Attacks on Computers and Computer Security
Before we understand the various concept and technical issues related to security (i.e. trying to understand how to protect), it is essential to know what we are trying to protect. The various dangers when we use computers, computer networks and the biggest network of them all, the Internet and the likely pitfalls. The consequences of not setting up the right security policies, framework and technology implementations. This topic attempts to clarify these basic concepts.
Why is security in the first place?
People sometime say that security is like statistics: the extent of data it reveals is trivial, the extent of data it conceals is vital! In other words, the right security infrastructure opens up just enough doors that are mandatory. It protects everything else. We discuss a few real-life incidents that should prove beyond doubt that security cannot simply be compromised. Especially these days when serious business and other types of transactions are being conducted over the Internet to such a large extent, inadequate or improper security mechanisms can bring the whole business down or play havoc with people's lives!
We then discuss the key principles of security. These principles help us identify the various areas, which are crucial while determining the security threats and possible solutions to tackle them. Since legal validity and binding, we examine the various implications in this regard.
This is followed by a discussion of the types of attacks. There are certain theoretical concepts associated with attacks and there is a practical side to it as well. We shall discuss all these aspects.
Finally, we discuss some modern security problems. This will pave the way for further discussions of network and Internet security concepts.
1 The Need for Security:
1.1Basic Concepts:
Most initial computer applications had no or at best, very little security. This continued for a number of years until the importance of data was truly realized. Until then, computer data was considered to be use, but not something to be protected. When computer applications were developed to handle financial and personal data, the real need for security was felt like never before. People realized that data on computers was an extremely important aspect of modern life. Therefore, various areas in security began to gain prominence. Two typical examples of such security mechanisms were as follows:
- Provide a user id and password to every user and use that information to authenticate a user
- Encode information stored in the databases in some fashion so that it is not visible to users who do not have the right permissions.
Organizations employed their own mechanisms in order to provide for these kinds of basic security mechanisms. As technology improved, the communication infrastructure became extremely mature and, newer and newer applications began to be developed for various user demands and needs. Soon, people realized that the basic security measures were not quite enough.
Furthermore, the Internet took the world by storm and there were many examples of what could happen if there was insufficient security built in applications developed for the Internet. Figure 1.1 shows such an example of what can happen when you use your credit card for making purchases over the Internet. From the user's computer, the user details such as user id, order details such as order id and item id, and payment details such as credit card information travel across the Internet to the server( i.e. to the merchant's computer). The merchant's server store these details in its database. There are various security holes here. First of all intruder can capture the credit card details as they travel from the client to the server. If we somehow protect this transit from an intruder's attack, it still does not solve our problem. Once the merchant receives the credit card details and validates them so as to process the order and later obtain payments, the merchant stores the credit card details and validates them so as to process the order and later obtain payments, the merchant stores the credit card details into its database. Now, an attacker can simply succeed in accessing this database and gain access to all the credit card numbers stored therein! One Russian attacker ( called as maxim ) actually managed to
Fig.1.1 Example of information traveling from a client to a server over the Internet
intrude into a merchant Internet site and obtained 300,000 credit card numbers from its database. he then attempted extortion by demanding protection money ($100,000) from the merchant. The merchant refused to oblige. Following this, the attacker published about 25,000 of the credit card numbers on the Internet! Some banks reissued all the credit cards at a cost of $20 per card and others forewarned their customers about unusual entries in their statements.
Such attacks could obviously lead to great losses - both in terms of finance and goodwill . Generally, it takes $20 to replace a credit card. Therefore, if a bank has to replace 3,00,000 such cards, the total cost of such an attack is about $6 million! How nice it would have been, if the merchant in the example just discussed had employed proper security measures!
Of course, this was just one example. Several such cases have been reported in the last few months and the need for proper security is being felt Microsoft's Hotmail Web site and created a mirror site. This site allowed anyone to enter any Hotmail user's email id and read her emails! In 2005 as independent survey was conducted to invite people's opinions about the losses that occur due to successful attacks on security. The survey pegged the losses at an average of $455,848,000.Next year, this figure reduced to $201,757,340!
