Distributed and Embedded Systems (DIES)

Download Report

Transcript Distributed and Embedded Systems (DIES) 

Crime Science +
Information Security =
Cyber Crime Science
Pieter Hartel
Marianne Junger
Roel Wieringa
17-7-2015
1
What is the synergy?
Two complementary questions
 How can Crime Science (CS) help
Information Security?
 How can Information Security be
used to prevent Cyber Crime?
17/07/2015
2
METHOD
 Systematic review of information
technology literature
 Crime Science theories
 Not quantified
17/07/2015
3
MAIN POINTS
1. What has crime science to offer?
17/07/2015
4
1.1 Conceptual framework
 Routine activities approach
 Crime pattern theory
 Rational choice model of crime
17/07/2015
5
1.2 Situational prevention
 Situational crime prevention tools
 ‘25 techniques of crime preventions
 Checklists, e.g.: “CRAVED” & others
17/07/2015
6
CS: Routine activities approach (1)
Clarke & Eck
17/07/2015
7
CS: Routine activities approach
When RAA is translated to fit cyber-crime
1.
RA = daily flow of online actions
2.
Offenders: insiders / outsiders / specialized
access
3.
Who are the guardians?
17/07/2015
8
CS: Routine activities approach
Who are the guardians?
http://www.auctionbytes.com/cab/abu/y205/m02/abu0136/s02
17/07/2015
9
CS: Routine activities approach
Place
1.
IP address? Easy to change/Difficult to trace
2.
Mobile base station of mobile phone, or
address of ISP, wireless access point
3.
Cliques: social networks
4.
Online harassment: via social networks =
‘virtual meeting place’
17/07/2015
10
CS: Routine activities approach
Time

Physical world: crime as serial

Cyber world: at the same time: thousands of
‘crimes’ - phishing mails, etc.
17/07/2015
11
CS: Routine activities approach
In a cyber-physical world:

What distinguishes insiders from outsiders (or specialized
access from regular access)

Some people are both insiders and outsiders (e.g. consultants,
free lancers, outsourcing providers)

Can we observe the routine activities of potential offenders?

What deterrence techniques are available for these categories
and how effective are these techniques?

Can we manipulate the value of stolen digital goods?

What is proximity in a cyber-physical world?
17/07/2015
12
CS: Crime Pattern theory (2)
 Offenders find opportunities for crime
during the daily journey between home,
work, and leisure.
 Crime usually occurs in specific patterns
and it is usually concentrated at particular
places, and at particular times, i.e. hot
spots.
17/07/2015
13
CS: Crime Pattern theory
 Prevention focuses on hotspot/hot times
 What are hotspots/hot times in cyberspace?
 Cyber criminals:
 Move physically
 Digitally ‘surf the net’
17/07/2015
14
CS: Crime Pattern theory
 Can we monitor them, and how?
 Anonymity is easy in cyber-space and hard
to lift
 We have to adapt law?
17/07/2015
15
CS: Rational choice model of crime (3)
 Criminal actors make a quick
cost/benefit analysis of expected
consequences of a crime
 Is this similar in cyber space?
17/07/2015
16
25 techniques of crime prevention
 In physical world
17/07/2015
17
17/07/2015
18
25 techniques of crime prevention
 In cyber space ?
17/07/2015
19
25 techniques of information security
17/07/2015
20
25 techniques of information security
(1) A password or pin code used to authenticate a user;
(2) Encryption of data to ensure that once encrypted, data can be
read only when the correct decryption key is known;
(3) A Firewall that is used to stop potentially malicious connections
to a computer or network;
(4) A De-Militarized Zone (DMZ) used to isolate the public web
server of an organization from the internal network;
(5) An Intrusion Detection System (IDS) used to stop potentially
malicious information being sent to a computer or network;
(6) A Virus scanner used to detect malicious code in the information
being sent to a computer or network
17/07/2015
21
25 techniques of information security
(7) Prompt software patching to remove vulnerabilities as soon as a
correction has been published;
(8) An RFID tag used to provide information about the product to which it
is attached;
(9) The Caller-ID feature of the Phone system used to inform the
recipient of a telephone call who is calling;
(10) An Audit log used to collect relevant operational data that can be
analyzed when there is an incident;
(11) An ISP used to assist its clients in using the information super
highway responsibly; (12) User education, which is included in the list
to show that we interpret Information Security in a broad sense
17/07/2015
22
CONCLUSION
More ‘truly’ multi-disciplinary work
 We (criminologists) can learn for
information security
 Information security can learn from
us: theory/research methods
17/07/2015
23