. . . . . . The Good The Bad The Ugly? . . . Cyber Crime and Internet Security िशवकु मार G. Sivakumar வ±மாè Computer Science and Engineering भारतीय ÿौīोिगकì संÖथान मुंबई (IIT Bombay) [email protected]October 7, 2007 The Good (Web 1.0, 2.0, 3.0) The Bad (CyberCrime, Laws) The Ugly? (Security, Forensics) िशवकु मार G. Sivakumar வ±மாèComputer Science and Engineering भारतीय ÿौīोिगकì संÖथान मुंबई (IIT B Cyber Crime and Internet Security
46
Embed
Cyber Crime and Internet Security - CSE, IIT Bombaysiva/talks/ips07.pdfCyber Crime and Internet Security शवक म र G. Sivakumar வம Computer Science and Engineering भ
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. The Good side first!
How is learning affected?िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Internet’s Growth and Charter
Information AnyTime, AnyWhere, AnyForm, AnyDevice, ...WebTone like DialTone
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Search Engines and Page Rank
How to drink water from a firehose?
Search Engines (google) crawl the web for us.
Recall (all available?) and Precision (all relevant?)
How to rank the pages? (syntactic?)
Reliability/Trust/Security issues
.What do profs do?.... ..
.
.
Visit www.phdcomics.com to find out!
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Search Engines and Page Rank
How to drink water from a firehose?
Search Engines (google) crawl the web for us.
Recall (all available?) and Precision (all relevant?)
How to rank the pages? (syntactic?)
Reliability/Trust/Security issues
.What do profs do?.... ..
.
.
Visit www.phdcomics.com to find out!
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Web 2.0 Definition (O’Reilly)
.Web 2.0..
.
. ..
.
.
Web 2.0 is the network as platform, spanning all connected devices;
delivering software as a continually-updated service that gets better the
more people use it, consuming and remixing data from multiple sources,
including individual users, while providing their own data and services in
a form that allows remixing by others, creating network effects through
an architecture of participation, and going beyond the page metaphor of
Web 1.0 to deliver rich user experiences.
.Examples..
.
. ..
.
.
RSS/Blogs/FeedReaders, Slashdot/Digg, Wikipedia (printingpress: people can read, Web2.0: people can write!)Mashups- ingeniously combining web services e.g. Google Maps inother applications e.g. Mumbai Navigator
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Web 2.0 Definition (O’Reilly)
.Web 2.0..
.
. ..
.
.
Web 2.0 is the network as platform, spanning all connected devices;
delivering software as a continually-updated service that gets better the
more people use it, consuming and remixing data from multiple sources,
including individual users, while providing their own data and services in
a form that allows remixing by others, creating network effects through
an architecture of participation, and going beyond the page metaphor of
Web 1.0 to deliver rich user experiences.
.Examples..
.
. ..
.
.
RSS/Blogs/FeedReaders, Slashdot/Digg, Wikipedia (printingpress: people can read, Web2.0: people can write!)Mashups- ingeniously combining web services e.g. Google Maps inother applications e.g. Mumbai Navigator
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Semantics and Intelligence (Web 3.0)
Collaboration is necessary, but is it sufficient?Want to know
When cheap Mumbai-Chennai round trips are available
with package tours to Mahabalipuram, if possiblebut not on weekdays...
Whenever new articles on chess appear
only in English, Tamil or Germanbut other langauges ok if it is about V. Anand!but not written by ......
Two margas for moksha
Monkey way is Web 1.0/2.0 (syntactic web)
Cat way is Web 3.0 ( sematic web )
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Desired Goal
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. What are Cyber crimes?
.Cybercrime..
.
. ..
.
.
Activity in which computers or networks are a tool, a target, or aplace of criminal activity. These categories are not exclusive.
Examples
Against People
Cyber Stalking and Harrassment(Child) PornographyPhishing, Identity Theft, Nigerian 419
Against Property
CrackingVirus and SpamSoftware/Entertainment PiracyTrade secrets, espionage
Cyber Terrorism!
Hactivism! (in some countries!)Information Warfareिशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Security Concerns
Match the following!Problems Attackers
Highly contagious viruses Unintended blundersDefacing web pages Disgruntled employees or customers
Credit card number theft Organized crimeOn-line scams Foreign espionage agents
Intellectual property theft Hackers driven by technical challengeWiping out data Petty criminalsDenial of service Organized terror groupsSpam E-mails Information warfare
Reading private files ...Surveillance ...
