Transcript lecture07_security-1 - Homepages | The University of Aberdeen

CS5038 The Electronic Society
Security 1: Security and Crime Online
We’ll begin with a look at what’s out there. In Security 2, we’ll think
about it all a bit more conceptually.
•
•
•
•
•
•
•
•
Roots
Types of Attacks
Some Security Problems and Perspectives
Major security issues in online systems
Security Risk Management
Security Technologies
Government Intrusion
Government Power
1
Roots of Crime and Protection
• Conflicts of interest between actors (individuals,
organizations, grous, states).
• E.g. I have something I want to keep, you also
want it, resolution = ?
• You are in my way, resolution = ?
• Social institutions (the law, government) define certain
types of (perceived) injustice relating to actual
situations to be crimes.
• Protection mechanisms and systems created by
individuals and society to reduce risks and try to
control crime.
2
Roots of Crime
• Various groups have given a lot of though to this:
• The police
• The legal profession
• Criminologists
• Sociologists
• e.g., social motivations and causes
• Philosophers
• E.g., individual moral issues and decisions
• Economists
• E.g., self-interested rationality, mis-aligned
incentives, conflicts of interest
• Politicians.
3
The Columbo Theory
•Popular accounts of criminal law, and some real policemen
often like to talk about means, motive and opportunity for
crimes.
• (but Criminologists don’t accept this).
•Individuals with general methods to take advantage of
others
• Means
•Individuals with competing interests
• Motive
•Individuals presented with scenarios to act
• Opportunity
4
Online Crime
• Think about the MMO in the online environment
• Same people
• Same basic motives
• Similar conflicts of interest
• Different environment:
• Different means are available
• Different opportunities for crime
• Different prevalence of types of crime
• Different `implementation’ of crimes
5
Some Types of crime online
• Financially motivated
• Probably the biggest and fastest growing chunk
• Theft, fraud.
• Stolen credit card details, hacked bank accounts
• Unlawful file-sharing, downloading copyright material
•
•
•
•
•
•
Defamation, libel
Breaches of privacy
Exploitation of vulnerable groups (children etc.)
Commission of other crimes
Industrial espionage and sabotage
State attacks on states
6
Types of Attacks
• Depends on MMO, but opportunities here are vulnerabilities.
• Physical: burglary to steal machine.
• Shoulder surfing – e.g., observe user id and password entry
• Social engineering: partly non-technical
 e.g. phone or e-mail employee posing as administrator
 (spear-)phishing
•Technical Attacks:
• Exploit vulnerabilities in applications
• Exploit vulnerabilities in operating systems
• Exploit vulnerabilities in networks
•Mixtures of the above
7
Types of Attacks
• Port scanning: look for protocol vulnerabilities
• Packet sniffing: listen to data packets on network
• DNS spoofing: change DNS tables or router maps
• Denial of Service (DOS):
• Attacks via vulnerabilities in communications protocols
• Indirect attacks via third parties (e.g. security certificate providers)
• Code breaking: discovery of cryptographic keys
• Malicious code: (next slide)
8
Types of Attacks
• Malicously-used data/simple program manipulations
• SQL injection attacks
• Buffer overflow: hide code at the end of a long entry
• Malicious programs:
Viruses – propagate locally
Worms – propagate between systems
Macro viruses and macro worms (inside applications)
Trojans (Trojan horses) – e.g., posing as a game, keylogging
9
Attack Sophistication Vs. Intruder Knowledge
www.cert.org
Source: Special permission to reproduce the CERT ©/CC graphic © 2000 by Carnegie Melon University, in Electronic
Commerce 2002 in Allen et al. (2000).
10
Sophistication Increase
• There are more and more sophisticated attacks out there.
• There are lots of sophisticated attackers out there.
BUT
• A lot of the crime is committed by those with very limited
knowledge and skills (script kiddies)
• Relatively easy and low-risk (compared to trad. Crime)
• There is a whole technology stack (ready made tools), social
community to support crime online, and even a supply chain.
