Künftige Cyber-Attacken: Risiken und Techniken. Future Cyber attacks: Risks and techniques. Prof. Dr. T. Nouri sd&m

Transcription

1 Künftige Cyber-Attacken: Risiken und Techniken Future Cyber attacks: Risks and techniques Prof. Dr. T. Nouri sd&m

2 Content 1. Hacking Techniques 2. Main Goals of IT-security 3. Cryptography 4. Future Hacking-Scenario 5. Computer Immunology 6. Conclusion Künftige Cyber-Attacken: Risiken und Techniken 2/39

3 Hacking Domains Reconnaissance/Identification/Scanning System Hacking (Windows, Unix, VoIP) Network Hacking (Network Devices, Wireless, Firewalls, DoS) Software Hacking (Code, Web, Internet user). Künftige Cyber-Attacken: Risiken und Techniken 3/39

4 Hacking Domains: Scanning Determine if the System is Alive Which Services are Running-Listening Identifying TCP and UDP Services Running Port Scanning Detecting the Operating System Enumerating Common Network Services Künftige Cyber-Attacken: Risiken und Techniken 4/39

5 Hacking Domains: System Hacking Proprietary OS Networking Protocol Attacks Remote Access/Control and Back Doors OS-Security Features (Service Pack ) Quest for Root-Hacking Root-Scripting Künftige Cyber-Attacken: Risiken und Techniken 5/39

6 System Hacking: Network Hacking Wireless Insecurities, Network Devices Traceroute, Service Detection Network Vulnerability(OSI Layer 1,2, ) Firewalls Identification-Discovery Scanning Through the Firewalls Packet Filtering Proxy vulnerabilities Denial of sevice Attacks Künftige Cyber-Attacken: Risiken und Techniken 6/39

7 Hacking Domains: Software Hacking Hacking Code Web Server Hacking Web Application Hacking Hacking the Internet User( , Cookies, JavaScript, Active Script ) Socio-Technical Attacks(Phishing, Pharming ) Spyware, Adware, Malware and Spam. Künftige Cyber-Attacken: Risiken und Techniken 7/39

8 Thank You Hackers, Good Work! This Hobby hacking will continue, It has a limited consequences, very beneficial for the IT-Field!! If we collect all this information we can use data mining approaches for detecting/predicting intrusions. Künftige Cyber-Attacken: Risiken und Techniken 8/39

9 Main Tasks of Security 1. Authentication 2. Integrity 3. Availability 4. Confidentiality 5. Non-Repudiation

10 Authentication service Login to a system: An unauthorized person can not access to the system Fingerprint Hand geometry Retina Voice Password Biometric Entity Authentication Digital Certificates Dynamic Authentication X.509, SDSI Code Book Time Based Challenge-Response Based

11 Data confidentiality service An unauthorized person can not read the message DES, 3DES RC-4 IDEA RSA Symmetric Algorithms 1 key Asymmetric Algorithms 2keys: Public and private Data Confidentiality

12 Data integrity service The message contain is not modified A hash function is like a checksum or MD MD4 MD5 SHA Hash Functions Sender's Private Key Data Integrity

13 Data origin authentication & Non-Repudiation service Who sends a message We must proove that a person really send us a message Sender's Private Key Data Origin Authentication and Non-Repudiation

14 How to realise these tasks? Encryption Symmetric or secret key Asymmetric: Public-Private keys Hybrid ciphering Hash functions Digital signature Biometrie

15 Symmetric cipher The same key is used for the encryption and decryption Bob Alice Message secret key secret key Message Encryption Internet Decryption Examples: DES, 3-DES, IDEA, Blowfish, RC2, RC4, RC5, RC6, AES

16 Symmetric cipher: services Only the sender and the receiver know the key Entity authentication: OK Data authentication Data integrity: OK Data origin authentication: Non-repudiation: OK Data confidentiality: OK OK Symmetric cipher disadvantages Key Exchange

17 Asymmetric cipher Private and public keys Invited by Rivest, Shamir and Adleman (MIT, 1977) Bob and Alice have their own keys: private and public keys Cipher examples: RSA, DSA or DSS, Diffie-Hellman Bob Alice Bob's public key Bob's private key Alice's public key Alice's private key The public keys are exchanged between Bob and Alice

18 Asymmetric cipher Alice sends Bob a crypted message with his public key Only Bob has his private key and he can decrypt the message Bob's private key Bob's public key Message Message Decrypt Encrypt Internet We can encrypt with the public key and decrypt with the private key We can encrypt with the private key and decrypt with the public key

19 Asymmetric cipher: Authentication Alice sends a message crypted with her private key Bob decrypts the message with the Alice s public Bob is sure that the sender is Alice Alice's public key Alice's private key Message Message Decrypt Internet Encrypt Je suis Alice

20 Asymmetric cipher: services Every bodies can know the public key Entity authentication: Data authentication Data integrity: Data origin authentication: Non-repudiation: Data confidentiality: OK OK OK OK OK Asymmetric cipher disadvantage Very slow!!!

