1587: COMMUNICATION SYSTEMS 1 Introduction to Security
description
Transcript of 1587: COMMUNICATION SYSTEMS 1 Introduction to Security
1587: COMMUNICATION SYSTEMS 1Introduction to Security
Dr. George Loukas
University of Greenwich, 2014-2015
Sep-3
9Jan
-40
May-40Se
p-40Jan
-41
May-41Se
p-41Jan
-42
May-42Se
p-42Jan
-43
May-43Se
p-43Jan
-44
May-44Se
p-44Jan
-45
May-45
0100000200000300000400000500000600000700000800000
Shipping lost to u-boats (in tons)
Sep-3
9Jan
-40
May-40Se
p-40Jan
-41
May-41Se
p-41Jan
-42
May-42Se
p-42Jan
-43
May-43Se
p-43Jan
-44
May-44Se
p-44Jan
-45
May-45
0100000200000300000400000500000600000700000800000
Shipping lost to u-boats (in tons)
NCZW VUSX PNYM INHZ XMQX SFWX WLKJ AHSH NMCO CCAK UQPM KCSM HKSE INJU SBLK IOSX CKUB HMLL XCSJ USRR DVKO HULX WCCB GVLI YXEO AHXR HKKF VDRE WEZL XOBA FGYU JQUK GRTV UKAM EURB VEKS UHHV OYHA BCJW MAKL FKLM YFVN RIZR VVRT KOFD ANJM OLBG FFLE OPRG TFLV RHOW OPBE KVWM UQFM PWPA RMFH AGKX IIBG
FORCED TO SUBMERGE DURING ATTACK, DEPTH CHARGES.LAST ENEMY LOCATION 08:30, NAVAL GRID AJ 9863, 220 DEGREES, 8 NAUTICAL MILESI AM FOLLOWING THE ENEMYBAROMETER 1014 MILLIBAR TENDENCY FALLING, NORTH NORTH EAST 4, VISIBILITY 10.
AHXR VUSX PNYM INHZ XMQX SFBX BLKJ AHSH NMCO CCAK UQPM KCSM HKSE INJU SBLK IOSX CKUB HMLL XCSJ USRR DVKO HULX TCCB GVLI YXEO BCZA HKKF VDRE CEZL XOBA FGYU JQUK GRTV UKAM EURB VEKS UHHV OYHA BCJU MAKL FKLM YFVN RIZR VVRT KOFD ANJM OLBG FFLE OPRG TFLV RHOM OPBE KVJM UQFM PLPA RMFH AGKX IIBG ABLT STIE ANFQ LOTZ LPTR OURE JVMR SDAL PITC ZSET LGSO HPIY QTLF HCOT PATG HUVX LOUS MEAP DLEF NSQZ MYTR OIFD HGYC SPGO ZEOP GJSL BNDM TYLA FSLV ZBJA
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
Sep-3
9Jan
-40
May-40Se
p-40Jan
-41
May-41Se
p-41Jan
-42
May-42Se
p-42Jan
-43
May-43Se
p-43Jan
-44
May-44Se
p-44Jan
-45
May-45
0100000200000300000400000500000600000700000800000
Shipping lost to u-boats (in tons)
500 BCSkytale 9th century
Al-Kindi1918
(enigma machine)
1976(Public-Key
cryptography)
CRYPTOGRAPHY
Cryptography
Single-key cryptographyAlso known as symmetric cryptography.
A binary message is encrypted and decrypted using the same secret key.The simplest type of binary encryption/decryption is to XOR each bit of the message with the secret key.
XOR =XOR =XOR =
logicalXOR
Message 1010100101010011010110 Key 0110011001010100110001
Encrypted message 1100111100000111100111
XOR
Cryptographic exerciseXOR =XOR =XOR =
logicalXOR
The hacker is looking for the solutions to the mock test. She knows the approximate format of the URL because that’s what George uses most of the time: http://staffweb.cms.gre.ac.uk/~lg47/lectures/COMP1587/COMP1587-MockTest2014-XXXX.docx She found the XXXX part but encrypted: 00010000 00010100 00011011 00010010 The encryption function is XOR. What is the XXXX part if the key is 01110101?
01101110 0110011101110101 01110101 01110101 01110101XOR00010000 00010100 00011011 00010010
01100101
e01100001
a s ya = 01100001 f = 01100110 k = 01101011 p = 01110000 u = 01110101 z = 01111010b = 01100010 g = 01100111 l = 01101100 q = 01110001 v = 01110110
ASCII TABLE OF CHARACTERS
c = 01100011 h = 01101000 m = 01101101
r = 01110010 w = 01110111
d = 01100100 i = 01101001 n = 01101110 s = 01110011 x = 01111000e = 01100101 j = 01101010 o = 01101111 t = 01110100 y = 01111001
Confidentiality
CONFIDENTIALITY
IntegrityJan. 2010: Spanish PM’s website defaced
June 2010: Stuxnet
CONFIDENTIALITY INTEGRITY
A computer program that altered the motor speeds of an Iranian nuclear facility’s centrifuges.
A common method is to use Cross-site Scripting (XSS)
<script>document.body.background="http://your_image.jpg";</script>
Availability2004: US businessman hires hackers to launch Denial of Service attacks against competitors. $2 million in losses.
2002: UK teenager disables Port of Houston web systems accidentally, while trying to take cyber-revenge over a girl.
2000: Canadian teenager knocks offline Amazon, yahoo, CNN, eBay ….
2008: Georgia accuses Russia of coordinated availability attacks, coinciding with military operations in South Ossetia.
2007: Estonian parliament, newspapers and banks are knocked offline by Russian hacktivists over a political issue
CONFIDENTIALITY INTEGRITY AVAILABILITY
Lately: The group Anonymous have been launching availability attacks for political purposes
A Denial of Service attack (DoS) is any intended attempt to prevent legitimate users from reaching a specific network resource.G. Loukas and G. Oke. Protection Against Denial of Service Attacks: A Survey. Comp. Journal, 53(7): 1020-1037, 2010
Example DoS: Reflector attack• Send packets to
several computers pretending to be the target
• When they reply, they all send ACK packets to the target
G. Loukas and G. Oke. Protection Against Denial of Service Attacks: A Survey. Comp. Journal, 53(7): 1020-1037, 2010
A Denial of Service attack (DoS) is any intended attempt to prevent legitimate users from reaching a specific network resource.
CONFIDENTIALITY INTEGRITY AVAILABILITY
Availability Attack Countermeasures
CONFIDENTIALITY INTEGRITY AVAILABILITY
• Replace network components with greater capacity ones
• Redundancy and diversity (more servers, links, nodes etc.)
• Detect attack traffic and filter it out
• Honeypots (to redirect attack to fake targets)
Common countermeasures
CONFIDENTIALITY INTEGRITY
Detect unauthorised access
Detect and remove malicious software
Block/filter connections to critical systems
Protect real users by attracting attacks to fake users
Set strict rules for users to reduce security breaches
Cyber-physical attacks
Underlying causes of security failures Monopolies present juicy targets. A single vulnerability affects
millions of people
Deficit of computer security experts in the market
Strong at Windows, Linux and network technologiesAbility to think adversariallyAbility to adapt/learn constantlyWriting well-structured and clear reportsWorking in teams
Job adverts
online today
____________
Malware analysisJoanna Rutkowska, Invisible Things Lab
White hat hacker, Google“Security Princess” Parisa Tabriz
Director of Technology StrategyJames Lyne, Sophos