Successfully reported this slideshow.
Your SlideShare is downloading. ×


Upcoming SlideShare
Cns 1
Cns 1
Loading in …3

Check these out next

1 of 36 Ad

More Related Content

Similar to COMP416-Risk-and-threats_127798.pptx (20)

Recently uploaded (20)



  1. 1.  In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become vital to protect useful information from malicious activities such as attacks. Let us consider the types of attacks to which information is typically subjected to.
  2. 2. Attacks  Attacks are typically categorized based on the action performed by the attacker. An attack, thus, can be passive or active.
  3. 3. Passive Attacks  The main goal of a passive attack is to obtain unauthorized access to the information.  For example, actions such as intercepting and eavesdropping on the communication channel can be regarded as passive attack.
  4. 4. Passive Attacks  These actions are passive in nature, as they neither affect information nor disrupt the communication channel. A passive attack is often seen as stealing information. The only difference in stealing physical goods and stealing information is that theft of data still leaves the owner in possession of that data. Passive information attack is thus more dangerous than stealing of goods, as information theft may go unnoticed by the owner.
  5. 5. Active Attacks An active attack involves changing the information in some way by conducting some process on the information. For example,  Modifying the information in an unauthorized manner.  Initiating unintended or unauthorized transmission of information.  Alteration of authentication data such as originator name or timestamp associated with information  Unauthorized deletion of data.  Denial of access to information for legitimate users (denial of service).
  6. 6. 1) Web Application 2) Vulnerabilities 3) Social Networks 4) Malware / Virus 5) DDOS attacks (Denial of Service) 6) Phishing 7) Social Engineering 8) Insider Threat 9) Software Vulnerabilities 10) Wireless 11) Botnet 12) Spam 13) Targeted mails 14 ) Murder 15) Reputation Loss 16) Scams 17) Identity Theft 18) Privacy Violation Threats and Attacks
  7. 7. WEB APPLICATION: Web application security is the process of securing confidential data stored online from unauthorized access and modification.
  8. 8. Vulnerabilities: Vulnerability comes from the Latin word for "wound," vulnus Vulnerability is a Weekness in an information process, system security procedures internal control
  9. 9. Social Networks:
  10. 10. Malware: A virus is the most common type of malware, and it's defined as a malicious program that can execute itself and spreads by infecting other programs or files. And spyware is a kind of malware and their types: adware, bots, bugs, rootkits, spyware, Trojan horses, viruses, and worms.
  11. 11. Phishing: Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages.
  12. 12. Social Engineering: It is the most effective way to steal confidential data from an unsuspecting victims Insider Threat: An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices
  13. 13. Botnet: first detected in 2007, is one of the best-known and widely used malware types in the history of information security and common types are: Conficker, Zeus, Waledac, Mariposa and Kelihos.
  14. 14. Spam : Spam is electronic junk mail or junk newsgroup postings Targeted mails: A targeted attack refers to a type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity.
  15. 15. Scams: The term SCAM in the online world has been loosely translated. By definition, a scam is a quick-profit scheme where a person cheats another individual or group out of money by presenting them with false information during a deal or offer.
  16. 16. Identity theft: identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information, such as Social Security or driver's license numbers, in order to impersonate someone else. and some identity theft is Social Security Identity Theft. Financial Identity Theft. Driver's License Identity Theft. Criminal Identity Theft. Medical Identity Theft. Insurance Identity Theft. Synthetic Identity Theft.
  17. 17. Earlier Cryptographic Systems Before proceeding further, you need to know some facts about historical cryptosystems −  All of these systems are based on symmetric key encryption scheme.  The only security service these systems provide is confidentiality of information.  The earlier systems worked on alphabets as basic element.
  18. 18. Earlier Cryptographic Systems  These earlier cryptographic systems are also referred to as Ciphers.  In general, a cipher is simply just a set of steps (an algorithm) for performing both an encryption, and the corresponding decryption.
