Computer security Hackers and Viruses Sruthi Samudrala Tejaswi Mamillapalli
Computer security Hackers and Viruses Sruthi Samudrala Tejaswi Mamillapalli.
Dec 16, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Computer security Hackers and Viruses
Sruthi Samudrala
Tejaswi Mamillapalli
Computer Security:OUTLINE:
IntroductionGoals of computer securityCryptography• Overview• Types of cryptography• Diffie-Hellman Algorithm
Definition
Computer security is the protection of computers and data that computer hold.This can be anything from placing passwords on computers to setting up firewalls
Goals of computer security:
Three important aspects of any computer – related system:
1. Confidentiality
2. Integrity
3. Autentication
Confidentiality -- Ensuring that information is not accessed by unauthorized persons
Integrity -- Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users
Authentication -- Ensuring that users are the persons they claim to be
How can we achieve security?• cryptography• Secure networks• Antivirus software• Firewalls
Cryptography:
Derived from greek word kryptos meaning hidden
Defined as the process of writing or reading secret messages or codes
Includes techniques such as microdots, merging words with images and other ways to hide information
Cont…
• Now a days cryptography is most often associated with scrambling Plaintext ( ordinary text ) into Ciphertext(encrypted text) a process called encryption,then back again known as decryption.
Bob , Alice want to communicate “securely” Trudy(intruder) may intercept,delete,add messages.
In language of cryptography
Types of cryptography
Symmetric-key cryptography:Symmetric key encryption is a
cryptography technique that uses a shared secret key to encrypt and decrypt data
It is also referred to as conventional encryption or single key encryption.
It was the only encryption in use prior to the development of public key encryption in 1976
Cont…
Problems with symmetric key encryption1. Too many keys• If there are n people communicating with each other, we would
need to distribute n(n−1) symmetric keys between them .This creates a problem with managing and ensuring the
security of all this keys.
2. Origin and authenticity of message cannot be guaranted• Since sender and receiver use the same key,messages cannot be
verified to have come from a particular user.This may be a problem if there is dispute
Public key cryptography
• Diffie and Hellman at stanford university in 1976 achieved and astounding breakthrough with a method that adressed both problems in symmetric key encryption.
• Each person gets a pair of keys, called the public key and the private key.
• Each person's public key is published while the private key is kept secret. Messages are encrypted using the intended recipient's public key and can only be decrypted using his private key.
Public key encryption.
Transaction between Alice and BobSecrecy:
• let KUa,KRa (KUb,KRb) be Alice’s(Bob’s) public and private keys respectively.
• If Alice has to send Bob an m bit message X = x1x2 . . . xm, then she encrypts it using Bob’s public key to form the ciphertext Y = KUb(X).
Ciphertext = publickey of Bob(message)
• When Bob receives the cipher- text, he decrypts it using his private key, i.e., X = KRb(Y ) = KRb(KUb(X)) = X.
Secrecy.
Autentication
• Suppose Alice wants to sign a message X to be sent to Bob she encrypts it using her private key, i.e., Y = KRa(X).
• When Bob gets this message from Alice, he can ensure that it came from her by decrypting it using Alice’s public key (to which he has access) to recover the plaintext X , i.e. X = K Ua (Y ).
• since Alice alone has access to her private key, she alone could have sent the message.
Autentication.
Secrecy and Authentication
• If one needs confidentiality as well as authentication, then Alice first signs the plaintext X using her private key to obtain X′ = KRa(X).
• she then encrypts it using Bob’s public key to obtain the ciphertext Y = Kub(X′) = KUb(KRa(X)) (note the order of the two operations) and sends Y to Bob.
• Bob first decrypts it using his private key to obtain X′, i.e. X′ = KRb(Y ); he then verifies that it was indeed sent by Alice by decrypting it using Alice’s public key to obtain X = KUa(X′) = KUa(KRb(Y )).
Secrecy and Authentication.
Diffie-Helman Algorithm
1. Diffie-helman algorithm a specific method of exchanging cyptographic keys.
2. Diffie-Helman is a way of generating a shared secret between two people in such a way that the secret can't be seen by observing the communication.
You're not sharing information during the key exchange, you're creating a key together.
Idea of the key exchange by using colors
Algorithm
Alice and Bob agree upon and make public two numbers g and p, where p is a prime and g is number between {2,….,p-2}
[a={0,….,p-1}]
[b={0,….,p-1}]
Cont…
Cont…
Cont…
Cont…
Cont…
Cont…
Hackers and virusesOutline1.Hackers• Introduction• History• Types of hackers• Common attacks
2.Viruses• Introduction • Viruses affecting turing machine• Virus detection
• Types of hackers• Hackers access your internet• Some attacks• 2.Viruses• introduction • viruse•
Definition
• Hacking is a technical effort to manipulate the normal behaviour of network connections and connected systems.
• “Hacking” referred to constructive, clever technical work that was not necessarily related to computer systems.
• Hackers are most commonly associated with malicious programming attacks on the internet and other networks.
History
• M.I.T engineers in 1960’s first popularized term and concept of hacking.
• Starting at the model train club and later in the main frame computer rooms, the so called “Hacks” perpetrated by these hackers were intended to be harmless technical experiments and fun learning activities.
• Outside of M.I.T other began applying the term to less honorable pursuits before internet became popular several hackers experimented with methods to modify telephone for making free distance calls.
• As internet exploded in popularity, data networks became most common target of hackers.
Types of hackers
White hat breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software.
Black hat a black hat hacker who violates computer security for little reason beyond maliciousness or for personal gain . Black hat hackers break in to secure networks to destroy data or make the network unusable for those who are authorized to use the network.