Hack tools
Crime forums and markets for criminal goods
Black-hat researchers, those who search for zero-day attacks
in applications, operating systems and networks, malware
writers, packers who build trojans inside innocent-looking
files.
11
Some Security Problems
 Security and ease of use can be in conflict
 e.g., passwords, electronic wallets/credit card
 Security takes a back seat to market pressures
 e.g., trying to hurry the time to market
 Security architectures are often only as strong as their weakest
points
 IT monoculture gives asymmetry in effort/reward for attackers
and defenders
 Security of a site depends, to some extent, on the security of the
whole Internet – DOS, e-mail, … .
 Knowledge of vulnerabilities is increasing faster than it can be
combated – hackers share secrets and write tools
 Flaws in common applications – Outlook, Word, Acrobat, …
 Under-reporting
 Why might a company not report a crime?
12
Security Perspectives
Filling a form at a simple marketing site:
User perspective
 Is Web server owned and
operated by legitimate
company?
 Web page and form contain
some malicious code
content?
 Will Web server distribute
user’s information
to another party?
(or allow to be stolen)
Company perspective
 Will the user attempt to
break into the Web server or
alter the site?
 Will the user try to disrupt the
server so it is not available to
others?
Both perspectives
 Is network connection free from eavesdropping?
 Has information sent back and forth between server and
browser been altered?
13
Major security issues in
online systems
Privacy and/or Confidentiality
 trade secrets, business plans, health records, credit card
numbers, records of web activity
PAIN – for
Authentication – for Web page, e-mail
payment systems
 Something known – password
 Something possessed – smartcard
 Something unique – signature, biometrics
Integrity – protect data from being altered or destroyed
 Financial transaction
Non-repudiation – not denying that you bought something
Later, we’ll look at the ontology of security issues more carefully.14
Security Risk Management
Definitions involved in risk management
 Assets – anything of value worth securing
 Threat – eventuality representing danger to an asset
 Vulnerability – weakness in a safeguard
Risk Assessment
 Determine organizational objectives
 Cannot safeguard against everything – limit to satisfying objectives
 Example: if a website is to service customer complaints, then top
priority is to ensure no disruption – rather than protect data
 Inventory assets – value and criticality of all assets on network
 Delineate threats – hackers, viruses, employees, system failure
 Identify vulnerabilities - http://www.cve.mitre.org/cve/
 Quantify the value of each risk
 e.g., Risk = Asset x Threat x Vulnerability (e.g., Symantec.com)
 Is this realistic?
15
Security Technologies
Firewall:
 Like a bouncer, has rules to determine if data is allowed entry
Virtual Private Network (VPN):
 Encryption – scramble communications
Intrusion Detection Systems (IDS):
 Automatically review logs of file accesses and violations
 Analyze suspicious activity for known patterns of attack
Intrusion Prevention Systems (IPS):
 Similar to IDSs
 Actively block connections, code proliferation
16
Government Protecting Citizens
Identity Cards:
 The national Registration Act: outbreak of World War II




 Help police know if citizens rightfully belonged to the UK
After War:
member of public charged with not producing ID card when
requested to by a policeman.
Case went to appeal:
 Lord Chief Justice Lord Goddard:
“This Act was passed for security purposes and not for
the purposes for which, apparently, it is now sought to be
used.”
Ruling underlined public’s disquiet with the way that ID cards
had slowly become a compulsory feature of everyday life in
the UK
Cards repealed in 1952
Based on essay by: Steven McGhee
17
Government Protecting Citizens
 Attempts at reintroducing ID cards made at various times over the
intervening years
 After 9/11 attacks, ID cards started to look more likely
 Compulsory for foreign nationals resident in the UK from late 2008.
Seems to be now known as the `biometric residence permit’.
 Voluntary for British nationals from 2009 onwards.
 Cancelled Jan 2011.
 Compulsory for workers in certain high-security professions (airport)
18
ID Card
1. Symbol meaning a chip is embedded in the card
2. ID card number
3. Citizenship. Foreign nationals in the UK are
being given different cards.
