FACULTY OF COMPUTER SCIENCE & INFORMATION TECHNOLOGY FUNDAMENTAL OF COMPUTER NETWORK IAD2313

Lecturer’s name: MR NOOR RIZAL BIN ARBAIN

TOPIC: CYBER WARFARE & PHYSICAL SECURITY

Prepared by: NAN HAZUREEN AZLIN BINTI LONG HAMDAN 3112037401

Introduction
Cyber warfare refers to politically motivated hacking to conduct sabotage and peeking. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation. Government security expert Richard A. Clarke, in his book Cyber War (May 2010), defines cyber warfare as an actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption. The Economist describes cyberspace as "the fifth domain of warfare”, and William J. Lynn, U.S. Deputy Secretary of Defense, states that "as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare which has become just as critical to military operations as land, sea, air, and space.

Literature Review
1. Social Engineering
In the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims. "Social engineering" as an act of psychological manipulation had previously been associated with the social sciences, but its usage has caught on among computer professionals.

2. Surveillance Systems
Surveillance is the monitoring of the behavior, activities, or other changing information, usually of people for the purpose of influencing, managing, directing, or protecting. Surveillance is therefore an ambiguous practice, sometimes creating positive effects, at other times negative. It is sometimes done in a surreptitious manner. It most usually refers to observation of individuals or groups by government organizations, but disease surveillance, for example, is monitoring the progress of a disease in a community.

3. Authentications and Access Controls Systems
Authentication and access control measures should ensure appropriate access to information and information processing facilities – including mainframes, servers, desktop and laptop clients, mobile devices, applications, operating systems and network services – and prevent inappropriate access to such resources. Modern computer systems
provide services to multiple users and require the ability to accurately identify the user making request. In traditional systems, the user's identity is verified by checking a password typed during the login; the system records the identity and uses it to determine what operations may be performed. This has led to the use of the even weaker authentication on computer networks. To overcome these problems we need a stronger authentication methods based on cryptography are required. When using authentication based on cryptography, an attacker listing to the network gains no information that would enable it to falsely claim another's identity. The purpose of access control is to limit the actions or operations that a legitimate user of a computer system can perform. Access control constrains what a user can do directly, as well as what programs executing on behalf of the users are allowed to do. In this way access control seeks to prevent activity that could lead to a breach of security. Access control relies on and coexists with other security services in a computer system. Access control is concerned with limiting the activity of legitimate users.

4. Biometrics Applications
In today’s technology advancement era, where computers are a necessary nutrient to comply with and serve all the activities, the need for secured, reliable, simple and flexible system has advertently become a challenging concern for the organizations. The technology advancement has been a boon for speedy achievements of activity goals but at the same time the security breaches and transaction frauds are on rise. Thus, the Biometric Technology has taken its pace to prevent any security breaches and fraudulent. This technique measures unique physiological and behavioral features of individuals to identify and verify them as the right person for the crucial information. The physiological features include face, fingerprints, hand geometry, iris, retinal, DNA etc. and behavioral features include signature, study of keystroke, voice etc. Biometric techniques are providing a highly-secured identification and personal verification solutions thereby providing a robust solution to many challenging problems in security.

Methods of Biometric Authentication: VERIFICATION
The process of verifying the user is who they claim to be.

IDENTIFICATION
The process of identifying the user from a set of known users.

5. Electronic Passports, National ID and Smart Card Security
The newest passport on the block, now required in most countries, is the epassport. E-passports are much harder to forge, so they help cut down on passport fraud. The reason for the digital photography is that its presence allows international border officials to use facial recognition technology to ensure that the holder of the passport matches the photograph. A national identification number, national identity number, or national insurance number is used by the governments of many countries as a means of tracking their citizens, permanent residents, and temporary residents for the purposes of work, taxation, government benefits, health care, and other governmentally-related functions. Sometimes, the number will appear on an identity card issued by a country. The ways in which such a system is implemented are dependent on the country, but in most cases, a citizen is issued an identification number at birth or when they reach a legal age. Non-citizens may be issued such numbers when they enter the country, or when granted a temporary or permanent residence permit. The self-containment of Smart Card makes them resistant to attack as they do not need to depend upon potentially vulnerable external resources. Because of this, Smart Cards are often used in applications which require strong security protection and authentication. Technology and security are strongly related. Crackers find sophisticated ways to get at supposedly secure data on cards. Manufacturers have to come up with more sophisticated locks and keys on cards. Crackers come up with better techniques to bypass these thus forming an infinite improvement loop, with both sides driving each other to use and invent better technology.

6. Template Protection and Liveliness
Biometric recognition systems face challenges arising from intra-class variations and attacks upon template databases. To tackle such problems, a hybrid approach for liveness detection and protecting templates in face recognition system is proposed. Here, the system captures input face image in three different poses (left, front, right) based upon the order chosen by the random select module. This approach will perform live face detection based upon complete body movement of the person to be recognized and template protection by randomly shuffling and adding the components of feature set resulting after fusion of three poses of input face image. It overcomes the limitations imposed by intra-class variations and spoof attacks in face recognition system. The resulting hybrid template will be more secure as original biometric template will not be stored in the database rather it will be stored after applying some changes (shuffling and addition) in its components. Thus the proposed approach has higher security and better recognition performance as compared to the case when no measures are used for live face check and template protection in database.

7. Biometrics standards and standardization
In the context of standardization, this is reflected in the existence of subcommittee ISO/IEC JTC 1/SC 37. In order to enable a more frequent inter-contact on biometrics standards issues, and in particular to improve interface with the EU regulatory authorities, and improve awareness of the JTC 1 work, CEN established around 2005 a Focus Group on biometric issues.
Figure 1: Overview of some biometrics

(1) Fingerprint

(2) Iris

(3) DNA

(4) Keystroke pattern

Images uploaded to Flickr by (1) Fazen, (2) Sarah Cartwright, (3) ynse, (4) Ben Harris-Roxas.

Figure 5:

Onion diagram showing biometric standards as a series of layers

Conclusion
In a nutshell, Cyber-warfare is different from conventional, kinetic warfare. Both it and its parent, information warfare, depend upon the frailties of human beings for many characteristics. One of the fundamental differences between cyber-warfare and kinetic warfare is the nature of their environments. Kinetic warfare takes place in the physical world, governed by physical laws that we know and understand. Cyber-warfare takes place in an artificial, man-made world that is chaotic with imperfections. Cyber-warfare can use some of the principles of kinetic warfare, but there are other principles that have little or no meaning in cyberspace. For these reasons, the principles of cyber-warfare are, ultimately, different from those of kinetic warfare. "Our life has become totally bounded, dependent on cyberspace. Therefore, the importance of that domain is not only for how we fight, but also for our way of life." - Dr. Lani Kass. Cyber war is a very rich topic, and my future work will discuss the awareness of how critical is this subject in Saudi Arabia, with a closer look to the defense system in use.

Sign up to vote on this title
UsefulNot useful