Cryptography CS 110 Fall 2005. From last class… Instant messanger systems Instant messanger...
-
Upload
julia-paul -
Category
Documents
-
view
215 -
download
0
Transcript of Cryptography CS 110 Fall 2005. From last class… Instant messanger systems Instant messanger...
From last class…From last class…
Instant messanger systemsInstant messanger systems• Unsafe links on AIM profilesUnsafe links on AIM profiles• Requests from “buddies” to open Requests from “buddies” to open
messages containing picturesmessages containing pictures
Security problems of interestSecurity problems of interest
confidentiality - protect info content from confidentiality - protect info content from unwarranted observation unwarranted observation
integrity - protect info accuracy integrity - protect info accuracy availability - ensure information delivery availability - ensure information delivery
authentication - assure identity of user (sender) authentication - assure identity of user (sender) • non-repudiation - protect from deniabilitynon-repudiation - protect from deniability
access control - control access to access control - control access to info/resources info/resources
Policies:
Problems that arise in implementation:
AttacksAttacks
interception - of information-traffic, interception - of information-traffic, breaches confidentialitybreaches confidentiality
interruption - of service, availabilityinterruption - of service, availability modification - of information, i.e. modification - of information, i.e.
loss of integrityloss of integrity fabrication - of information, fabrication - of information,
destroys authenticitydestroys authenticity
Response?Response?
identify key assets identify key assets evaluate threat posed to assets evaluate threat posed to assets implement suitable countermeasures implement suitable countermeasures manage implementation manage implementation cryptographycryptography is a key technology is a key technology
• Note – not a “perimeter defense” Note – not a “perimeter defense” technologytechnology
What’s cryptographyWhat’s cryptography
cryptography is the study of secret cryptography is the study of secret ((cryptocrypto-) writing (--) writing (-graphygraphy) )
concerned with developing algorithms concerned with developing algorithms to: to: • concealconceal the content of a message from all the content of a message from all
except the sender & recipient (secrecy or except the sender & recipient (secrecy or confidentiality) confidentiality)
• verifyverify the correctness of a message or its the correctness of a message or its sender to the recipient (integrity & sender to the recipient (integrity & authentication) authentication)
A few termsA few terms
cryptographycryptography • the art or science of transforming an the art or science of transforming an
intelligible message into one that is intelligible message into one that is unintelligible, and then transforming that unintelligible, and then transforming that message back to original form message back to original form
plaintextplaintext • the original intelligible message the original intelligible message
ciphertextciphertext • the transformed messagethe transformed message
A few termsA few terms
keykey • critical (secret) information used in the critical (secret) information used in the
cipher & known only to the sender & cipher & known only to the sender & receiver receiver
Symmetric – shared Symmetric – shared Asymmetric – public/privateAsymmetric – public/private
TransformationsTransformations
codecode • an algorithm for transforming an intelligible an algorithm for transforming an intelligible
message into an unintelligible message using message into an unintelligible message using a code-booka code-book
encryptionencryption • applying a mathematical function mapping applying a mathematical function mapping
plaintext to ciphertext using the specified plaintext to ciphertext using the specified key:key:
C = EC = EKK(P)(P)
A few termsA few terms
cryptanalysiscryptanalysis (codebreaking) (codebreaking) • the study of methods for transforming an the study of methods for transforming an
unintelligible message back into an unintelligible message back into an intelligible message without knowledge of intelligible message without knowledge of the keythe key
SteganographySteganography
embed message in innocuous settingembed message in innocuous setting
My Special Friend,
Our speaker today in class today is exciting, & I know that the next speaker is even better. I need to report to you that next class is the mid-term exam. Well, there is only one mid-term! YEAH!!! Well that is it for now. ………...
SteganographySteganography
embed message in innocuous settingembed message in innocuous setting
My Special Friend,
Our speaker today in class today is exciting, & I know that the next speaker is even better. I need to report to you that next class is the mid-term exam. Well, there is only one mid-term! YEAH!!! Well that is it for now. ………...