4. Place of birth
5. Signature - digitally embedded in the card
6. Date of card issue and date it becomes invalid
7. Photo taken to biometric standards
8. Biometric chip holds fingerprint record
9. Swipe zone. Information which can be
automatically read by computer
19
ID Cards
 Arguments put forward by the Government:
 Fight against ID theft
 Prevention of illegal immigration
 Fight against terrorism
 Reduce benefit fraud
 “help safeguard civil liberties” (in direct contrast to critics)
James Hall (chief executive of the Passport and Identity
Cards service). How?
 Election issue in 2010: Coalition Government cancelling ID
cards; Ed Miliband suggests Labour Government was
‘careless’ with civil liberties (Matthew Norman, The
Independent, Monday, 9 August 2010)
 This brings us to questions about privacy
20
A law-abiding person has nothing to fear?
Why do we need privacy anyway?













If hold certain political beliefs, then might lose job or promotion
Someone who has a disease which people fear
A person who is homosexual, but whose family does not know
A teenage girl secretly visiting her boyfriend of a different race to her family
Someone seeking to change job (needs to attend interviews)
A woman scouting out places to go to get away from her violent partner
Someone going to Alcoholics Anonymous or drugs rehabilitation sessions
Someone going to church, synagogue or mosque who fears the scorn of
friends, colleagues or family
Someone attending classes of religious instruction prior to converting to
another religion (fears vengeance)
A son or daughter visiting an estranged parent without the knowledge of the
parent they live with.
An ex-criminal seeking to go straight who must meet his probation officer or
register with the police. (there have been some examples with children.)
Authorized people may abuse access to information
Information not secure
http://www.samizdata.net/blog/archives/004600.html
21
`Quis custodiet ipsos custodes?’
`Who will watch the watchmen?’
Socrates/Plato
"Power tends to corrupt, and absolute power corrupts
absolutely. Great men are almost always bad men, …
"
Lord Acton
"Unlimited power is apt to corrupt the minds of those who
possess it."
William Pitt, the Elder
22
Separation of Powers: Trias Politica
• Model was (first) developed in ancient Greece. Came into
widespread use by the Roman Republic
• State divided into branches or estates, each with separate
and independent powers and areas of responsibility.
• Normally, roughly:
• Executive: government, policy, direction of state
bureaucracy
• Legislature: assembly to deal with formation/change of
law and some other issues (tax, budget, depends)
• Judiciary: interprets and applies law.
• What about various, current states? UK, US, EU …
• Parliamentary vs. presidential system.
23
Separation of Powers: Trias Politica
• "the independence of the judiciary has to be real, and not
merely apparent”
Montesquieu
Judiciary most important of powers – at least often from
the point-of-view of the individual
Independent and unchecked.
Also considered the least dangerous – remit is quite
confined.
24
Separation of Powers – Need More?
• The Popular
• The Bureaucracy
• The Media (in the UK often referred to as the ‘fourth
estate’, the first three being, according to Edmund Burke,
the Lords Spiritual (Bishops, the clergy), The Lords
Temporal (the nobility), and the Commons (the
peasantry))
• The Financial Oligarchy?
25
Questions
• How well are various systems of government able to
provide good government for their citizens in the face of
rapidly changing technology?
• New variations on crimes?
• New threats?
• New protection needed?
• New variations on rights?
• How to deal with many organizations operating across
traditional boundaries of nation states?
26
Summary
• Attack Sophistication vs. Intruder Knowledge
• Types of Attacks – non-technical, buffer overflow, malicious
code, etc.
• Security Problems – ease of use, market pressure, weak links
• Security Concerns – e.g., filling a form; who’s watching?
• Major security issues in online systems – PAIN
• Security Risk Management – assessment, planning,
implementation, monitoring
• Security Technologies – firewall, VPN, IDS
• Government Protecting Citizens
27