SlideShare a Scribd company logo

Model pretnji za image pass - zoss

Download as PPTX, PDF
M
Milan Lukic

The document discusses security threats and attacks related to cloud computing. It describes different types of cloud computing models and service layers. The main security requirements of confidentiality, integrity, authentication, availability and authorization are outlined. Specific threats are then examined such as data breaches, account hijacking, insecure interfaces, malicious insiders and abusive cloud services. Common attacks like SQL injection, man-in-the-middle, DNS attacks, DoS/DDoS, and sniffing are also summarized along with potential mitigation techniques. Security challenges relating to database attacks and transport layer security are briefly covered as well.

Science
1 of 42
Model pretnji za ImagePass autentifikaciju
ImagePass Sistem za autentifikaciju zasnovan na grafičkim lozinkama: ▸ Prepoznavanje fotografija ▸ Koristi obučavajući set od 5x6 fotografija ▸ Autentifikacioni set od 4x4 fotografije ▸ Koriste se Single-Object fotografije 2
“ 3 Arhitektura sistema DB ImagePass Application User Web browser File system Cloud HTTPS
“ 4 Cloud
Cloud Klasifikacija cloud-a [1]: ▸ Privatni ▸ Javni ▸ Hibridni ▸ Community 5
Cloud Vrste slojeva (servisa) [2]: ▸ Sistemski (IaaS) ▸ Platformski (PaaS) ▸ Aplikacioni (SaaS) 6
Cloud Ključni sigurnosni zahtevi(CIA): ▸ Confidentiality ▸ Integrity ▸ Authentication ▸ Availability ▸ Authorization 7
“ 8 Cloud sigurnosne pretnje
Cloud sigurnosne pretnje 9 Data Loss and Data Breaches Account or Service Hijacking Insecure Interfaces and APIs Malicious Insiders Abusive use of Cloud Services
“ 10 Cloud sigurnosni napadi
Cloud sigurnosni napadi SQL Injection ❏ Izbegavati dinamički generisane SQL upite ❏ Filtriracija podataka sa ulaza pre samog upisa u bazu ❏ Parametrized queries i Prepared statements MITM (Man In The Middle) ❏ Pravilno konfigurisan SSL [7] ❏ Upotreba alata za enkripciju: Dsniff, Ettercap, Wsniff, Airjack
Cloud sigurnosni napadi DNS napadi: [9] ▸ DoS i DDoS ▸ NXDOMAIN ▸ TCP Syn floods ▸ DNS poisoning
Cloud sigurnosni napadi Šta je DNS?
Cloud sigurnosni napadi DoS i DDos:
Cloud sigurnosni napadi NXDOMAIN napad:
Cloud sigurnosni napadi TCP Syn floods:
Cloud sigurnosni napadi DNS poisoning:
Cloud sigurnosni napadi Rešenja protiv DNS napada: ▸ Sopstveni DNS resolver ▸ Sopstveni DNS server ▸ DNSSEC ▸ 2FA ▸ Zaključavanje modifikacija
Cloud sigurnosni napadi Sniffing napad: [10]
Cloud sigurnosni napadi Rešenja protiv Sniffing napada: ➢ Sprečavanje korišćenja nesigurnih mreža ➢ Upotreba VPN-a - enkripcija poruka ➢ Upotreba IDS sistema za uzbunu
Cloud Platforma koju bismo izabrali:
Cloud Razlozi: [11] ▸ Confidentiality ▹ Key Management Service (KMS), CERTIFICATE (SSL…) ▸ Integrity ▹ Hashing functions, public key cryptography ▸ Authentication ▹ IAM - Identity Access Magament ▸ Availability ▹ AutoScaling, LoadBalancing, Zone Deployment and Content Distribution Networks ▸ Authorization ▹ AWS S3 policy 22
“ 23 Napadi na bazu podataka
Active attacks [14] 24 ● Spoofing ● Splicing ● Replay
Passive attacks [14] 25 ● Static leakage ● Linkage leakage ● Dynamic leakage
SQLIA - with UNION query 26
SQLIA - error based 27