““Staff” cipherStaff” cipher an early Greek transposition cipher:an early Greek transposition cipher:
• cut a narrow strip of paper long enough to cut a narrow strip of paper long enough to write messagewrite message
• wind it around a staff so that adjacent wind it around a staff so that adjacent edges abutedges abut
• write message horizontally down the shaft write message horizontally down the shaft with a character on each wrappingwith a character on each wrapping
• unwindunwind Result: long sequence of seemingly Result: long sequence of seemingly
random lettersrandom letters
The ole alternation trickThe ole alternation trick
write message letters on alternate rows read off cipher by row
Plain = “I CAME I SAW I CONQUERED”
Plain: I A E S W C N U E C M I A I O Q R D Cipher: IAESW CNUE CMIAI OQRD
The ole structured patterns trickThe ole structured patterns trick
write message letters as a matrix read off cipher by some pattern
Plain: I C A M E I S A W I C O N Q U E R D A B Cipher: diagonals, concentric circle, in and out, etc
The ole mirror trickThe ole mirror trick
write the message backwards
Plain: I CAME I SAW I CONQUERED Cipher: DEREU QNOCI WASIE MACI
………and speaking of J. Caesar
Caesar cipher - substitution Caesar cipher - substitution ciphercipher
Julius Caesar invented to transmit military Julius Caesar invented to transmit military information -- 2000 years agoinformation -- 2000 years ago
Map each letter to another -- fixed offset -- Map each letter to another -- fixed offset -- called the translation alphabetcalled the translation alphabet
Alphabets: Plain: A B C D E F G H I J K L M N O P Q R S T UCipher: E F G H I J K L M N O P Q R S T U V W X Y
CipherText: W TI G M E P W T I E O I V G S Q M R K
Caesar cipher - substitution Caesar cipher - substitution ciphercipher
Julius Caesar invented to transmit military Julius Caesar invented to transmit military information -- 2000 years agoinformation -- 2000 years ago
Map each letter to another -- fixed offset -- Map each letter to another -- fixed offset -- called the translation alphabetcalled the translation alphabet
Alphabets: Plain: A B C D E F G H I J K L M N O P Q R S T UCipher: E F G H I J K L M N O P Q R S T U V W X Y
CipherText: W TI G M E P W T I E O I V G S Q M R KP = S P E C I A L S P EA K E R C O M I N G
Cryptanalysis – break Caesar Cryptanalysis – break Caesar ciphercipher
check out brute force cryptanalysis of a Caesar ciphercheck out brute force cryptanalysis of a Caesar cipher
What is the Key?What is the Key? What is the Key size?What is the Key size?
Mono-alphabetic SubstitutionMono-alphabetic Substitution
Use any permutation of the 26 alphabetic charactersUse any permutation of the 26 alphabetic characters• 26! (i.e. 4 x 1026! (i.e. 4 x 102626) possible keys) possible keys• Non-trivial number of optionsNon-trivial number of options• But, regularities of the language give cluesBut, regularities of the language give clues
English, German, Hebrew, Russian – have different characteristics in terms of English, German, Hebrew, Russian – have different characteristics in terms of letter usageletter usage
Language regularitiesLanguage regularities
can base cryptanalysis on frequency of letter occurrencecan base cryptanalysis on frequency of letter occurrence E is most frequent, thenE is most frequent, then T, R, I, N, O, A, S, then …..T, R, I, N, O, A, S, then ….. rarely are J, K, Q X Z usedrarely are J, K, Q X Z used
• E is 25 times more frequent than QE is 25 times more frequent than Q Strategy (for a “long enough” message) is to guess at letter value based on frequency Strategy (for a “long enough” message) is to guess at letter value based on frequency
of appearance in ciphertextof appearance in ciphertext
Language regularities - exampleLanguage regularities - example
Ceasar (Mono alphabetic substitution) Alphabets: Plain: A B C D E F G H I J K L M N O P Q R S T UCipher: E F G H I J K L M N O P Q R S T U V W X Y
CipherText: W TI G M E P W T I E O I V G S Q M R KP = S P E C I A L S P EA K E R C O M I N G
P = S P E C I A L S P EA K E R C O M I N G
Data Encryption Standard (DES)Data Encryption Standard (DES)
Developed by IBM in 1970sDeveloped by IBM in 1970s• Sold to Lloyds of LondonSold to Lloyds of London
US Nat’l Bureau of Standards US Nat’l Bureau of Standards requested a national cipher standardrequested a national cipher standard
National Security Administration National Security Administration (NSA) worked with IBM to refine it(NSA) worked with IBM to refine it
Adopted in 1977 by Nat’l Bureau of Adopted in 1977 by Nat’l Bureau of StandardsStandards
Key PropertyKey Property
AvalancheAvalanche• Small change in plaintext or in key Small change in plaintext or in key
produces significant change in cipertextproduces significant change in cipertext
• Change one bit of plaintext and about Change one bit of plaintext and about half the ciphertext bits will changehalf the ciphertext bits will change
DES StatusDES Status
No weak points have surfacedNo weak points have surfaced DES is widely usedDES is widely used 1994, Nat’l Institute of Standards and 1994, Nat’l Institute of Standards and
Technology reaffirmed its use for Technology reaffirmed its use for federal usefederal use• Recommended for all but “classified”Recommended for all but “classified”
DES key lengthDES key length
Increased computing has made a 56-bit Increased computing has made a 56-bit key susceptible to exhaustive key searchkey susceptible to exhaustive key search• 1997 – a few months were needed by a large 1997 – a few months were needed by a large
network (70,000) of computers to break DES. network (70,000) of computers to break DES. $10,000 prize claimed$10,000 prize claimed
• 1998 – Electronic Frontier Foundation broke 1998 – Electronic Frontier Foundation broke DES in a few daysDES in a few days
• 1999 – A break accomplished in 22 hours1999 – A break accomplished in 22 hours DES with larger keys is still used and it DES with larger keys is still used and it
works wellworks well
Public Key EncryptionPublic Key Encryption
Alice wishes to communicate a secret Alice wishes to communicate a secret message to Bobmessage to Bob
Bob will then replyBob will then reply
Symmetric Key SystemSymmetric Key System
Alice and Bob have common knowledge of Alice and Bob have common knowledge of a single keya single key
Alice puts message in box and locks with a Alice puts message in box and locks with a padlock for which she has a keypadlock for which she has a key
She sends the box to Bob in regular mailShe sends the box to Bob in regular mail Bob has identical copy of Alice’s key and Bob has identical copy of Alice’s key and
uses it to open the boxuses it to open the box He uses same padlock for sending his He uses same padlock for sending his
response back to Aliceresponse back to Alice
Symmetric Key RisksSymmetric Key Risks
How are the keys distributed?How are the keys distributed?• Through mail?Through mail?• Stolen/copied in the mail?Stolen/copied in the mail?
