Network Security and Digital Forensics ( A Survey) By DR T.H. CHOWDARY Director: Center for Telecom Management and Studies Fellow: Tata Consultancy Services Chairman: Pragna Bharati (intellect India ) Former: Chairman & Managing Director Videsh Sanchar Nigam Limited & Information Technology Advisor, Government of Andhra Pradesh T: +91(40) 6667-1191(O) 2784-3121® F: +91 (40) 6667-1111 [email protected]Talk@ Siddhartha Eng.Clge: Vijayawada 13 April 2015
49
Embed
Network Security and Digital Forensics ( A Survey) By DR T.H. CHOWDARY Director: Center for Telecom Management and Studies Fellow: Tata Consultancy Services.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Network Security and Digital Forensics
( A Survey)
By
DR T.H. CHOWDARY
Director: Center for Telecom Management and StudiesFellow: Tata Consultancy Services
Chairman: Pragna Bharati (intellect India )Former: Chairman & Managing Director
Videsh Sanchar Nigam Limited &Information Technology Advisor, Government of Andhra Pradesh
• III. Cryptography• IV. Internet of Things, Compounds Security• V. Infection & Exfiltration• VI. War in Cyber Space• VII. Digital Forensics• VIII. India’s Security Resources
Some Key Playersthc_Ctms 2S728_April2015
I. Sensational Leaks by
Greatest Hackers bring Security Center-Stage
thc_Ctms 3S728_April2015
Largest Source of Information (1)
• Library of Congress of the USA• Encyclopedia Britannica• Library (Hermitage) in St.Petersburg (Russia)• NONE OF THE ABOVE
thc_Ctms 4S728_April2015
Largest Source of Information-WIKIPEDIA (2)
• Encyclopedia Britannica had the largest sales in Y2000
• It stopped printing in 2012 after 250 years!• Wikis launched in 1994 by Howard
Cunningham in USA• Wikipedia in Y2001• 6th most popular website (Ref: P28, CSI Jan 2014)
thc_Ctms 5S728_April2015
World’s most Sensational Security Breaks
• Wikileaks published secret information (leaked) in 2010• Collateral Murder video(April 2010) • Afghanistan War Logs (July 2010)• Iraq War Logs (Oct 2010)• 2,50,000 Diplomatic Cables (Nov 2010)• Guantanamo Files (April2011)• Accused by Australia’s Prime Minister Julia Gillard• US Vice President Joe Biden called him terrorist
thc_Ctms 6S728_April2015
The Sensational Hacker:Asange
• Julian Asange: born 1971• Hacking from age 16,• Son of thrice divorced mother• Married at age 18, in 1989• Separated in 1999• Son, a software designer• Living in the office room of Equador Embassy in London;
watched by policemen waiting to arrest him; cost of watch £ 6.5 mln ( about Rs. 40 cr) for 2 years
• Sweden wants him to be extridited in a sex assault case.• Now under US Criminal Investigation
thc_Ctms 7S728_April2015
Asange’s Book…
• In his book, “Cyber Punks” Asange wrote”…the Internet our greatest tool for emancipation has been transformed into the most dangerous facilitator of totalitarianism we have ever seen”.
thc_Ctms 8S728_April2015
Supporters & Facilitators of Asange
• Brazil’s Prez Luiz Inacio Lula de Silva• Awards won• Sam Adams Award 2010• Le Monde Readers’ Choice 2010• Sydney Peace Foundation 2011• Gold Medal for Peace with Justice• Amnesty International UK: 2009• (Awardees: Nelson Mandela, Dalai Lama, Daisaku
I-keda) thc_Ctms 9S728_April2015
Edward Snowden(May 20, 2013 flew to Hong Kong)
• June 2013 • Formerly of CIA; worked for DELL; NSA outpost in Japan• Booze Allen Hamilton consulting • 1000s of classified docs• Global surveillance• Hero, wistleblower, dissident, patriot, traitor• Balance between National Security & Information Privacy • Telephone Metadata Release of National Docs• HK, Russia• Bill Snowden follows Assange- Releases thousands of US CIA