Odbrane od napada na BP 1. Access control - Mandatory access control - Discretionary access control - Role-based access control 28
Odbrane od napada na BP 2. Data encryption - Proces pretvaranja običnog teksta u kodiran tekst na osnovu enkripcijskog ključa i algoritma 29
SQLIA post-generated pristup 30 SQLIA Context Sensitive String Evaluation Parse tree evaluation based on grammar: Positive tainting and Syntax aware evaluation Pixy Program Query Language
“ 31 Napadi na transportovane podatke
Napadi na transportovane podatke preko HTTPS-a 32 Man In The Middle [13] Heartbleed [14] ARP Spoofing DNS Spoofing Triple Handshake Authentication Attack [15] DROWN [16]
ARP Spoofing 33
DNS Spoofing 34
Heartbleed 35
Triple Handshake Authentication attack 36
DROWN 37
DROWN 38
Reference ● [1] - Amara, N., Zhiqui, H. and Ali, A., 2017, October. Cloud computing security threats and attacks with their mitigation techniques. In 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) (pp. 244-251). IEEE. ● [2] - Chou, T.S., 2013. Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), p.79. ● [3] - "Cloud Computing-ENISA-Benefits, risks, and recommendations for information security," ENISA, 2009 ● [4] - CSA: The Notorious Nine Cloud Computing Top Threats," Cloud Security Alliance, 2013 ● [5] - A. Behl, "Emerging security challenges in cloud computing: An insight to cloud security challenges and their mitigation," in World Congress on Information and Communication Technologies (WICT), Mumbai, India, 2011 ● [6] - J. G. a. I. M. Mohamed Al Morsy, "An Analysis of the Cloud Computing Security Problem," in In Proceedings of APSEC Cloud Workshop, Sydney, Australia, 2010 ● [7] - P. K. A. Freier, "Netscape Communications," August 2011. ● [8] - A. B. P. Rakshitha C M, "A survey on detection and mitigation of zombie attacks in the cloud environment," in 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT) , Bangalore, India,2016. ● [9] - What is a DNS attack? - https://cybernews.com/resources/what-is-a-dns-attack/ ● [10] - What is Packet Sniffing Attack? - Types and How to Prevent It? - https://www.thecrazyprogrammer.com/2021/12/packet-sniffing- attack.html#How_to_Prevent_Packet_Sniffing_Attack ● [11] - Michael Soltys, March 31, 2020. -Cybersecurity in the AWS Cloud ● [12] - S. Kulkarni and S. Urolagin, "Review of Attacks on Databases and Database Security Techniques", International Journal of Emerging Technology and Advanced Engineering, vol. 2, no. 11, November 2012, ISSN 2250-2459. 39
Reference ● [13] - Kefei Cheng, Tingqiang Jia, Meng Gao, Research and Implementation of Three HTTPS Attacks, journal of networks, vol. 6, no. 5, May 2011 ● [14] - Marco Carvalho, Jared DeMott, Richard Ford, David A. Wheeler, Heartbleed 101, published by the IEEE Computer and Reliability Societies July/August 2014 ● [15] - Ali Alkazimi, Eduardo B. Fernandez, A Misuse Pattern for Transport Layer Security (TLS): Triple Handshake Authentication Attack ● [16] - Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adria, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar and Yuval Shavitt, DROWN: Breaking TLS using SSLv2, Proceedings of the 25th USENIX Security Symposium, August 2016 40
41 Hvala na pažnji!
Tim 5 42 Nikola Zejak E2 140/2021 Milan Lukić E2 77/2021 Milana Tucakov E2 138/2021