If key is stolen/copied, all If key is stolen/copied, all communications are (unknowingly) communications are (unknowingly) compromisedcompromised• All participants must synchronize and All participants must synchronize and
get a new keyget a new key
Asymmetric Public KeyAsymmetric Public Key
Bob and Alice have separate Bob and Alice have separate padlockspadlocks
Alice asks Bob to send his open Alice asks Bob to send his open padlock to her through regular mailpadlock to her through regular mail
Alice uses Bob’s lock to secure the Alice uses Bob’s lock to secure the box containing her message and she box containing her message and she mails it to Bobmails it to Bob
Upon receiving the box, Bob uses his Upon receiving the box, Bob uses his key to unlock itkey to unlock it
Advantages of Asymmetric Public Advantages of Asymmetric Public KeyKey
No need to send keys to one anotherNo need to send keys to one another Third party cannot copy key while in Third party cannot copy key while in
transittransit One stolen key only compromises One stolen key only compromises
part of the communicationpart of the communication
Public-key EncryptionPublic-key Encryption
It’s annoying for Bob to send his It’s annoying for Bob to send his padlock to Alicepadlock to Alice
Instead, Bob sends instructions for Instead, Bob sends instructions for how Alice can build a padlock that how Alice can build a padlock that will only be open-able by Bobwill only be open-able by Bob• Note these instructions cannot give Note these instructions cannot give
away secret of Bob’s keyaway secret of Bob’s key
Public-key EncryptionPublic-key Encryption
Alice has two keys (strings of letters) Alice has two keys (strings of letters) • Public key that she freely shares with Public key that she freely shares with
the worldthe world• Private key that only she knowsPrivate key that only she knows
Messages encrypted with Alice’s Messages encrypted with Alice’s public key are only decipherable by public key are only decipherable by Alice’s private keyAlice’s private key
Public-key EncryptionPublic-key Encryption
Alice can send message encrypted Alice can send message encrypted using her private keyusing her private key
Bob can decode message using Bob can decode message using Alice’s public keyAlice’s public key
Bob is assured message he reads Bob is assured message he reads was authored by Alicewas authored by Alice
Is Public Key Crypto Secure?Is Public Key Crypto Secure? A 128 bit A 128 bit key key would be a number between 1 and would be a number between 1 and
340,282,366,920,938,000,000,000,000,000,000,000,000340,282,366,920,938,000,000,000,000,000,000,000,000 How many prime numbers are between 1 and this number?How many prime numbers are between 1 and this number?
• approximately n / ln(n) which is about 2^128 / ln( 2^128 ) = approximately n / ln(n) which is about 2^128 / ln( 2^128 ) = 3,835,341,275,459,350,000,000,000,000,000,000,0003,835,341,275,459,350,000,000,000,000,000,000,000
How long would it take to find all of these prime numbers if How long would it take to find all of these prime numbers if you could calculate you could calculate one trillionone trillion of these numbers per second? of these numbers per second?• More than More than 121,617,874,031,562,000 years121,617,874,031,562,000 years (i.e., about 10 million (i.e., about 10 million
times longer than the universe has existed so far.) times longer than the universe has existed so far.) • Reference: Reference: http://www.livinginternet.com/?i/is_crypt_pkc_inv.htmhttp://www.livinginternet.com/?i/is_crypt_pkc_inv.htm
Answer – Yes, but know its limitations (e.g. plaintext attacks, Answer – Yes, but know its limitations (e.g. plaintext attacks, block sizes, etc.)block sizes, etc.)
