Attack Goals in the physical world in the electronic world Publicr Terrorism Highly contagious viruses Landing in red square defacing web pages frau Bank robbery Credit card number theft Scams On-line scams Plagiarism Intellectual property theft Disruption Vandalism wiping out data Obstruction of justice> Denial of service Invasion Collection of personal Reading private files of privacy data urveillance Espionage
6 Attack Goals • Publicity • Fraud • Disruption • Invasion of privacy – . ➢ Terrorism ➢ Landing in Red Square ➢ Bank robbery ➢ Scams ➢ Plagiarism ➢ Vandalism ➢ Obstruction of justice ➢ Collection of personal data ➢ Espionage in the physical world ➢ Highly contagious viruses ➢ Defacing web pages ➢ Credit card number theft ➢ On-line scams ➢ Intellectual property theft ➢ Wiping out data ➢ Denial of service ➢ Reading private files ➢ Surveillance in the electronic world
Vulnerable systems: a Trend Vulnerability: a weakness that can be exploited to cause damage Attack: a method to exploit a The internet vulnerability World-Wide connection Distributed: no central design and control O pen infrastructureS: modems, wireless, dhCP Untrusted software: applets, downloads Unsophisticated users homogeneity Security costs Hardware: x86 Market now, fix bugs later OS: Window Customers want it but wont Applications pay for
7 Vulnerable Systems: a Trend • The Internet – World-Wide connection – Distributed: no central design and control – Open infrastructures: modems, wireless, DHCP – Untrusted software: applets, downloads – Unsophisticated users • Security costs – Market now, fix bugs later – Customers want it, but won’t pay for it • Homogeneity – Hardware: x86 – OS: Windows – Applications: Vulnerability: a weakness that can be exploited to cause damage Attack : a method to exploit a vulnerability
Attacks. Services, and mechanisms Security attack: Any action that compromises the securi of information Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack Security service: a service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms 8
8 Attacks, Services, and Mechanisms * Security Attack: Any action that compromises the security of information. * Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. * Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms
Some attacks · Unintended blunders Hackers driven by technical challenge Disgruntled employees or customers Petty criminals Organized crime Organized terror groups Foreign espionage agents ● Information warfare
9 Some Attacks • Unintended blunders • Hackers driven by technical challenge • Disgruntled employees or customers • Petty criminals • Organized crime • Organized terror groups • Foreign espionage agents • Information warfare
Security services confidentiality: only authorized parties have read access to information integrity: only authorized parties have write access to information availability: authorized access to information when neede authenticity: identity claims(user, message source) can be verified non-repudiation: message exchange can be proved by sender and receiver authorization: information system /resource access contro
10 - confidentiality: only authorized parties have read access to information - integrity: only authorized parties have write access to information - availability: authorized access to information when needed - authenticity: identity claims (user, message source) can be verified - non-repudiation: message exchange can be proved by sender and receiver - authorization: information / system / resource access control Security services