Cybersecurity and Privacy Lecture


Published on

What is cybersecurity (or computer security)? The lecture describes the field and tries to answer two questions: How people's privacy can be threaten by computer threats? How can it be threaten by the security mechanisms that help organizations and nations fight cyber security?

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cybersecurity and Privacy Lecture

  1. 1. 1Cybersecurity:Technologies and their Impact on PrivacyEran TochThe Minerva Center for Human Rights, The Hebrew University, June 2013
  2. 2. 2Eran TochDepartment of IndustrialEngineeringTel Aviv University, Israel
  3. 3. My Work3Managing Location PrivacyTemporal Aspects of PrivacyGenerating Automatic Defaults
  4. 4. Cyber-Security and Privacy4CyberAttacksCyberSecurity
  5. 5. Agenda1. The Context Of Cyber Attacks2. The Attack Model3. The Cyber-security Response5
  6. 6. 1. The Context Of CyberAttacks6
  7. 7. Cyber Attacks7Actions to penetrate thecomputers or networksof a nation, organizationor a person for thepurposes of causingdamage, disruption or toviolate privacy.
  8. 8. Three Questions‣ Who are theattackers?‣ What are the targets?‣ How the attacks arecarried out?8
  9. 9. Who Are the Bad Guys?9
  10. 10. 10“Off-the-shelf”HackersSophisticatedHackersMotivations:‣ Cyber Crime‣ Vandalism‣ HactivismMotivations:‣ Cyber Crime‣ Cyber Espionage‣ Cyberwar
  11. 11. Where are the Victims?11IBM Security Risk Report:
  12. 12. Threats for Electronic Services‣ Disrupting, sabotaging or exploiting electronicservices.12
  13. 13. For Example, The Attack on ATMs13
  14. 14. Threats for the Computer Network‣ Disrupting the Internet network itself,preventing the flow of communication.14
  15. 15. Disrupting the Infrastructure‣ Electricity, water,fuel and nuclearenergy.‣ Air control, traffic,buildinginfrastructure.15
  16. 16. But, Apart from Stuxnet...‣ Not many examplesof successfulcyberattacks oninfrastructure.‣ However, physicalinfrastructure isgetting increasinglyconnected.16The Stuxnet Attack, July 2012
  17. 17. Threats for Privacy‣ Accessing private information on servers andpersonal devices.17
  18. 18. 1. The attack model18
  19. 19. Attack Models19‣ The Internet Architecture‣ Attacks‣ Denial-of-service‣ Trojan horse‣ Phishing‣ Man-in-the-middle‣ Social Network attacks‣ Insiders
  20. 20. The Internet ProtocolClientRoutersServer20IP Packet132.66.237.20364.233.160.0209.85.128.0IPAddress
  21. 21. Global IP Network21
  22. 22. Properties of the Internet Network‣ Multi channels of communication.‣ Anonymity and trustfulness.22
  23. 23. First Attack23!
  24. 24. Denial-of-Service Attacks‣ Distributed denial-of-service attack (DDoSattack)‣ An attempt to make amachine or networkresource unavailable to itsintended users.‣ Attackers hide themselvesby employing “zombies”.24
  25. 25. Example: The Attack on Spamhaus25
  26. 26. Second Attack26 Horses!
  27. 27. Trojan Horses Attack‣ A Trojan horse is amalware that appears toperform a desirablefunction but instead dropsa malicious payload‣ Often including abackdoor allowingunauthorized access to thetargets computer.27
  28. 28. Example: The Zeus Trojan Malware281. Zeus Trojan sells for $3,000to $4,000 in the black market2. Victims download andinstall the trojan malware3. When victims surf to a selectbank website, it displays a fake site4. The malware steals accountnumbers, Social Security number,usernames and passwords
  29. 29. Trojan Horses29
  30. 30. Third Attack30!
  31. 31. Phishing Attacks‣ In Phishing attacks, the victim receives an email, a text message oranother communication. The link or reference will take the victimto a dummy site.31
  32. 32. The Cost‣ Gartner estimates that3.6 million U.S. millionadults lost money inphishing attacks in2007.‣ $3.2 billion was lost tothese attacks.32
  33. 33. Fourth Attack33 in the Middle in Mobile
  34. 34. Attacks on Mobile Devices‣ Mobile devices generateand store very sensitiveinformation:‣ Our location‣ Voice and video‣ Contacts andcommunications‣ Applications‣ Various sensor data34