Weakness of Public-key SystemWeakness of Public-key System
Man-in-the-middle AttackMan-in-the-middle Attack• Communication of Alice’s public key is Communication of Alice’s public key is
intercepted and changed to a new public intercepted and changed to a new public key that matches interceptors private key that matches interceptors private keykey
• Interceptor decodes the message to Interceptor decodes the message to read it and re-encodes it using Alice’s read it and re-encodes it using Alice’s public key before sending on to herpublic key before sending on to her
Trusted key distributionTrusted key distribution
Trusted Key DistributionTrusted Key Distribution
Companies exist to manage key Companies exist to manage key distributiondistribution• Microsoft “offered” to do this with a Microsoft “offered” to do this with a
system called system called PassportPassport
• Business model… Microsoft creates a Business model… Microsoft creates a standard for secure communication and standard for secure communication and sets prices at monopolist levelssets prices at monopolist levels
Trusted Key DistributionTrusted Key Distribution
US GovernmentUS Government
• Do you trust them?Do you trust them?• They are very interested in having the They are very interested in having the
power to control keys so they can listen power to control keys so they can listen to any messageto any message
Trusted Key DistributionTrusted Key Distribution
RSA: Rivest, Shamir, AdelmanRSA: Rivest, Shamir, Adelman VerisignVerisign PGP: Pretty Good PrivacyPGP: Pretty Good Privacy
Breaking RSABreaking RSA RSA inventors offered $100 reward RSA inventors offered $100 reward
for finding a plaintext sentence for finding a plaintext sentence enciphered via RSAenciphered via RSA
public key had 129 decimal digits (public key had 129 decimal digits (~ 428 bits~ 428 bits))
RSA predicted 40 quadrillion years RSA predicted 40 quadrillion years was neededwas needed
1994 -- a group claimed the prize 1994 -- a group claimed the prize after 8 months of work (1600 after 8 months of work (1600 computers used)computers used)
Security and the WebSecurity and the Web
HTTPSHTTPS• Uses port 443 (not 80)Uses port 443 (not 80)• Security protocol is determined by your Security protocol is determined by your
browser and the serverbrowser and the server• Online vendors may establish contract Online vendors may establish contract
with Verisign to handle securitywith Verisign to handle security A form of public-key encryption secures the A form of public-key encryption secures the
transactiontransaction
ReviewReview
Email Spoofing Email Spoofing • falsified senderfalsified sender
Email Phishing Email Phishing • obfuscate HTML to trick you into obfuscate HTML to trick you into
submitting private info through submitting private info through deceptive web pagesdeceptive web pages
ReviewReview
Openness in desktop computersOpenness in desktop computers• You permit lots of programs to You permit lots of programs to
read/write data to your hard drive and read/write data to your hard drive and memorymemory
• Computer “listens” for packets on many Computer “listens” for packets on many portsports of its internet connection of its internet connection
http, itunes, email, IM, homeDir, …http, itunes, email, IM, homeDir, … Programs that monitor the ports for packets Programs that monitor the ports for packets
are supposed to be failsafeare supposed to be failsafe Flaws are discovered and exploitedFlaws are discovered and exploited
November 8, 2005November 8, 2005
Three image-rendering flaws in the Three image-rendering flaws in the Windows OS could put millions of Windows OS could put millions of Internet-connected users at risk of PC Internet-connected users at risk of PC takeover attacks.takeover attacks.
The flaws could be exploited by any The flaws could be exploited by any software that displays images, software that displays images, including … Outlook, Word, and including … Outlook, Word, and Internet Explorer.Internet Explorer.
http://www.eweek.com/article2/0,1895,1883850,00.asp
November 8, 2005November 8, 2005
The bugs are considered particularly The bugs are considered particularly dangerous because users could be at dangerous because users could be at risk merely by browsing to a risk merely by browsing to a malicious rigged site with rigged malicious rigged site with rigged image files, or by displaying images image files, or by displaying images in the preview pane of an e-mail in the preview pane of an e-mail programprogram
November 8, 2005November 8, 2005
Any program that renders WMF or EMF Any program that renders WMF or EMF images on the affected systems images on the affected systems could be vulnerable to this attack. could be vulnerable to this attack. An attacker who successfully exploits An attacker who successfully exploits this vulnerability can take complete this vulnerability can take complete control of an affected systemcontrol of an affected system
November 8, 2005November 8, 2005
The bulletin also addresses two The bulletin also addresses two separate unchecked buffers in the separate unchecked buffers in the way the OS renders WMF and EMF way the OS renders WMF and EMF images.images.