21 Hybrid cipher The hybrid cipher uses the advantages of the symmetric and asymmetric cipher The symmetric key is called session key Alice sends the session key, she crypts it with Bob s public key Bob Alice Bob's private key Bob's public key Session key Session key Decryption Internet Encyption

22 Hybrid cipher Alice and Bob crypt the messages with the session key Bob Alice Session key Session key Message Message Decryption Internet Encryption

23 Hash functions We use hash functions to check the message integrity (like checksum or CRC) Hash functions examples: MD4, MD5, SHA-1 Message One input gives always the same output Two inputs can t give the same output If we know the output, we can t find the input The operation is easy and fast

24 Hash functions: Integrity Bob Alice Message Internet Message =? The input message length is variable The output length is always 128 (MD4, MD5) or 160 bits (SHA-1)

25 Digital signature The digital signature is the combination of the result of a hash function (finger print) and a private key Alice Message Message Message Clé privée de Alice Encryption

26 Digital signature Bob uses the Alice s public key and find the finger print Bob finds the message s finger print Bob compares the two finger print Bob Message Internet Alice =? Alice? Alice's public key

27 VoIP-MjSIP Skype is used as black box Skype has an open backdoor In our research, we extended MjSIP with RSA for session key exchange and we used 3DES encryption for VoIP. It is more secure than Skype. Opensource Künftige Cyber-Attacken: Risiken und Techniken 27/39

28 Future Hacking-Scenario Attacks against: 1. Financial Institution 2. Governmental Institutions 3. High-Tech Companies 4. Mobile Device/Installation 5. Hijacking TV & Communication Satellite Künftige Cyber-Attacken: Risiken und Techniken 28/39

29 Attacks against Governmental Institution Every day Irak Georgia Estonia 07 Künftige Cyber-Attacken: Risiken und Techniken 29/39

30 Attacks against Mobile Device/Installation This is a new trend by profis hackers! Mobile devices and installation can be replaced by corrypted one without any suspicion for the user! Corrupted or Trusted? Künftige Cyber-Attacken: Risiken und Techniken 30/39

31 Hijacking TV & Communication Satellite Hijacking or Haking a TV & Communication Satellite is very profitable business! Künftige Cyber-Attacken: Risiken und Techniken 31/39

32 Hacking is a very Profitable Business IT-Knowledge (scientist and engineer) as well as Hardware areavailableeverywhere in the world with low cost. BehindIT-Security there is a huge money for hackers... Crime organisation are interested to invest in the hacker field to make more money!!!! Künftige Cyber-Attacken: Risiken und Techniken 32/39

33 Computer Immunology: Cells Complex system enclosed in a membrane Organisms are unicellular (bacteria, yeast) or multicellular Humans: ~ cells 320 cell types Example Animal Cell biology_intro.htm Künftige Cyber-Attacken: Risiken und Techniken 33/39

34 Computer Immunology: Apoptose Apoptose (απόπτωσις - apo = out, ptosis = to fall = dropping off = Self Suicide Cell Apoptosis is a mechanism of controlled cell death critically important in biological processes If a file is attacket, it starts a combat to delete the virus then delete itself! Self Suicide File, auto delete file Künftige Cyber-Attacken: Risiken und Techniken 34/39

35 Computer Immunology: DNA Repair systems More than 100 repair systems: Direct removal of lesions, Proof reading system mismatch repair system= DNA Auto correction etc. Why we don t have such mechanis in IT? ref.[5] p. 611 Künftige Cyber-Attacken: Risiken und Techniken 35/39

36 Computer Immunology: Generation of files A cell knows everything about the other cells. Cells are able to generate new cells or new functionalities!! A file knows everything about the other files in the system, the complete system is as one unit. If a file is infected or delete, files should be able to generate it!! The whole file system is actively fighting against virus!! Künftige Cyber-Attacken: Risiken und Techniken 36/39

37 Computer Immunology: Alert odor If the corn plants is attacket, they start own defense and send an odor to alert the other plants: Cooperation Aspect If a file is attacket by a virus, it should alarm the other files to prepare defense! The defense should be within the files. Künftige Cyber-Attacken: Risiken und Techniken 37/39

38 Lymph System vs Intrusion Detection Identification & Elimination Mechanism is Complex(T3, T4 ) Identification & Elimination Mechanism is Simple (signature) Künftige Cyber-Attacken: Risiken und Techniken 38/39

39 Conclusion Don t feel over secured, the worst is coming. Nature immunology should be more investigated for IT-architecture and security. Cooperation within IT-System is needed as in nature Authentification/Identification still a chalenge. Steganography(picture, video, sound, music etc) for hidding and exchanging information. Künftige Cyber-Attacken: Risiken und Techniken 39/39

40 References 1. Hacking Exposed, ISBN: Hacker s Guide, ISBN: Applied Cryptography ISBN: An introduction to Genetic Analysis, ISBN

41 End of Presentation Questions? Thank you Künftige Cyber-Attacken: Risiken und Techniken 41/39