Website defacementSpamSpread of malwarePhishingTech HelpMalicious coden/w Scanning
thc_Ctms
S728_April2015 16
Defacements tracked during May-14 to Oct-14
May/14 Jun/14 Jul/14 Aug/14 Sep/14 Oct/14
1659
1126
1432 1385
819963
thc_Ctms
S728_April2015 17
Domain-wise Defacements tracked during October-14
.com .org .net .in others
306
5213
566
26
thc_Ctms
S728_April2015 18
Spam tracked during May14 to Oct-14
May/14 Jun/14 Jul/14 Aug/14 Sep/14 Oct/14
12413
7531 7796 73406141
3543
thc_Ctms
S728_April2015 19
Open Proxy Servers tracked during May14 to Oct-14
May/14 Jun/14 Jul/14 Aug/14 Sep/14 Oct/14
261233
299
241
302
251
thc_Ctms
III. Cryptography
thc_Ctms 20S728_April2015
Privacy & Security
• Privacy: not to be exposed to others ( pictures, communications)
• Security: None to break-in, to exfiltrate, efface, replace, distort
• Maharashtra village, Shingnapur• No house has doors, only door-frames & window frames• Security taken care of by God, Shani! ( who is believed
to kill any thief)• Privacy: by door & window curtains• ( Ref: CSI Communications: May 2013)
thc_Ctms 21S728_April2015
Cryptography (1)
• Hiding information• Message on scalp, shaved head• Hair growth – Shave again to read• Caesar’s Cipher-Shift the alphabet• Germany WWII –cyphers Enigma & LorenZ • Broken by William Thomas Tuttu and his student team at
Waterloo ‘varsity Canada• Cryptography as science • 1975-Diffle& Hellman• Discrete Logarithm problem (DLP)• Diffle & Helman Algorithm thc_Ctms 22S728_April2015
Cryptography (2)
• Non repudiation• Authentication• Private-public key• SSL/TLS was developed by Netscape in1994
standardised by IETF uses steam cipher RC 4 has been attacked
• Indigenous cryptography products by 2020• Foreign ones may have trapdoors
thc_Ctms 23S728_April2015
Cryptography (3)
• Muni Kumudendu, a Jain Savant crafted a great epic Siri Bbhuvalaya scripted in numerals about 1000 years ago
• Integers ( range 1 to 64) arranged in 27 X 27 matrix, called Chakra
• 1270 chakras available to yield 600,000 slokas• Scheme to decipher chakras is called Bandhas• (Source CSI Coms May 2013) P 17 A&B
thc_Ctms 24S728_April2015
IV. Internet of Things Compounds
Security
thc_Ctms 25S728_April2015
S728_April2015 26
Global Internet Device Installed Base Forecast
20042006
20082010
20122014
20162018
0
10000000
20000000
30000000
40000000
50000000
60000000
Wearablessmart TVInternet of ThingsTabletsSmart phonesPersonal computers
(Source: CSI Communications, April 2014)thc_Ctms
S728_April2015 27
The Internet of Tings – How the Next Evolution of the Internet (CISCO)
2003 2010 2015 2020
World Population (Bln) 6.3 6.8 7.2 7.6
Connected Devices 500 mln 12.5 bln 25 bln 50 bln
Connected Devices Per Person
0.08 1.84 3.47 6.58
(Source: Cisco IBSG, April 2011; CSI Communications, April 2014)
(Source: CSI Communications, April 2014)
thc_Ctms
V. Infection&
Exfiltration
thc_Ctms 28S728_April2015
NSA (USA) Infects Computers
• Click-jacking (Technique of stealing clicks) (also known as UI-Redressing)• Discovered and mad pubic in Y2008 by
Jeremiah Grossman and Robert Hansen.• Remedy: Virtual (soft) keyboards and strong
antivirus solutions(Ref: CSI Coms Jan 2014; p 38)
thc_Ctms 29S728_April2015
How the NSA “Infects” Computers• The NSA and the Pentagon’s Cyber Command have implanted
nearly 100,000 “computer network exploites” around the world.• 1. Tiny transceivers are built into USB plugs and inserted into
target computers. Small circuit boards may be placed in the computers themselves by a third party.
• 2. The transceivers communicate with a briefcase-sized NSA field station up to 13 km away. They can also transmit malware, including the kind used in attacks against Iran’s nuclear facilities.