March 29, 2005March 29, 2005
A similar flaw was detectedA similar flaw was detected The hackers corrupted the banner The hackers corrupted the banner
images of an advertising companyimages of an advertising company 100s of sites used those banners100s of sites used those banners Microsoft took 90 days (?) to release Microsoft took 90 days (?) to release
a “patch” because of the intricate a “patch” because of the intricate nature of Windows and the extensive nature of Windows and the extensive testing requiredtesting required
Today’s NewsToday’s News
Detect severity of earth quake in first Detect severity of earth quake in first 1.5 seconds1.5 seconds
Send immediate warning to San Send immediate warning to San FranciscoFrancisco
Automatically stop trains and shut Automatically stop trains and shut down critical systems to protect down critical systems to protect themthem
Would you trust it?Would you trust it?
CookiesCookies
Cookies are somewhat controversialCookies are somewhat controversial• Websites can used them for legitimate Websites can used them for legitimate
reasonsreasons• They can be used for the wrong reasonsThey can be used for the wrong reasons• In any case, they are a In any case, they are a fact of lifefact of life of web of web
browsingbrowsing Cookies allow a web-server to:Cookies allow a web-server to:
• Track your visits to the siteTrack your visits to the site• Learn and remember info about youLearn and remember info about you• Store info on your computerStore info on your computer
http://vreport.capaho.com/demo.html
What Is a Cookie?What Is a Cookie? A small piece of information stored by A small piece of information stored by
your web-browser on your PC when your web-browser on your PC when you visit a siteyou visit a site
What’s stored:What’s stored:• A URL related to the site you visitedA URL related to the site you visited• A name/value pair (the information A name/value pair (the information
content)content)• (Optional) An expiration date(Optional) An expiration date
Why is it a “cookie”? Why is it a “cookie”? • An old CS term for a chunk of data used An old CS term for a chunk of data used
obscurelyobscurely
Reminder: Web Browser Reminder: Web Browser and Server Interactionand Server Interaction
User types URL or clicks linkUser types URL or clicks link Browser sends a Browser sends a get-pageget-page request for request for
that URL to web-serverthat URL to web-server Web-server finds HTML file (and Web-server finds HTML file (and
related files)related files) Web-server sends these back to Web-server sends these back to
browserbrowser Browser processes HTML and displays Browser processes HTML and displays
pagepage
Cookies: Web-servers Store Cookies: Web-servers Store Some Info on your PCSome Info on your PC
When sending back a page, When sending back a page, server alsoserver also sendssends a cookiea cookie
Your browser stores it on your PCYour browser stores it on your PC Later, you visit the same siteLater, you visit the same site
• You request a page there You request a page there andand your browser has your browser has earlier stored a cookie matching that URLearlier stored a cookie matching that URL
• Browser sends URL Browser sends URL andand cookie cookie to web-server to web-server• Web-server processes cookieWeb-server processes cookie
May return updated cookies with pageMay return updated cookies with page
Normally browsing the Normally browsing the web is "stateless"web is "stateless"
““Stateless” means “no memory”Stateless” means “no memory”• Request a page from a server; it sends itRequest a page from a server; it sends it• Later request a 2nd page; the server sends itLater request a 2nd page; the server sends it• The webserver doesn't remember anything The webserver doesn't remember anything
connecting these two requestsconnecting these two requests But, cookies preserve “state.” Server can But, cookies preserve “state.” Server can
connect an early visit with a later visit.connect an early visit with a later visit.• How? Cookie stored a numeric ID number for How? Cookie stored a numeric ID number for
youyou FYI, a server FYI, a server doesdoes “log” requests “log” requests
• what page, what IP address, when, browserwhat page, what IP address, when, browser• But this can’t identify you uniquelyBut this can’t identify you uniquely
Cookies Can Be BeneficialCookies Can Be Beneficial Shopping CartsShopping Carts
• Server creates a cart, stored on the serverServer creates a cart, stored on the server• You visit other pages, but a cookie lets the You visit other pages, but a cookie lets the
server know you’re the person who created server know you’re the person who created that cartthat cart
Other personalizationOther personalization• ““Welcome back, Jane Doe!”Welcome back, Jane Doe!”• ““Items you viewed recently are…”Items you viewed recently are…”
Recognizing legitimate users for a siteRecognizing legitimate users for a site• Register and log-in, but then a cookie means Register and log-in, but then a cookie means
you don’t have to log-in every timeyou don’t have to log-in every time
The Darker Side of CookiesThe Darker Side of Cookies
We assume anonymity on the web, We assume anonymity on the web, right?right?
Do you want someone knowing what Do you want someone knowing what pages you’ve visited?pages you’ve visited?• Cookies allow a website to track what you Cookies allow a website to track what you
visited on that sitevisited on that site• Are they keeping this private? Selling it?Are they keeping this private? Selling it?
Do you even know they’re tracking your Do you even know they’re tracking your visits?visits?