  19. 19. Caesar Cipher  It is a mono-alphabetic cipher wherein each letter of the plaintext is substituted by another letter to form the ciphertext. It is a simplest form of substitution cipher scheme.  This cryptosystem is generally referred to as the Shift Cipher. The concept is to replace each alphabet by another alphabet which is ‘shifted’ by some fixed number between 0 and 25.  For this type of scheme, both sender and receiver agree on a ‘secret shift number’ for shifting the alphabet. This number which is between 0 and 25 becomes the key of encryption.
  20. 20. Example of Shift Cipher  A shift cipher involves replacing each letter in the message by a letter that is some fixed number of positions further along in the alphabet. We’ll call this number the encryption key. It is just the length of the shift we are using. For example, upon encrypting the message “cookie” using a shift cipher with encryption key 3, we obtain the encoded message (or ciphertext): FRRNLH.
  21. 21. Example of Shift Cipher  To make all of this more mathematical, consider the following conversion table for the English alphabet:  i. Using the table, we can represent the letters in our message “cookie” with their corresponding numbers:  2 14 14 10 8 4.  ii. Now add 3 (the encryption key) to each number to get:  5 17 17 13 11 7.  iii. Now use the table to replace these numbers with their corresponding letters: FRRNLH
  22. 22. Monoalphabetic and Polyalphabetic Cipher  Monoalphabetic cipher is a substitution cipher in which for a given key, the cipher alphabet for each plain alphabet is fixed throughout the encryption process.  For example, if ‘A’ is encrypted as ‘D’, for any number of occurrence in that plaintext, ‘A’ will always get encrypted to ‘D’.
  23. 23. Monoalphabetic and Polyalphabetic Cipher  Polyalphabetic Cipher is a substitution cipher in which the cipher alphabet for the plain alphabet may be different at different places during the encryption process. The next two examples, playfair and Vigenere Cipher are polyalphabetic ciphers.
  24. 24. Playfair Cipher  in this scheme, pairs of letters are encrypted, instead of single letters as in the case of simple substitution cipher.  In playfair cipher, initially a key table is created. The key table is a 5×5 grid of alphabets that acts as the key for encrypting the plaintext. Each of the 25 alphabets must be unique and one letter of the alphabet (usually J) is omitted from the table as we need only 25 alphabets instead of 26. If the plaintext contains J, then it is replaced by I.
  25. 25. Playfair Cipher  The sender and the receiver deicide on a particular key, say ‘tutorials’. In a key table, the first characters (going left to right) in the table is the phrase, excluding the duplicate letters. The rest of the table will be filled with the remaining letters of the alphabet, in natural order. The key table works out to be −
  26. 26. Process of Playfair Cipher  First, a plaintext message is split into pairs of two letters (digraphs). If there is an odd number of letters, a Z is added to the last letter. Let us say we want to encrypt the message “hide money”. It will be written as −  HI DE MO NE YZ  The rules of encryption are −  If both the letters are in the same column, take the letter below each one (going back to the top if at the bottom)
  27. 27. Playfair Cipher  If neither of the preceding two rules are true, form a rectangle with the two letters and take the letters on the horizontal opposite corner of the rectangle.
  28. 28. Playfair Cipher  Using these rules, the result of the encryption of ‘hide money’ with the key of ‘tutorials’ would be −  QC EF NU MF ZV  Decrypting the Playfair cipher is as simple as doing the same process in reverse. Receiver has the same key and can create the same key table, and then decrypt any messages made using that key.
  29. 29. Playfair Cipher  Security Value It is also a substitution cipher and is difficult to break compared to the simple substitution cipher. As in case of substitution cipher, cryptanalysis is possible on the Playfair cipher as well, however it would be against 625 possible pairs of letters (25x25 alphabets) instead of 26 different possible alphabets. The Playfair cipher was used mainly to protect important, yet non-critical secrets, as it is quick to use and requires no special equipment.
  30. 30. Vigenere Cipher  Make a table  The key will be the same size as plain text  If the key is small then repeat the digit of key  E.x p=CAD k=ad then you make k=ada A B C D E F . . . A A B C D E F B B C D E F G C C D E F G H D D E F G H I E E F G H I J F F G H I J K . . . . . . . . . . . . . . . . . . . . .
  31. 31. Encryption in Vigenere Cipher  In this example k=CDE and p=CAD  We will get cipher text=EDH A B C D E F . . . A A B C D E F B B C D E F G C C D E F G H D D E F G H I E E F G H I J F F G H I J K . . . . . . . . . . . . . . . . . . . . .