Recommended

"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
PROIDEA
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 Sites
Pantheon
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
PROIDEA
 
project 11
project 11project 11
project 11
K L University
 
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad SahputraContent Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
idsecconf
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurity
feriuyolasyolas
 
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
PROIDEA
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Pantheon
 

Recommended

"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
PROIDEA
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 Sites
Pantheon
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
PROIDEA
 
project 11
project 11project 11
project 11
K L University
 
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad SahputraContent Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
idsecconf
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurity
feriuyolasyolas
 
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
PROIDEA
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Pantheon
 
Web Security
Web SecurityWeb Security
Web Security
ADIEFEH
 
Zyncro security
Zyncro securityZyncro security
Zyncro security
Can dien tu TBD
 
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Edureka!
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry Ransomware
Kaspersky
 
"There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow""There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow"
Christiaan Beek
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
apponix123
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
Hashgraph as Code
Hashgraph as CodeHashgraph as Code
Hashgraph as Code
Calvin Cheng
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed Cryptography
EMC
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
RSIS International
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
randomuserid
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
n|u - The Open Security Community
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud network
Salam Shah
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypse
Christiaan Beek
 
603535ransomware
603535ransomware603535ransomware
603535ransomware
Alexander Constantinou
 
Https interception
Https interceptionHttps interception
Https interception
Andrey Apuhtin
 
Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17
Brian Vermeer
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
e-Extortion Trends and Defense
e-Extortion Trends and Defensee-Extortion Trends and Defense
e-Extortion Trends and Defense
Erik Iker
 
Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdf
Haris Chughtai
 
original research papers
original research papersoriginal research papers
original research papers
rikaseorika
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
CCG
 

More Related Content

What's hot

Web Security
Web SecurityWeb Security
Web Security
ADIEFEH
 
Zyncro security
Zyncro securityZyncro security
Zyncro security
Can dien tu TBD
 
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Edureka!
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry Ransomware
Kaspersky
 
"There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow""There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow"
Christiaan Beek
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
apponix123
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
Hashgraph as Code
Hashgraph as CodeHashgraph as Code
Hashgraph as Code
Calvin Cheng
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed Cryptography
EMC
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
RSIS International
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
randomuserid
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
n|u - The Open Security Community
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud network
Salam Shah
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypse
Christiaan Beek
 
603535ransomware
603535ransomware603535ransomware
603535ransomware
Alexander Constantinou
 
Https interception
Https interceptionHttps interception
Https interception
Andrey Apuhtin
 
Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17
Brian Vermeer
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
e-Extortion Trends and Defense
e-Extortion Trends and Defensee-Extortion Trends and Defense
e-Extortion Trends and Defense
Erik Iker
 

What's hot (19)

Web Security
Web SecurityWeb Security
Web Security
 
Zyncro security
Zyncro securityZyncro security
Zyncro security
 
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry Ransomware
 
"There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow""There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow"
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
 
Hashgraph as Code
Hashgraph as CodeHashgraph as Code
Hashgraph as Code
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed Cryptography
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud network
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypse
 
603535ransomware
603535ransomware603535ransomware
603535ransomware
 
Https interception
Https interceptionHttps interception
Https interception
 
Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...
 
e-Extortion Trends and Defense
e-Extortion Trends and Defensee-Extortion Trends and Defense
e-Extortion Trends and Defense
 

Similar to Model pretnji za image pass - zoss

Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdf
Haris Chughtai
 
original research papers
original research papersoriginal research papers
original research papers
rikaseorika
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
CCG
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
RituparnaNag
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...
Manimaran A
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
EC-Council
 
Implementation_of_User_Authentication_as
Implementation_of_User_Authentication_asImplementation_of_User_Authentication_as
Implementation_of_User_Authentication_as
Masood Shah
 
Single Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using KerberosSingle Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using Kerberos
Deepak Bagga
 
R20BM564.pptx
R20BM564.pptxR20BM564.pptx
R20BM564.pptx
MADARAUCHIHA278827
 
R20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptxR20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptx
MADARAUCHIHA278827
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security Metrics
Sandeep Saxena
 
SecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the CloudsSecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the Clouds
Nexgen Technology
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
ijcnes
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET Journal
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
Ankit Singh
 
MITx_Cyber security_Syllabus
MITx_Cyber security_SyllabusMITx_Cyber security_Syllabus
MITx_Cyber security_Syllabus
Prakash Prasad ✔
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computing
ijtsrd
 
Prevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptxPrevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptx
NoorFathima60
 
IT CLOUD SECURITY
IT CLOUD SECURITYIT CLOUD SECURITY
IT CLOUD SECURITY
Skillmine Technology Consulting
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 

Similar to Model pretnji za image pass - zoss (20)

Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdf
 
original research papers
original research papersoriginal research papers
original research papers
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
Implementation_of_User_Authentication_as
Implementation_of_User_Authentication_asImplementation_of_User_Authentication_as
Implementation_of_User_Authentication_as
 
Single Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using KerberosSingle Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using Kerberos
 
R20BM564.pptx
R20BM564.pptxR20BM564.pptx
R20BM564.pptx
 
R20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptxR20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptx
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security Metrics
 
SecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the CloudsSecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the Clouds
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
 
MITx_Cyber security_Syllabus
MITx_Cyber security_SyllabusMITx_Cyber security_Syllabus
MITx_Cyber security_Syllabus
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computing
 
Prevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptxPrevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptx
 
IT CLOUD SECURITY
IT CLOUD SECURITYIT CLOUD SECURITY
IT CLOUD SECURITY
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 

Recently uploaded

Eukaryotic Transcription Presentation.pptx
Eukaryotic Transcription Presentation.pptxEukaryotic Transcription Presentation.pptx
Eukaryotic Transcription Presentation.pptx
RitabrataSarkar3
 
11.1 Role of physical biological in deterioration of grains.pdf
11.1 Role of physical biological in deterioration of grains.pdf11.1 Role of physical biological in deterioration of grains.pdf
11.1 Role of physical biological in deterioration of grains.pdf
PirithiRaju
 
Gadgets for management of stored product pests_Dr.UPR.pdf
Gadgets for management of stored product pests_Dr.UPR.pdfGadgets for management of stored product pests_Dr.UPR.pdf
Gadgets for management of stored product pests_Dr.UPR.pdf
PirithiRaju
 
HOW DO ORGANISMS REPRODUCE?reproduction part 1
HOW DO ORGANISMS REPRODUCE?reproduction part 1HOW DO ORGANISMS REPRODUCE?reproduction part 1
HOW DO ORGANISMS REPRODUCE?reproduction part 1
Shashank Shekhar Pandey
 
快速办理(UAM毕业证书)马德里自治大学毕业证学位证一模一样
快速办理(UAM毕业证书)马德里自治大学毕业证学位证一模一样快速办理(UAM毕业证书)马德里自治大学毕业证学位证一模一样
快速办理(UAM毕业证书)马德里自治大学毕业证学位证一模一样
hozt8xgk
 
aziz sancar nobel prize winner: from mardin to nobel
aziz sancar nobel prize winner: from mardin to nobelaziz sancar nobel prize winner: from mardin to nobel
aziz sancar nobel prize winner: from mardin to nobel
İsa Badur
 
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
Scintica Instrumentation
 
The debris of the ‘last major merger’ is dynamically young
The debris of the ‘last major merger’ is dynamically youngThe debris of the ‘last major merger’ is dynamically young
The debris of the ‘last major merger’ is dynamically young
Sérgio Sacani
 
23PH301 - Optics - Optical Lenses.pptx
23PH301 - Optics - Optical Lenses.pptx23PH301 - Optics - Optical Lenses.pptx
23PH301 - Optics - Optical Lenses.pptx
RDhivya6
 
Immersive Learning That Works: Research Grounding and Paths Forward
Immersive Learning That Works: Research Grounding and Paths ForwardImmersive Learning That Works: Research Grounding and Paths Forward
Immersive Learning That Works: Research Grounding and Paths Forward
Leonel Morgado
 
GBSN - Biochemistry (Unit 6) Chemistry of Proteins
GBSN - Biochemistry (Unit 6) Chemistry of ProteinsGBSN - Biochemistry (Unit 6) Chemistry of Proteins
GBSN - Biochemistry (Unit 6) Chemistry of Proteins
Areesha Ahmad
 
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
Travis Hills MN
 
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
vluwdy49
 
8.Isolation of pure cultures and preservation of cultures.pdf
8.Isolation of pure cultures and preservation of cultures.pdf8.Isolation of pure cultures and preservation of cultures.pdf
8.Isolation of pure cultures and preservation of cultures.pdf
by6843629
 
Sciences of Europe journal No 142 (2024)
Sciences of Europe journal No 142 (2024)Sciences of Europe journal No 142 (2024)
Sciences of Europe journal No 142 (2024)
Sciences of Europe
 
Pests of Storage_Identification_Dr.UPR.pdf
Pests of Storage_Identification_Dr.UPR.pdfPests of Storage_Identification_Dr.UPR.pdf
Pests of Storage_Identification_Dr.UPR.pdf
PirithiRaju
 
Modelo de slide quimica para powerpoint
Modelo de slide quimica para powerpointModelo de slide quimica para powerpoint
Modelo de slide quimica para powerpoint
Karen593256
 
