Professional Documents
Culture Documents
• Identity management:
• It deals with the procedure for determining
the level of access that each individual has
within an organization.
Types of Cyber Security
• Cyber Criminals
• Cybercriminals are individual or group of
people who use technology to commit
cybercrime with the intention of stealing
sensitive company information or personal
data and generating profits.
• Hacktivists
• Hacktivists are individuals or groups of hackers
who carry out malicious activity to promote a
political agenda, religious belief, or social
ideology
• State-sponsored Attacker
• State-sponsored attackers have particular
objectives aligned with either the political,
commercial or military interests of their
country of origin.
• Insider Threats
• These type of threats are usually occurred
from employees or former employees, but
may also arise from third parties, including
contractors, temporary workers, employees or
customers.
• E-Commerce refers to the activity of buying and
selling things over the internet.
• E-commerce can be drawn on many technologies
such as mobile commerce, Internet marketing,
online transaction processing, electronic funds
transfer, supply chain management, electronic
data interchange (EDI), inventory management
systems, and automated data collection systems.
Electronic payments system
Worms are malicious code that replicates by
independently exploiting vulnerabilities in
networks. Worms usually slow down
networks. Whereas a virus requires a host
program to run, worms can run by themselves
Trojan horse
A Trojan horse is malware that carries out
malicious operations under the guise of a
desired operation such as playing an online
game.
This malicious code exploits the privileges of
the user that runs it
Logic Bombs
• Block ciphers transform a fixed-length block of
plaintext into a common block of ciphertext of
64 or 128 bits. Block size is the amount of data
encrypted at any one time.
• To decrypt this ciphertext, apply the reverse
transformation to the ciphertext block, using
the same secret key.
Identification Controls
Alice Bob
channel data, control
messages
Trudy
Security 8-99
Who might Bob, Alice be?
• … well, real-life Bobs and Alices!
• Web browser/server for electronic transactions
(e.g., on-line purchases)
• on-line banking client/server
• DNS servers
• routers exchanging routing table updates
• other examples?
Security 8-100
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: A lot! See section 1.6
– eavesdrop: intercept messages
– actively insert messages into connection
– impersonation: can fake (spoof) source address in
packet (or any field in packet)
– hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in
place
– denial of service: prevent service from being used
by others (e.g., by overloading resources)
Security 8-101
The language of cryptography
Alice’s Bob’s
K encryption K decryption
A
key Bkey
m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))
Security 8-102
Breaking an encryption scheme
• cipher-text only attack: Trudy •hasknown-plaintext
ciphertext she can
attack:
analyze
• two approaches: Trudy has plaintext
corresponding to ciphertext
– brute force: search through all keys
– e.g., in
– statistical analysis
monoalphabetic
cipher, Trudy
determines pairings
for a,l,i,c,e,b,o,
• chosen-plaintext attack:
Trudy can get ciphertext for
chosen plaintext
Security 8-103
Symmetric key cryptography
KS KS
Security 8-104
Simple encryption scheme
substitution cipher: substituting one thing for another
monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Security 8-106
Symmetric key
crypto: DES
DES operation
initial permutation
16 identical “rounds” of
function application,
each using different 48
bits of key
final permutation
Security 8-107
Social Steganography