Identity Theft, Nigerian 419
Against Property
CrackingVirus and SpamSoftware/Entertainment PiracyTrade secrets, espionage
Cyber Terrorism!
Hactivism! (in some countries!)Information WarfareG. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
-
The Good The Bad The Ugly?
Security Concerns
Match the following!Problems Attackers
Highly contagious viruses Unintended blundersDefacing web pages Disgruntled employees or customers
Credit card number theft Organized crimeOn-line scams Foreign espionage agents
Intellectual property theft Hackers driven by technical challengeWiping out data Petty criminalsDenial of service Organized terror groups
Spam E-mails Information warfareReading private files ...
Surveillance ...
Crackers vs. Hackers
Note how much resources available to attackers.
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Internet Attacks Timeline
From training material at http://www.cert-in.org.in/
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Internet Attack Trends
From training material at http://www.cert-in.org.in/
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Indian IT Act 2000
Basic Legal Framework
Electronic documents, signatures as evidence
Cyber Crimes & Punishments
Secn 43: Damage to Computers/NetworkSecn 65: Tampering source codeSecn 66: “Hacking” (cracking)Secn 67: Obscenity (bazee.com!)Secn 69: Interception
Several Initiatives (PKI, CERT-IN, Cyber cells, ...)
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
-
The Good The Bad The Ugly?
cert-in.org.in
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
CyberCellMumbai.com
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Cybercrime.gov
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
www.dc3.mil
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
-
The Good The Bad The Ugly?
CrimeResearch.org
Note emphasis on National Security and Economy
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
We’re all International!
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
InterPol
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
onguardonline.gov
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
-
The Good The Bad The Ugly?
Vulnerabilities
Application Security
Buggy codeBuffer Overflows
Host Security
Server side (multi-user/application)Client side (virus)
Transmission Security
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Denial of Service
Small shop-owner versus Supermarket
What can the attacker do?
What has he gained orcompromised?
What defence mechanisms arepossible?
Screening visitors usingguards (who looksrespectable?)VVIP security, but do youwant to be isolated?
what is the Internet equivalent?
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Security Requirements
Informal statements (formal is much harder)
Confidentiality Protection from disclosure to unauthorized persons
Integrity Assurance that information has not been modifiedunauthorizedly.
Authentication Assurance of identity of originator of information.
Non-Repudiation Originator cannot deny sending the message.
Availability Not able to use system or communicate when desired.
Anonymity/Pseudonomity For applications like voting, instructorevaluation.
Traffic Analysis Should not even know who is communicating withwhom. Why?
Emerging Applications Online Voting, Auctions (more later)
And all this with postcards (IP datagrams)!G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Exchanging Secrets
Goal
A and B to agree on a secret number. But, C can listen to all theirconversation.
Solution?
A tells B: I’ll send you 3 numbers. Let’s use their LCM as the key.
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
-
The Good The Bad The Ugly?
Mutual Authentication
Goal
A and B to verify that both know the same secret number. Nothird party (intruder or umpire!)
Solution?
A tells B: I’ll tell you first 2 digits, you tell me the last two...
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Cryptography and Data Security
sine qua non [without this nothing :-]
Historically who used first? (L & M)
Code Language in joint families!
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Symmetric/Private-Key Algorithms
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Asymmetric/Public-Key Algorithms
Keys are duals (lock with one, unlock with other)
Cannot infer one from other easily
How to encrypt? How to sign?
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
-
The Good The Bad The Ugly?
One way Functions
Mathematical Equivalents
Factoring large numbers (product of 2 large primes)
Discrete Logarithms
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Security Mechanisms
System Security: “Nothing bad happens to my computersand equipment”virus, trojan-horse, logic/time-bombs, ...
Network Security:Authentication Mechanisms “you are who you say you are”Access Control Firewalls, Proxies “who can do what”
Data Security: “for your eyes only”Encryption, Digests, Signatures, ...
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Network Security Mechanism Layers
Cryptograhphic Protocols underly all security mechanisms. RealChallenge to design good ones for key establishment, mutualauthentication etc.
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Forensics
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
-
The Good The Bad The Ugly?
Forensics
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Forensics
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Forensics
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
Forensics
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
-
The Good The Bad The Ugly?
Forensics
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The Good The Bad The Ugly?
References
Books
TCP/IP Illustrated by Richard Stevens, Vols 1-3,Addison-Wesley.Applied Cryptography - Protocols, Algorithms, and SourceCode in C by Bruce Schneier, Jon Wiley & Sons, Inc. 1996Cryptography and Network Security: Principles and Practiceby William Stallings (2nd Edition), Prentice Hall Press; 1998.Practical Unix and Internet Security, Simson Garfinkel andGene Spafford, O’Reilly and Associates, ISBN 1-56592-148-8.
Web sites
www.cerias.purdue.edu (Centre for Education and Research inInformation Assurance and Security)www.sans.org (System Administration, Audit, NetworkSecurity)cve.mitre.org (Common Vulnerabilities and Exposures)csrc.nist.gov (Computer Security Resources Clearinghouse)www.vtcif.telstra.com.au/info/security.html
G. Sivakumar Computer Science and Engineering (IIT Bombay) siva@iitb.ac.in
Cyber Crime and Internet Security
The GoodThe BadThe Ugly?
top related