• What are your rights here?What are your rights here?
The Darker Side of Cookies (2)The Darker Side of Cookies (2)
Personalized ads (e.g. the company Personalized ads (e.g. the company DoubleClick)DoubleClick)• Advertising image on a page is really on Advertising image on a page is really on
another serveranother server• You click on the image on the ad-serverYou click on the image on the ad-server• It builds up a profile about you over timeIt builds up a profile about you over time• Deliver ads you want to seeDeliver ads you want to see
When used for authorization, are they When used for authorization, are they secure?secure?
You Have ControlYou Have Control
You can configure your browser to You can configure your browser to handle cookies as you wanthandle cookies as you want
Cookies: Should You Worry?Cookies: Should You Worry? Hard to say…Hard to say…
• Some are quite useful. They allow e-Some are quite useful. They allow e-commerce!commerce!
• Some are sneakySome are sneaky Some anti-spyware tools remove Some anti-spyware tools remove
undesirable cookies (some remove undesirable cookies (some remove harmless ones)harmless ones)
Where We Are in the LectureWhere We Are in the Lecture
Email issuesEmail issues• attachments and email-spoofingattachments and email-spoofing• phishingphishing
CookiesCookies Web-bugsWeb-bugs Viruses in emailViruses in email Spyware (including browser hijacks)Spyware (including browser hijacks)
What’s a Web Bug?What’s a Web Bug? We know visiting a URL “announces” your We know visiting a URL “announces” your
presencepresence If the web page you visit has images, If the web page you visit has images,
those images can be references to other those images can be references to other web pages:web pages:
Consider foobar.html at Consider foobar.html at www.foo.comwww.foo.com• foobar.html includesfoobar.html includes• <img src=“http://www.virginia.edu/rotunda.gif><img src=“http://www.virginia.edu/rotunda.gif>
What’s a web bugWhat’s a web bug
Something that makes your machine Something that makes your machine execute a execute a get-pageget-page request for a site request for a site you don’t expectyou don’t expect• The server there logs delivery of that The server there logs delivery of that
imageimage May be invisible (hard to see a 1x1 May be invisible (hard to see a 1x1
pixel … VIEW SOURCE)pixel … VIEW SOURCE) Sometimes known as a "clear GIFs", Sometimes known as a "clear GIFs",
"1-by-1 GIFs" or "invisible GIFs“"1-by-1 GIFs" or "invisible GIFs“
http://www.eff.org/Privacy/Marketing/web_bug.htmlhttp://www.eff.org/Privacy/Marketing/web_bug.html
Examples (in HTML)Examples (in HTML)
<img <img src="http://ad.doubleclick.net/ad/pixel.qusrc="http://ad.doubleclick.net/ad/pixel.quicken/NEW" width=1 height=1 icken/NEW" width=1 height=1 border=0>border=0>
<img width='1' height='1' <img width='1' height='1' src="http://www.m0.net/m/logopen02.assrc="http://www.m0.net/m/logopen02.aspp? ? vid=3&catid=370153037&email=SMITHSvid=3&catid=370153037&email=SMITHS%40tiac.net%40tiac.net" alt=" "> " alt=" ">
What Info Can Be Gathered?What Info Can Be Gathered?
Again, the server where the bug lives will Again, the server where the bug lives will log:log:• The IP address of your computer The IP address of your computer • The URL of the page that the Web Bug is located The URL of the page that the Web Bug is located
onon• The URL of the Web Bug imageThe URL of the Web Bug image• The time the Web Bug was viewedThe time the Web Bug was viewed• The type of browser that fetched the Web Bug The type of browser that fetched the Web Bug
imageimage Also possible: Info from any cookie that's Also possible: Info from any cookie that's
on your machineon your machine
Web Bugs on a Web PageWeb Bugs on a Web Page
Using personal info in a cookie, ad Using personal info in a cookie, ad companies can track what pages you companies can track what pages you view over timeview over time• Stores this info in a databaseStores this info in a database• Later used to target specific banners ads Later used to target specific banners ads
for youfor you
How many people view a websiteHow many people view a website
Web Bugs Used in an EmailWeb Bugs Used in an Email
Tells if and when a message was readTells if and when a message was read Links email address with the IP address of Links email address with the IP address of
machine you read mail onmachine you read mail on Within an organization, can tell how often Within an organization, can tell how often
a message is forwarded and reada message is forwarded and read In spam:In spam:
• How many users have seen the spam messageHow many users have seen the spam message• Allows spammers to detect valid email Allows spammers to detect valid email
addressesaddresses
Web Bugs: Legal, Ethical?Web Bugs: Legal, Ethical?
