Cybersecurity and Privacy Lecture

989 views

Published on

What is cybersecurity (or computer security)? The lecture describes the field and tries to answer two questions: How people's privacy can be threaten by computer threats? How can it be threaten by the security mechanisms that help organizations and nations fight cyber security?

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
989
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
41
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cybersecurity and Privacy Lecture

  1. 1. 1Cybersecurity:Technologies and their Impact on PrivacyEran TochThe Minerva Center for Human Rights, The Hebrew University, June 2013
  2. 2. 2Eran TochDepartment of IndustrialEngineeringTel Aviv University, Israelhttp://toch.tau.ac.il/erant@post.tau.ac.il
  3. 3. My Work3Managing Location PrivacyTemporal Aspects of PrivacyGenerating Automatic Defaultshttp://toch.tau.ac.il/
  4. 4. Cyber-Security and Privacy4CyberAttacksCyberSecurity
  5. 5. Agenda1. The Context Of Cyber Attacks2. The Attack Model3. The Cyber-security Response5
  6. 6. 1. The Context Of CyberAttacks6
  7. 7. Cyber Attacks7Actions to penetrate thecomputers or networksof a nation, organizationor a person for thepurposes of causingdamage, disruption or toviolate privacy.http://www.flickr.com/photos/75468116@N04/8569854011
  8. 8. Three Questions‣ Who are theattackers?‣ What are the targets?‣ How the attacks arecarried out?8
  9. 9. Who Are the Bad Guys?9
  10. 10. 10“Off-the-shelf”HackersSophisticatedHackersMotivations:‣ Cyber Crime‣ Vandalism‣ HactivismMotivations:‣ Cyber Crime‣ Cyber Espionage‣ Cyberwar
  11. 11. Where are the Victims?11IBM Security Risk Report: http://www.ibm.com/ibm/files/I218646H25649F77/Risk_Report.pdf
  12. 12. Threats for Electronic Services‣ Disrupting, sabotaging or exploiting electronicservices.12http://www.nytimes.com/2012/01/17/world/middleeast/cyber-attacks-temporarily-cripple-2-israeli-web-sites.htmlhttp://www.nytimes.com/2013/03/28/technology/attacks-on-spamhaus-used-internet-against-itself.html?pagewanted=all
  13. 13. For Example, The Attack on ATMs13http://www.nytimes.com/2013/05/10/nyregion/eight-charged-in-45-million-global-cyber-bank-thefts.html?pagewanted=all
  14. 14. Threats for the Computer Network‣ Disrupting the Internet network itself,preventing the flow of communication.14
  15. 15. Disrupting the Infrastructure‣ Electricity, water,fuel and nuclearenergy.‣ Air control, traffic,buildinginfrastructure.15
  16. 16. But, Apart from Stuxnet...‣ Not many examplesof successfulcyberattacks oninfrastructure.‣ However, physicalinfrastructure isgetting increasinglyconnected.16The Stuxnet Attack, July 2012
  17. 17. Threats for Privacy‣ Accessing private information on servers andpersonal devices.17
  18. 18. 1. The attack model18
  19. 19. Attack Models19‣ The Internet Architecture‣ Attacks‣ Denial-of-service‣ Trojan horse‣ Phishing‣ Man-in-the-middle‣ Social Network attacks‣ Insiders
  20. 20. The Internet ProtocolClientRoutersServer20IP Packet132.66.237.20364.233.160.0209.85.128.0IPAddress
  21. 21. Global IP Network21
  22. 22. Properties of the Internet Network‣ Multi channels of communication.‣ Anonymity and trustfulness.22
  23. 23. First Attack23http://www.flickr.com/photos/caioschiavo/6309585830Zombies!
  24. 24. Denial-of-Service Attacks‣ Distributed denial-of-service attack (DDoSattack)‣ An attempt to make amachine or networkresource unavailable to itsintended users.‣ Attackers hide themselvesby employing “zombies”.24
  25. 25. Example: The Attack on Spamhaus25http://www.nytimes.com/interactive/2013/03/30/technology/how-the-cyberattack-on-spamhaus-unfolded.html
  26. 26. Second Attack26http://www.flickr.com/photos/lars_in_japan/6129526077Trojan Horses!
  27. 27. Trojan Horses Attack‣ A Trojan horse is amalware that appears toperform a desirablefunction but instead dropsa malicious payload‣ Often including abackdoor allowingunauthorized access to thetargets computer.27
  28. 28. Example: The Zeus Trojan Malware281. Zeus Trojan sells for $3,000to $4,000 in the black market2. Victims download andinstall the trojan malware3. When victims surf to a selectbank website, it displays a fake site4. The malware steals accountnumbers, Social Security number,usernames and passwords
  29. 29. Trojan Horses29http://www.androidauthority.com/trojan-horse-apps-found-disguised-as-legit-google-play-store-apps-security-company-reveals-207408/http://iphone.pandaapp.com/news/07052012/220417591.shtml#.UbYMbPaSAUI
  30. 30. Third Attack30http://www.flickr.com/photos/25689440@N06Phishing!
  31. 31. Phishing Attacks‣ In Phishing attacks, the victim receives an email, a text message oranother communication. The link or reference will take the victimto a dummy site.31http://www.gartner.com/newsroom/id/565125