• 3. The field station communicates back to the NSA • Program in code-named quantum• Russia, China, USA do these • Israeli brain
thc_Ctms 30S728_April2015
VI. War inCyber Space
thc_Ctms 31S728_April2015
Cyber Weapons
• Viruses, worms, Trojans• In 2010 A computer security firm in Belarus found a self-
replicating program on a clients computer in Iran. • First called W32, later Stux net• Attack on SCADA systems (power, oil…) programmable Logic
Controllers (PLCs) captured and destructively activated • Stux net; DUQU, Wiper, Flame, Gauss, Mini Flame• Jeffry Kar, Analyst proved that INSAT 4B satellite was taken
down by STUXNET to serve China’s businesses !• (CSI Coms Dec 2013)
thc_Ctms 32S728_April2015
S728_April2015 33
Geographic Distribution of Stuxnet
Iran Indonesia India Azerbauan USA Pakistan Others0
10
20
30
40
50
6058.85
18.22
8.312.57 1.56 1.28
9.2
Series 1
(Source: CSI Communications, Dec 2013) thc_Ctms
S728_April2015 34
Cyber warfare expense of countriesNATO 2012 Upgrading the cyber defense capabilities and enable the
NATO Computer Incident Response Capabilities to achieve full operational capabilities by the end of 2012
58M€
US 2013-2017
With a cyber budget of $1.54 billion from 2013 to 2017, DARPA will focus increasingly on cyber-offence to meet military needs
1.54b$
UK 2012 Extra Investment to develop deterrents to hostile viruses and hackers
650M £
Israel From 2012
Expense of more than $13 million in the coming years to develop new technologies for cyber defense
13M $
China China do not have very clear accounting transparency, but its estimated by some of the experts that China’s Cyber Security market will expand remarkably in the coming year, from a valuation of $1.8 billion in 2011 to $50 billion by 2020
?
Iran 2012 On December Tehran announced an ambitious plan to improve it s cyber-warfare capabilities developing new technologies and creating new team of cyber experts
1B $
thc_Ctms
Information Warfare
• China, USA, Russia, Iran, Israel, Pakistan, South Korea, India• China’s deadliest Hactivist army• Revelations from:• University of Toronto: Report of Munk School of Global
Affairs• Shadows in the Cloud 06-04-2010• Shadow Server Foundation• Munk discovered Ghost Net in March 2009• China’s Cyber force-50,000• Exfilters information from 1295 computers in 103 countries• 30% had high value content
thc_Ctms 35S728_April2015
S728_April2015 36
China: The Cyber Warrior
• Hundreds/thousands are trained in I.W in academies run by the PLA . Eg: Wuhan Varsity
• Raised militia units since Y 2002 drawn from Cos. ( like our TA) and Academia
• HUAWI & ZTE- specialists in wireless technologies• Sichuan & XingJian – Uighur are locales for the
Militias (Source: Jayadev Ranade Indian Express
12.04.2010)
thc_Ctms
S728_April2015 37
China: The Cyber Warrior contd..
• Chengdu capital of China’s Sichwan Province, in league with officially tolerated hacker organisation - NSFOCUS, EVILOCTAL linked to PLA
• University of Science &Technology in Chengdu – hosts hackers• Information Warfare Doctrine in the book-
Unrestricted Warfare by Sr. Colonels of the PLA
thc_Ctms
State Sponsored Actors
• China, Iran, Korea• Advanced Persistent Threat (APT)• - Reconnaissance and investigation of your
network infrastructure & information assets
thc_Ctms 38S728_April2015
S728_April2015 39
China- The Foremost Information War (IW) Power contd..
• China’s Haktivist communities
• The Chinese hacker community. They are thousands of web based groups. They are developing malware tools. The community is engaged in large scale politically motivated denial of service attacks, data destruction and web-defacements of foreign networks. They are HACTISTS . They trade attacks with their counter parts in the USA, Japan, Taiwan, Indonesia and South Korea.
thc_Ctms
VII. Digital Forensics
thc_Ctms 40S728_April2015
Digital Forensics
• Investigation of artifacts present in one or more digital devices & reconstruction of the sequence of events that must have transpired in generating the artifacts.
• Born in Locard’s exchange principle• “It is impossible for a criminal to act, especially
considering the intensity of the crime, without leaving traces of this presence”
• Trace and determine the set of all events that transpired in the crime in which digital devices are involved
Traditional method of conducting forensic analysis on different sources
(Source: CSI Communications, Nov 2013)thc_Ctms
VIII. India’s Security ResourcesSome Key Players
thc_Ctms 45S728_April2015
S728_April2015 46
India’s Security ResourcesSome key players
• Data Security Council of India is an initiative of NASSOM.DSCI is developing best practices for Data Security and Data Privacy.
• Computer Emergency Response Team monitors computer security incidents as and a when they occur. It also maintains a database of incidents and is supposed to study trends and patterns related to intruder activity.
• National Technical research Organisation is the nodal agency for technical intelligence and surveillance.
• Army Cyber Security establishment is supposed to protect and secure the army’s information networks.
• Defence Intelligence Agency is to provide timely, objective and cogent military intelligence to defence planners and defence and national security policy makers.(Source: The New Indian Express 11 April 2010)
thc_Ctms
S728_April2015 48
Further Information
• My website: www.drthchowdary.netClick on:• Crime & Security in Cyber Space• The Noble & Ignoble in Cyber Space• Cyber Times: Cyber Laws• Cyber Fraud & Crime• Militarization of Cyber Space &Weponisation of Softwarethc_Ctms