Controversial! Attempt to monitor Controversial! Attempt to monitor you without your knowledgeyou without your knowledge
Legal? Not clearly illegalLegal? Not clearly illegal They They areare used on the websites of used on the websites of
legitimate companieslegitimate companies Privacy policies for websites Privacy policies for websites
generally don't mention thesegenerally don't mention these
Web Bugs: What can you do?Web Bugs: What can you do?
You can't easily identify web bugsYou can't easily identify web bugs New email clients (e.g. Mozilla New email clients (e.g. Mozilla
Thunderbird) do not display images in Thunderbird) do not display images in email that are links to files on external email that are links to files on external sites (see next slide)sites (see next slide)• (Images embedded as part of email message (Images embedded as part of email message
are OK)are OK)• You can click "Show Images" buttonYou can click "Show Images" button• Also nice not to see some images in spamAlso nice not to see some images in spam
Helps to disable and delete cookiesHelps to disable and delete cookies
AnonymityAnonymity
Are you really anonymous surfing the Are you really anonymous surfing the web?web?• Someone (corporations and whoever buys their Someone (corporations and whoever buys their
data) is collecting info on your browsingdata) is collecting info on your browsing Do we want:Do we want:
• Tools to “protect” us from this?Tools to “protect” us from this?• Laws against it?Laws against it?• Laws that disclose it’s being done and how the Laws that disclose it’s being done and how the
info is used?info is used?• Users to be aware it’s going on? (Yes!)Users to be aware it’s going on? (Yes!)
Where We Are in the LectureWhere We Are in the Lecture
Email issuesEmail issues• attachments and email-spoofingattachments and email-spoofing• phishingphishing
CookiesCookies Web-bugsWeb-bugs Viruses in emailViruses in email Spyware (including browser hijacks)Spyware (including browser hijacks)
Anatomy of a virusAnatomy of a virus
How you can be infectedHow you can be infected• By just reading email when…By just reading email when…
you do not keep your software updated!you do not keep your software updated!
Links in E-mailLinks in E-mail
The “data format” of Web pages is HTMLThe “data format” of Web pages is HTML• Controls the formatting of a Web pageControls the formatting of a Web page• Also supports hyperlinks to other pagesAlso supports hyperlinks to other pages• It’s nice when e-mail has this format, right?It’s nice when e-mail has this format, right?
A danger:A danger:• Some links can cause a program to run.Some links can cause a program to run.• Some download files that run on your system.Some download files that run on your system.
An attacker can disguise a link so it looks An attacker can disguise a link so it looks harmless (but…)harmless (but…)
Virus through a Link in an Virus through a Link in an EmailEmail
Link Link seemsseems to be to CS dept. (www.cs.virginia.edu) to be to CS dept. (www.cs.virginia.edu) That’s the That’s the texttext of the link of the link
• It links to someplace elseIt links to someplace else• An attachment that is disguised so it doesn’t appearAn attachment that is disguised so it doesn’t appear• The small box is the only clueThe small box is the only clue
How Can This Virus Get How Can This Virus Get Triggered?Triggered?
Click the link, and it tries to display the Click the link, and it tries to display the hidden attachmenthidden attachment• Only in someOnly in some email clients, i.e. older email clients, i.e. older
versions of Outlookversions of Outlook• Note: This vulnerability has been known!Note: This vulnerability has been known!
Patches available through Windows Update!Patches available through Windows Update! Click and… Congratulations!Click and… Congratulations!
• You’re now infected with a version of the You’re now infected with a version of the Netsky virus!Netsky virus!
What’s Netsky Do?What’s Netsky Do? A mass-mailing worm A mass-mailing worm
• Harvests email addresses from files on your PCHarvests email addresses from files on your PC• Comes with its own mail-server componentComes with its own mail-server component• Now a server on your machine that uses the SMTP Now a server on your machine that uses the SMTP
protocol to send copies of the virus directly to protocol to send copies of the virus directly to others!others!
You’re infected You’re infected andand contagious contagious• You’ll be very popular with your friends and other You’ll be very popular with your friends and other
email contacts!email contacts!• But they should have been running antivirus But they should have been running antivirus
software, and should have kept their systems software, and should have kept their systems updated.updated.
• (Like you should have been.)(Like you should have been.)