  35. 35. Man-in-the-middle Attack35MaliciousRouterSensitiveWebsite
  36. 36. Man-in-the-Middle + Trojan36MaliciousRouter
  37. 37. Fifth Attack37 Network Attack
  38. 38. Facebook Botnets‣ How would yourespond to thisFacebook friendrequest?‣ The cyber attack: tobecome your friend.‣ Social engineering canbe used to get close totargeted people.38
  39. 39. Social Network Attacks39The Socialbot Network: When Bots Socialize for Fame and Money - Yazan Boshmaf et al, In Proceedings ofACSAC11, 2011.Boshmaf et al. engineered a botnetserver, and measured the rate in whichpeople will fall for the attack.
  40. 40. Fifth Attack40
  41. 41. Insiders‣ Cybersecurity is turning its eyes to insiderssuch as employees and subcontractors.41
  42. 42. The Risk‣ External threats countfor only 47.1% ofperceived risks by ITmanagers.‣ The majority of risk isfrom insiders andfrom managementlimitations.42AlgoSec 2012 Report
  43. 43. 2. The cyber-security Response43
  44. 44. Cybersecurity Responses44‣ Organizations andgovernments respond tocyber attacks by:‣ Developing technologies‣ Regulating organizations‣ Educating users and serviceproviders‣ Applying different levels ofmonitoring
  45. 45. Israel National Cyber Bureau‣ The Israel National Cyber Bureaucan be seen as a test case forgovernment cybersecurityresponse.‣ The Bureau activities include:‣ Response formulation.‣ Regulation roadmap.‣ Research and development.45
  46. 46. Levels of ResponseTechnology, Research and EducationCitizenEducationSmall ServiceProvidersRegulationCivilOrganizationsPolicy and EnforcementGovernmentInternal Procedures
  47. 47. All Front‣ Unlike traditional warfare, there is no clearfront.‣ The question of how to regulate civicorganizations and individuals is still open.47
  48. 48. Cybersecurity Technologies48‣ Network Monitoring‣ Syntactic monitoring‣ Semantic monitoring‣ Identification systems‣ Monitoring systems
  49. 49. Syntactic Monitoring‣ Tracking the networkcommunication by:‣ Firewalls‣ Proxies‣ Radius servers‣ Monitoring is basedon IP characteristics,such as destination,origin etc.49
  50. 50. Syntactic Monitoring and Privacy‣ Sites users visit.‣ Applications used bythe user:‣ Bitorrent.‣ http / https.‣ VOIP.‣ Geographical originsand destinations.50
  51. 51. Semantic Monitoring‣ Application firewallslook at the content ofnetworkcommunication.‣ It operates bymonitoring andpotentially blocking theinput, output, andsystem service calls.51
  52. 52. What can it Block?52The most comprehensive Web Application threat mitigation• SQL injection• Cross-site scripting• Parameter tampering• Hidden field manipulation• Session manipulation• Cookie poisoning• Stealth commanding• Backdoor and debug options• Geolocation-based blocking• Application buffer overflow attacks• Brute force attacks• Data encoding• Unauthorized navigation• Gateway circumvention• Web server reconnaissance• SOAP and Web services manipulation• Parameters pollutionImpervaRadwareCitrix
  53. 53. State-Wide Monitoring‣ Direct connection tothe networkinfrastructure and toservice providers.‣ Big-Data: Readingeverything, detectingby MachineLearning.53
  54. 54. Insiders‣ To battle insidersfrom accessing thedata, organizations:‣ Design procedures fordata access.‣ Track end-userdevices.‣ Track communicationsand traces.54
  55. 55. Deep Device Monitoring‣ For example,Trusteer, an IsraeliStartup, providestechnology thatmonitors end-userdevices.‣ Every applicationis scanned for key-logging etc.55
  56. 56. Summary56
  57. 57. Cyber-Security and Privacy57CyberAttacksCyberSecurity
  58. 58. Cyber Attacks‣ Easier to carry out‣ But not necessarily easier to succeed.‣ Increasing threat to privacy.‣ We are all the victims of the Agron 2006 attack.‣ Increasing use of social engineering, personaldevices, human vulnerabilities.58
  59. 59. Cyber-Security‣ Deeper and wider monitoring‣ With a chilling effect on privacy.‣ The front is increasingly ubiquitous‣ Government, organizations, companies, services.59Where should be the line betweensecurity and privacy?
  60. 60. 60Eran TochDepartment of Industrial EngineeringTel Aviv University, Israel