  32. 32. The Cost‣ Gartner estimates that3.6 million U.S. millionadults lost money inphishing attacks in2007.‣ $3.2 billion was lost tothese attacks.32
  33. 33. Fourth Attack33http://www.flickr.com/photos/lars_in_japan/6129526077Man in the Middle in Mobile
  34. 34. Attacks on Mobile Devices‣ Mobile devices generateand store very sensitiveinformation:‣ Our location‣ Voice and video‣ Contacts andcommunications‣ Applications‣ Various sensor data34
  35. 35. Man-in-the-middle Attack35MaliciousRouterSensitiveWebsite
  36. 36. Man-in-the-Middle + Trojan36MaliciousRouter
  37. 37. Fifth Attack37http://www.flickr.com/photos/lars_in_japan/6129526077Social Network Attack
  38. 38. Facebook Botnets‣ How would yourespond to thisFacebook friendrequest?‣ The cyber attack: tobecome your friend.‣ Social engineering canbe used to get close totargeted people.38
  39. 39. Social Network Attacks39The Socialbot Network: When Bots Socialize for Fame and Money - Yazan Boshmaf et al, In Proceedings ofACSAC11, 2011.Boshmaf et al. engineered a botnetserver, and measured the rate in whichpeople will fall for the attack.
  40. 40. Fifth Attack40http://www.flickr.com/photos/lars_in_japan/6129526077Insiders
  41. 41. Insiders‣ Cybersecurity is turning its eyes to insiderssuch as employees and subcontractors.41http://www.haaretz.co.il/news/law/1.1831775
  42. 42. The Risk‣ External threats countfor only 47.1% ofperceived risks by ITmanagers.‣ The majority of risk isfrom insiders andfrom managementlimitations.42AlgoSec 2012 Report
  43. 43. 2. The cyber-security Response43
  44. 44. Cybersecurity Responses44‣ Organizations andgovernments respond tocyber attacks by:‣ Developing technologies‣ Regulating organizations‣ Educating users and serviceproviders‣ Applying different levels ofmonitoringhttp://www.flickr.com/photos/6892190693
  45. 45. Israel National Cyber Bureau‣ The Israel National Cyber Bureaucan be seen as a test case forgovernment cybersecurityresponse.‣ The Bureau activities include:‣ Response formulation.‣ Regulation roadmap.‣ Research and development.45
  46. 46. Levels of ResponseTechnology, Research and EducationCitizenEducationSmall ServiceProvidersRegulationCivilOrganizationsPolicy and EnforcementGovernmentInternal Procedures
  47. 47. All Front‣ Unlike traditional warfare, there is no clearfront.‣ The question of how to regulate civicorganizations and individuals is still open.47
  48. 48. Cybersecurity Technologies48‣ Network Monitoring‣ Syntactic monitoring‣ Semantic monitoring‣ Identification systems‣ Monitoring systems
  49. 49. Syntactic Monitoring‣ Tracking the networkcommunication by:‣ Firewalls‣ Proxies‣ Radius servers‣ Monitoring is basedon IP characteristics,such as destination,origin etc.49
  50. 50. Syntactic Monitoring and Privacy‣ Sites users visit.‣ Applications used bythe user:‣ Bitorrent.‣ http / https.‣ VOIP.‣ Geographical originsand destinations.50
  51. 51. Semantic Monitoring‣ Application firewallslook at the content ofnetworkcommunication.‣ It operates bymonitoring andpotentially blocking theinput, output, andsystem service calls.51
  52. 52. What can it Block?52The most comprehensive Web Application threat mitigation• SQL injection• Cross-site scripting• Parameter tampering• Hidden field manipulation• Session manipulation• Cookie poisoning• Stealth commanding• Backdoor and debug options• Geolocation-based blocking• Application buffer overflow attacks• Brute force attacks• Data encoding• Unauthorized navigation• Gateway circumvention• Web server reconnaissance• SOAP and Web services manipulation• Parameters pollutionImpervaRadwareCitrix
  53. 53. State-Wide Monitoring‣ Direct connection tothe networkinfrastructure and toservice providers.‣ Big-Data: Readingeverything, detectingby MachineLearning.53
  54. 54. Insiders‣ To battle insidersfrom accessing thedata, organizations:‣ Design procedures fordata access.‣ Track end-userdevices.‣ Track communicationsand traces.54
  55. 55. Deep Device Monitoring‣ For example,Trusteer, an IsraeliStartup, providestechnology thatmonitors end-userdevices.‣ Every applicationis scanned for key-logging etc.55
  56. 56. Summary56
  57. 57. Cyber-Security and Privacy57CyberAttacksCyberSecurity
  58. 58. Cyber Attacks‣ Easier to carry out‣ But not necessarily easier to succeed.‣ Increasing threat to privacy.‣ We are all the victims of the Agron 2006 attack.‣ Increasing use of social engineering, personaldevices, human vulnerabilities.58
  59. 59. Cyber-Security‣ Deeper and wider monitoring‣ With a chilling effect on privacy.‣ The front is increasingly ubiquitous‣ Government, organizations, companies, services.59Where should be the line betweensecurity and privacy?
  60. 60. 60Eran TochDepartment of Industrial EngineeringTel Aviv University, Israelhttp://toch.tau.ac.il/erant@post.tau.ac.il

×