1.2 Modern Nature of Attacks:
If we attempt to demystify technology, we would realize that computer-based systems are not all that different from what happens in the real world. Differences in computer-based system are mainly due to the speed at which things happen and the accuracy that we get, as compared to the traditional world. We can highlight a few salient features of the modern nature of attacks, as follows:
- Automating Attacks The speed of computers make several attacks worthwhile. For example. in the real world, suppose that someone manages to create a machine that can produce counterfeit coins would not be that much economical compared to the return on that investment! How many such coins would that not bother authorities? It certainly would. However, producing so many coins on a mass scale may not be that much economical compared to the return on that investment! How many such coins would the attacker be able to get into the market so rapidly? This is quite different with computers. They are quite efficient and happy in doing routine, mundane and repetitive tasks. For example, they would excel in somehow stealing a very low amount (say half a dollar or Rupees 20) from a million bank accounts in a matter of a few minutes. This would give the attacker a half million dollars possibly without any major complaints! This is shown in Fig. 1.2.
The morale of the story is:- Humans dislike mundane and repetitive tasks. Automating them can cause destruction or nuisance quite rapidly.
Fig. 1.2 The changing nature of attacks due to automation |
- Privacy Concerns:- Collecting information about people and later (mis) using it is turning out to be a huge problem, these days. The so called data mining applications gather, process and tabulate all sorts of details about individuals. People can then illegally sell this information. For example, companies like Experian (formerly TRW), TransUnion and Equifax maintain credit history of individuals in the USA. Similar trends are seen in the rest of the world. These companies have volumes of information about a majority of citizens of that country. These companies can collect, collate, polish and format all sorts of information to whosoever is ready to pay for that data! Example of information that can come out of this are: which store the person buys more from, which restaurant she eats in, where she goes for vacations frequently and so on! Every company (e.g. shopkeepers, banks, airlines, insurers) are collecting and processing a mind-boggling amount of information about us, without we realizing when and how it is going to be used.
·
Distance does not matter:- Thieves would earlier
attack banks, because banks had money. Banks do not have money today! Money is
in digital form inside computers and moves around by using computer network.
Therefore, a modern thief would perhaps not like to wear a mask and attempt a
robbery! Instead, it is far easier and cheaper to attempt an attack on the
computer systems of the bank, sitting at home! It may be far prudent for the
attacker to break into the bank’s
servers or steal credit card/ATM information from the comforts of her home or place of work.
This is illustrated in Fig. 1.3.
In 1995, a Russian hacker broke
into Citibank’s computers remotely, stealing $12 million. Although the attacker
was traced, it was very difficult to get him extradited for the court case.
2
Security Approaches:-
2.1 Trusted Systems:- A trusted
system is a computer
system that can be trusted to a specified extent to enforce a specified
security policy.
Trusted systems were initially of
primary interest to the military. However, these days, the concept has spanned
across various areas, most prominently in the banking and financial community, but the concept never caught on. Trusted systems often use the term reference monitor. This is an entity that is at the logical heart of the computer system. It is mainly responsible for all the decisions related to access controls. Naturally, following are the expectations from the reference monitor:
a)
It should be tamper proof
b)
It should always be invoked
c)
It should be small enough so that it can be
independently tested
3 Principles of Security:-
Having discussed some of the attacks
that have occurred in real life, let us now classify the principles related to
security. This will help us understand the attacks better and also help us in
thinking about the possible solutions to tackle them. We shall take an example
to understand these concepts.
Let us assume that a
person A wants to send a check worth $100 to another person B. Normally, what
are the factors that A and B will think of, in such a case? A will write the
check for $100, put it inside an envelope and send it to B.
1.
A will like to ensure that no one except
B gets the envelope and even if someone else gets it, she does not come to know
about the details of the check. This is the principle of confidentiality.
2.
A and B will further like to make sure
that no one can tamper with the contents of the check (such as its amount,
date, signature, name of the payee, etc.). This is the principle of integrity.
3.
B would like to be assured that the
check has indeed come from A and not from someone else posing as A (as it could
be a fake check in that case). This is the principle of authentication.
4.