Crackers vs. Hackers
Note how much resources available to attackers.
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Internet Attacks Timeline
From training material at http://www.cert-in.org.in/
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Internet Attack Trends
From training material at http://www.cert-in.org.in/
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
And all this with postcards (IP datagrams)!िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Exchanging Secrets
.Goal..
.
. ..
.
.
A and B to agree on a secret number. But, C can listen to all theirconversation.
.Solution?.... ..
.
.
A tells B: I’ll send you 3 numbers. Let’s use their LCM as the key.
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Exchanging Secrets
.Goal..
.
. ..
.
.
A and B to agree on a secret number. But, C can listen to all theirconversation.
.Solution?.... ..
.
.
A tells B: I’ll send you 3 numbers. Let’s use their LCM as the key.
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Mutual Authentication
.Goal..
.
. ..
.
.
A and B to verify that both know the same secret number. Nothird party (intruder or umpire!)
.Solution?.... ..
.
.
A tells B: I’ll tell you first 2 digits, you tell me the last two...
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Mutual Authentication
.Goal..
.
. ..
.
.
A and B to verify that both know the same secret number. Nothird party (intruder or umpire!)
.Solution?.... ..
.
.
A tells B: I’ll tell you first 2 digits, you tell me the last two...
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Cryptography and Data Security
sine qua non [without this nothing :-]
Historically who used first? (L & M)
Code Language in joint families!
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Symmetric/Private-Key Algorithms
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Asymmetric/Public-Key Algorithms
Keys are duals (lock with one, unlock with other)
Cannot infer one from other easily
How to encrypt? How to sign?
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. One way Functions
Mathematical Equivalents
Factoring large numbers (product of 2 large primes)
Discrete Logarithms
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Security Mechanisms
System Security: “Nothing bad happens to my computersand equipment”virus, trojan-horse, logic/time-bombs, ...
Network Security:Authentication Mechanisms “you are who you say you are”Access Control Firewalls, Proxies “who can do what”
Data Security: “for your eyes only”
Encryption, Digests, Signatures, ...
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Security Mechanisms
System Security: “Nothing bad happens to my computersand equipment”virus, trojan-horse, logic/time-bombs, ...
Network Security:Authentication Mechanisms “you are who you say you are”Access Control Firewalls, Proxies “who can do what”
Data Security: “for your eyes only”
Encryption, Digests, Signatures, ...
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Security Mechanisms
System Security: “Nothing bad happens to my computersand equipment”virus, trojan-horse, logic/time-bombs, ...
Network Security:Authentication Mechanisms “you are who you say you are”Access Control Firewalls, Proxies “who can do what”
Data Security: “for your eyes only”
Encryption, Digests, Signatures, ...
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Network Security Mechanism Layers
.
.
. ..
.
.
Cryptograhphic Protocols underly all security mechanisms. RealChallenge to design good ones for key establishment, mutualauthentication etc.
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Forensics
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Forensics
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Forensics
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Forensics
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Forensics
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. Forensics
िशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]
Cyber Crime and Internet Security
. . . . . .
The Good The Bad The Ugly?
.. References
Books
TCP/IP Illustrated by Richard Stevens, Vols 1-3,Addison-Wesley.Applied Cryptography - Protocols, Algorithms, and SourceCode in C by Bruce Schneier, Jon Wiley & Sons, Inc. 1996Cryptography and Network Security: Principles and Practiceby William Stallings (2nd Edition), Prentice Hall Press; 1998.Practical Unix and Internet Security, Simson Garfinkel andGene Spafford, O’Reilly and Associates, ISBN 1-56592-148-8.
Web sites
www.cerias.purdue.edu (Centre for Education and Research inInformation Assurance and Security)www.sans.org (System Administration, Audit, NetworkSecurity)cve.mitre.org (Common Vulnerabilities and Exposures)csrc.nist.gov (Computer Security Resources Clearinghouse)www.vtcif.telstra.com.au/info/security.htmlिशवकुमार G. Sivakumar வ மா Computer Science and Engineering भारतीय ौ ोिगक सं थान मुंबई (IIT Bombay) [email protected]