02-Threats and attacks on security_print.pdf
-
Upload
moh-haidir-khoirul-zain -
Category
Documents
-
view
215 -
download
0
Transcript of 02-Threats and attacks on security_print.pdf
-
8/9/2019 02-Threats and attacks on security_print.pdf
1/41
1
Threats & Attacks
on security
CS405-Computer Security
By:
Dilum Bandara
Dept. of Computer Science & EngineeringUniversity of Moratuwa
© Dilum Bandara - CSE 2
Outline
p Attacks
p Vulnerabilities
p Threats
n Interception
n Interruption
n Modification
n Fabrication
p Controls
© Dilum Bandara - CSE 3
Attacks
p When testing a system for functionalityn Identify how the system can malfunction
n Improve the design to withstand problems
p When analysing a system for security
n Identify ways in which system’s security canmalfunction
n Enforce necessary controls
© Dilum Bandara - CSE 4
Terminology
pVulnerabilities
n Is a weakness in the security system
pThreats
n Is set of circumstances that has thepotential to cause loss or harm
© Dilum Bandara - CSE 5
Water
Vulnerability
© Dilum Bandara - CSE 6
Terminology
p Attacksn A human or another system can exploit
vulnerabilities to initiates an attack
p Control
n Is an action, device, procedure or techniquethat removes or reduces the vulnerabilities
n Example: the finger of the man can control awater leak
-
8/9/2019 02-Threats and attacks on security_print.pdf
2/42
© Dilum Bandara - CSE 7
A threat is blocked by controlof a vulnerability
© Dilum Bandara - CSE 8
Security Threats
Info.
Source
Info.
Desti.
Data
Normal flow
© Dilum Bandara - CSE 9
Security Threats cont…
p Interception
p
Interruption
S D
²
S D
²
© Dilum Bandara - CSE 10
Security Threats cont…
p Modification
p Fabrication
S D
S D
A
A
© Dilum Bandara - CSE 11
Interception
pAn unauthorized part gain an accessto asset
pThis is an attack on
nConfidentiality
pReally hard to detect a silentinterceptor
© Dilum Bandara - CSE 12
Interception cont…
p Approachesn Eavesdropping
n Link monitoring
n Packet capturing
n System compromisation
p Can’t be avoidedn In wireless communication, broadcast,
multicast
n Sore-and-forward approach in protocols
-
8/9/2019 02-Threats and attacks on security_print.pdf
3/43
© Dilum Bandara - CSE 13
Interruption
p
An asset of a system is destroyed,unavailable or unusable
pThis is an attack on
n Availability
pEasily detected by a single party orboth parties
© Dilum Bandara - CSE 14
Interruption cont…
p
ApproachesnDestruction of hardware
n Physical damages to communicationlinks
n Introduction of noise
nRemoval of routing
n Erase of a program or a file
nDoS attacks
© Dilum Bandara - CSE 15
Modification
p Unauthorized parties gain access as wellas tamper with asset
pThis is an attack on
n Integrity
p Can be detected if proper measure aretaken in advance
p Can be detected by both partiesn Digital signature
n Checking ones own work
© Dilum Bandara - CSE 16
Modification cont…
pApproaches
nChanging a record in a database
n System compromisation
nMaking use of delays in communication
n
Modify hardware
© Dilum Bandara - CSE 17
Fabrication
p An unauthorized party inserts counterfeit(fake) object into the system
p Pretends it was send by an authorizedparty
pThis is an attack on
n Authenticity
p Also related to the non-repudiation
© Dilum Bandara - CSE 18
Fabrication cont…
pApproaches
n Adding a new record to a database
n Insertion of new network packet
pMake use of IP spoofing
n Spurious e-mails or web sites
pE-mail from [email protected]
pSimilar domain names www.yaho.com
-
8/9/2019 02-Threats and attacks on security_print.pdf
4/44
© Dilum Bandara - CSE 19
Attacks - Passive attacks
p Goal is to obtain information
p Two types of attacks1. Traffic analysis
p Detects the source & destination
p Frequency of transmission & length ofmessages
2. Release of message contentp To gain personal advantages
p Blackmailing parties involved incommunication
© Dilum Bandara - CSE 20
Passive attacks cont…
p Harder to detect
p Prevention is the better than detection
Passive threats
Interception
Traffic analysisRelease of message
content
© Dilum Bandara - CSE 21
Attacks - Active attacks
p Interruption, modification & fabrication
p Four categories:
1. Masquerading1. Pretends to be some one else
2. Replay
1. Retransmission of passive captured data3. Modification
4. DoS
© Dilum Bandara - CSE 22
Active attacks cont…
p Easily detectable
p Harder to prevent
p Can recover from destruction
Active threats
Modification FabricationInterruption