LessonsLessons
Use Windows Update to keep your system Use Windows Update to keep your system updatedupdated• AKA keep it “patched”AKA keep it “patched”
You might consider using software that is You might consider using software that is not the major target of virus writersnot the major target of virus writers• Other operating systems (Mac OS, Linux)Other operating systems (Mac OS, Linux)• Other email clients, other browsersOther email clients, other browsers
And And definitelydefinitely install and run anti-virus install and run anti-virus software (next slide)software (next slide)
SolutionsSolutions Antivirus SoftwareAntivirus Software
• Can scan your system: find and remove Can scan your system: find and remove problemsproblems
• Usually only viruses. Sometimes spyware too.Usually only viruses. Sometimes spyware too.• Also, most have Also, most have real-timereal-time protection protection
Checks e-mail as your read it, as you send itChecks e-mail as your read it, as you send it Checks files as you download themChecks files as you download them
• Note: Free for UVa users (see later slide)Note: Free for UVa users (see later slide) Important: run “update” on these to get Important: run “update” on these to get
updated virus definitionsupdated virus definitions
Where We Are in the LectureWhere We Are in the Lecture
Email issuesEmail issues• attachments and email-spoofingattachments and email-spoofing• phishingphishing
CookiesCookies Web-bugsWeb-bugs Viruses in emailViruses in email Spyware (including Spyware (including
browser hijacks)browser hijacks)
Browser HijackBrowser Hijack
An extremely nasty adwareAn extremely nasty adware Resets homepage to a particular siteResets homepage to a particular site
• Ads, porn – something you don’t wantAds, porn – something you don’t want• Any change you make doesn’t affect itAny change you make doesn’t affect it
Software running on your machineSoftware running on your machine• Does the usual adware/spyware stuffDoes the usual adware/spyware stuff• Also changes your browser settingsAlso changes your browser settings• Runs when system starts – changes the Runs when system starts – changes the
settings backsettings back
Spyware is a Common Spyware is a Common Problem!Problem!
Recall earlier study of users:Recall earlier study of users:
80% had spyware on their PCs80% had spyware on their PCs
(What about you?)(What about you?)
SolutionsSolutions Anti-spyware softwareAnti-spyware software
• Scans your system, removes problemsScans your system, removes problems• Some have real-time protection, most don’t.Some have real-time protection, most don’t.
Important (again): run “update” on these Important (again): run “update” on these to get most recent spyware definitionsto get most recent spyware definitions
Another option: Security Suites ($60-$70)Another option: Security Suites ($60-$70)• Include antivirus, maybe anti-spyware softwareInclude antivirus, maybe anti-spyware software• Also includes a firewallAlso includes a firewall• May include spam filtering, parental controlMay include spam filtering, parental control
Getting Software at UVaGetting Software at UVa
ITC Downloads: ITC Downloads: http://www.itc.virginia.eduhttp://www.itc.virginia.edu• Norton AntivirusNorton Antivirus• SpySweeper (up to 3 machines)SpySweeper (up to 3 machines)• Free for UVa users!Free for UVa users!
This is a This is a wonderfulwonderful deal for students and deal for students and staff.staff.
Don’t be foolish! Please go install these! Don’t be foolish! Please go install these! • And keep things updated. Practice good habits.And keep things updated. Practice good habits.
Anti-Virus SW For Your Anti-Virus SW For Your Non-UVa FriendsNon-UVa Friends
Free anti-virus software through websitesFree anti-virus software through websites• http://http://housecall.trendmicro.comhousecall.trendmicro.com//• http://http://www.pandasoftware.com/activescanwww.pandasoftware.com/activescan//• These two reviewed recommended by reliable These two reviewed recommended by reliable
magazinesmagazines These run their program on your PC from These run their program on your PC from
their websitetheir website• Scans your system and identifies problemScans your system and identifies problem
Does not include real-time protectionDoes not include real-time protection
Anti-Spyware SW For Your Anti-Spyware SW For Your Non-UVa FriendsNon-UVa Friends
Good Good freefree utilities to find and remove utilities to find and remove spywarespyware• Lavasoft Adware: Lavasoft Adware: http://http://www.lavasoftusa.comwww.lavasoftusa.com//• Spybot Search & Destroy:Spybot Search & Destroy:
http://http://www.spybot.infowww.spybot.info Download, install, and run periodicallyDownload, install, and run periodically Updates:Updates:
• Must get updates of definitions for Antivirus Must get updates of definitions for Antivirus and spyware removal toolsand spyware removal tools
• Often free: use update facility in the toolOften free: use update facility in the tool
Everything That Looks Like Spyware Everything That Looks Like Spyware Removal Is Removal Is NotNot Spyware Removal Spyware Removal
•Email arrives with animated GIF file.
• Click on OK – you’re really clicking on the web-link associated with that image. Uh oh.
Final WordsFinal Words Cookies and web bugs raise privacy Cookies and web bugs raise privacy
issuesissues Malware: it’s a nasty world out there!Malware: it’s a nasty world out there!
Protect yourself with:Protect yourself with:• UnderstandingUnderstanding• Tools (anti-virus SW, anti-spyware SW)Tools (anti-virus SW, anti-spyware SW)
Practice good habits:Practice good habits:• Be suspicious and cautiousBe suspicious and cautious• Install, run, and update toolsInstall, run, and update tools• Keep your operating system updatedKeep your operating system updated