Cont…• Grey hat a gray hat hackers is a combination of a black hat and a white hat hacker. A grey hacker may surf the internet and hack in to a computer system for the sole purpose of notifying the administrator that their system has a security defect
Ex: then they may offer to correct the defect for a fee.
• Script kiddie a script kiddie is some one who looks out to exploit vulnerability with not so much as trying to gain access to administrative or root access to the system , However achieving it nonetheless and enjoying the enormous consequential implications thereof which might be worth over millions to affected party.
Cont…• Crackers Are the people aiming to create software tools that make it possible to attack computer systems or crack the copy protection of use-fee software. A crack is therefore an executable program created to modify the original software to as to remove its protection.
• Carder’s Mainly attack chip card systems (particularly bank cards)
to understand how they work and to exploit their flaws. The term carding refers to chip card piracy.
Hackers access your internet
• In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks.
• Today we have about 10,000 incidents of cyber attacks which are reported and the number grows.
Cont…Once inside hackers can..
• Modify logs– To cover their tracks– To mess with you
• Steal files– Sometimes destroy after stealing– A pro would steal and cover their tracks so to be
undetected• Modify files
– To let you know they were there– To cause mischief
• Install back doors– So they can get in again
• Attack other systems
Common AttacksSpoofing
Definition:An attacker alters his identity so that some one
thinks he is some one else– Email, User ID, IP Address, …– Attacker exploits trust relation between
user and networked machines to gain access to machines
Types of Spoofing:1. IP Spoofing:2. Email Spoofing3. Web Spoofing
..
..
Email spoofingDefinition:
Attacker sends messages masquerading as some one else
What can be the repercussions?
Types of Email Spoofing:1. Create an account with similar email address
– [email protected]: A message from this account can perplex the students
2. Modify a mail client– Attacker can put in any return address he wants to
in the mail he sends
3. Telnet to port 25– Most mail servers use port 25 for SMTP. Attacker
logs on to this port and composes a message for the user
Web spoofing• Basic
– Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com
• Man-in-the-Middle Attack– Attacker acts as a proxy between the web server and the
client– Attacker has to compromise the router or a node through
which the relevant traffic flows• URL Rewriting
– Attacker redirects web traffic to another site that is controlled by the attacker
– Attacker writes his own web site address before the legitimate link
• Tracking State– When a user logs on to a site a persistent authentication
is maintained– This authentication can be stolen for masquerading as the
user
Denial of service (DOS)
Definition:Attack through which a person can render a system
unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it.
Types:1. Crashing the system or network
– Send the victim data or packets which will cause system to crash or reboot.
2. Exhausting the resources by flooding the system or network with information
– Since all resources are exhausted others are denied access to the resources
3. Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks
viruses
• Virus is a small piece of program that can infect other programs by modifying them to include a copy of itself.
• This gives rise to the definition of a viral set , the elements of which produce other elements of the set upon execution.
Viruses affecting turing machines
• Cohen uses a Turing machine model where each virus in a viral set produces an element of the set on some part of the TM tape outside of the original virus specification.
• Formally, a viral set is a pair (M;V) where M is a TM and
V is a set of viruses written as strings in the tape alphabet of M: When M (in its start state) reads v € V; it writes a string V somewhere else on its tape.
Viruses affecting turing machine
The notion of viral infection is associated with following attributes :• A trojan component, since an infected program behaves
in an unwanted manner under some conditions;
• A dormancy component , as the infection may conceal it-self.
• An infective component, since infected programs are destined to infect other programs.
Cont..
Cohen’s undecidability results show that:
• There is no algorithm that can detect all viruses, some infected files may be detected as infected (false positive) or no answer may be returned.
• There is no algorithm (TM) that can decide if one virus evolves into another.
• Other results include that there are viruses for which no error-free detection algorithm exists (undetectable computer viruses)
Virus detection Given a known computer virus V, consider the
problem of detecting an infection by V. The most straightforward approach to solving
this problem is just to scan incoming messages by <V>.
But virus can easily evade this technique by altering their text in ways that have no effect on computation that V performs.
For example, source code could be modified to add blanks in meaningless places or to add leading 0’s to numbers.
Cont.. Executable code could be modified by adding
jump instructions to the next instruction. So the practical virus detection problem can
be stated as “Given a known virus V and an input message M”, does M contain the text of a program that computes the same thing V computes?
We know the equivalence question is undecidable for turing machines, using that the equivalence question for arbitrary programs is also undecidable.
Cont… So, we can’t solve the virus problem by making a
list of known viruses and comparing new code to them.
Suppose that, instead of making a list of forbidden operations, we allowed users to define a “white list” of the operations that are to be allowed to be run on their machines.
Then the job of a virus filter is to compare incoming code to the operations on the white list.
Any code that is equivalent to some allowed operation can be declared safe. But now we have EXACTLY THE SAME PROBLEM. No test for equivalence exists.
Thank you.
References
• http://www4.ncsu.edu/~kksivara/sfwr4c03/lectures/lecture9.pdf
• http://math.ucsd.edu/~wgarner/research/pdf/diffie-hellman_key_exchange.pdf
• http://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange• www.youtube.com• http://vxheaven.org/lib/pdf/Self-Replicating%20Turing%20Ma
chines%20and%20Computer%20Viruses.pdf
• Previous slides.• www.google.com• http://
www.illc.uva.nl/Research/Publications/Reports/MoL-2008-05.text.pdf
• http://en.kioskea.net/contents/17-introduction-to-attacks
Related Documents