What will happen tomorrow if B deposits
the check in her account, the money is transferred from A’s account to B’s
account and then A refuses having written/sent the check? The court of law will
use A’s signature to disallow A to refute this claim and settle the dispute.
This is the principle of non-repudiation.
These are the four
chief principles of security. There are two more, access control and
availability, which are not related to a particular message, but are linked to
the overall system as a whole.
We
shall discuss all these security principles in the next few sections.
3.1
Confidentiality:-
The
principle of confidentiality
specifies that only the sender and the intended recipient (s) should be
able to access the contents of a message. Confidentiality gets compromised if an
unauthorized person is able to access a message. Example of compromising the
confidentiality of a message is shown in fig.1. Here, the user of computer A
sends a message to user of computer B. (Actually, from here onwards, we shall
use the term A to mean the user A, B to mean user B, etc. although we shall
just show the computers of user A, B, etc.). Another user C gets access to this
message, which is not desired and therefore, defeats the purpose of
confidentiality. Example of this could be a confidential email message sent by
A to B, which is accessed by C without the permission or knowledge of A and B.
This type of attack is called as interception.
Interception causes loss of message
confidentiality.
3.2
Authentication:-
Authentication mechanisms help establish proof of identities. The
authentication process ensures that the origin of a electronic message or
document is correctly identified. For instance, suppose that user C sends an
electronic document over the Internet to user B. However, the trouble is that
user C had posed as user A when she sent this document to user B. How would
user B know that the message has come from user C, who is posing as user A? A
real life example of this could be the case of a user C, posing as user A,
sending a funds transfer request (from A’s account to C’s account ) to bank B.
The bank might happily transfer the funds from A’s account to C’s account –
after all, it would think that user A has requested for the funds transfer!
This concept is shown in Fig. 2. This type of attacks is called as fabrication.
Fabrication
is possible in absence of proper authentication mechanisms.
3.3
Integrity:-
When the
contents of a message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is
lost. For example, suppose you write a check for $100 to pay for the goods
bought from the US. However, when you see your next account statement, you are
startled to see that the check resulted in a payment of $1000! This is the case
for loss of message integrity. Conceptually, this is shown in Fig.3. Here, user
C tampers with a message originally sent by user A, which is actually destined
for user B. User C somehow manages to access it, change its contents and send
the changed message to user B. User B has no way of knowing that the contents
of the message were changed after user A had sent it. User A also does not know
abut this change. This type of attack is called as modification.
3.4
Non-repudiation:-
There are situations where a user sends a message and later on refuses
that she had sent that message. For instance, User A could send a funds
transfer request to bank B over the Internet. After the bank performs the funds
transfer as per A’s instructions, A could claim that she never sent the funds
transfer instruction to the bank! Thus, A repudiates or denies, her funds transfer instruction.
The principle of non-repudiation defeats such possibilities of denying something,
having done it. This is shown in Fig.4.
Non-repudiation
does not allow the sender of a message to refute the claim of not sending that
message.
3.5
Access
Control:-
The principle of access control determines who should be able to access
what. For instance, we should be able to specify that user A can view the
records in a database, but cannot update them. However, user B might be allowed
to make updates as well. An access control mechanism can be set up to ensure
this. Access control is broadly related to two areas: role management and rule
management. Role management concentrates on the user side (which user can do
what), whereas rule management focuses on the resources side ( which resource
is accessible and under what circumstances). Based on the decisions taken here,
an access control matrix is prepared, which lists the users against a list of
items they can access (e.g. it can say that user A can write to file X, but can
only update files Y and Z). An Access Control List (ACL) is a subset of an
access control matrix.
Access
control specifies and controls who can access what.
3.6
Availability:-
The principle of
availability states that resources (i.e. information) should be available to
authorized parties at all times. For example, due to the intentional actions of
an unauthorized user C, an authorized user A may not be able to contact a
server computer
B, as shown in Fig.5. This would defeat the principle of availability. Such an attack is called as interruption.
B, as shown in Fig.5. This would defeat the principle of availability. Such an attack is called as interruption.
Interruption
puts the availability of resources in danger.
Comments
Post a Comment