The binding of cosmological structures by massless topological defects
The binding of cosmological structures by massless topological defectsThe binding of cosmological structures by massless topological defects
The binding of cosmological structures by massless topological defects
Sérgio Sacani
 
molar-distalization in orthodontics-seminar.pptx
molar-distalization in orthodontics-seminar.pptxmolar-distalization in orthodontics-seminar.pptx
molar-distalization in orthodontics-seminar.pptx
Anagha Prasad
 
EWOCS-I: The catalog of X-ray sources in Westerlund 1 from the Extended Weste...
EWOCS-I: The catalog of X-ray sources in Westerlund 1 from the Extended Weste...EWOCS-I: The catalog of X-ray sources in Westerlund 1 from the Extended Weste...
EWOCS-I: The catalog of X-ray sources in Westerlund 1 from the Extended Weste...
Sérgio Sacani
 

Recently uploaded (20)

Eukaryotic Transcription Presentation.pptx
Eukaryotic Transcription Presentation.pptxEukaryotic Transcription Presentation.pptx
Eukaryotic Transcription Presentation.pptx
 
11.1 Role of physical biological in deterioration of grains.pdf
11.1 Role of physical biological in deterioration of grains.pdf11.1 Role of physical biological in deterioration of grains.pdf
11.1 Role of physical biological in deterioration of grains.pdf
 
Gadgets for management of stored product pests_Dr.UPR.pdf
Gadgets for management of stored product pests_Dr.UPR.pdfGadgets for management of stored product pests_Dr.UPR.pdf
Gadgets for management of stored product pests_Dr.UPR.pdf
 
HOW DO ORGANISMS REPRODUCE?reproduction part 1
HOW DO ORGANISMS REPRODUCE?reproduction part 1HOW DO ORGANISMS REPRODUCE?reproduction part 1
HOW DO ORGANISMS REPRODUCE?reproduction part 1
 
快速办理(UAM毕业证书)马德里自治大学毕业证学位证一模一样
快速办理(UAM毕业证书)马德里自治大学毕业证学位证一模一样快速办理(UAM毕业证书)马德里自治大学毕业证学位证一模一样
快速办理(UAM毕业证书)马德里自治大学毕业证学位证一模一样
 
aziz sancar nobel prize winner: from mardin to nobel
aziz sancar nobel prize winner: from mardin to nobelaziz sancar nobel prize winner: from mardin to nobel
aziz sancar nobel prize winner: from mardin to nobel
 
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
 
The debris of the ‘last major merger’ is dynamically young
The debris of the ‘last major merger’ is dynamically youngThe debris of the ‘last major merger’ is dynamically young
The debris of the ‘last major merger’ is dynamically young
 
23PH301 - Optics - Optical Lenses.pptx
23PH301 - Optics - Optical Lenses.pptx23PH301 - Optics - Optical Lenses.pptx
23PH301 - Optics - Optical Lenses.pptx
 
Immersive Learning That Works: Research Grounding and Paths Forward
Immersive Learning That Works: Research Grounding and Paths ForwardImmersive Learning That Works: Research Grounding and Paths Forward
Immersive Learning That Works: Research Grounding and Paths Forward
 
GBSN - Biochemistry (Unit 6) Chemistry of Proteins
GBSN - Biochemistry (Unit 6) Chemistry of ProteinsGBSN - Biochemistry (Unit 6) Chemistry of Proteins
GBSN - Biochemistry (Unit 6) Chemistry of Proteins
 
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
 
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
 
8.Isolation of pure cultures and preservation of cultures.pdf
8.Isolation of pure cultures and preservation of cultures.pdf8.Isolation of pure cultures and preservation of cultures.pdf
8.Isolation of pure cultures and preservation of cultures.pdf
 
Sciences of Europe journal No 142 (2024)
Sciences of Europe journal No 142 (2024)Sciences of Europe journal No 142 (2024)
Sciences of Europe journal No 142 (2024)
 
Pests of Storage_Identification_Dr.UPR.pdf
Pests of Storage_Identification_Dr.UPR.pdfPests of Storage_Identification_Dr.UPR.pdf
Pests of Storage_Identification_Dr.UPR.pdf
 
Modelo de slide quimica para powerpoint
Modelo de slide quimica para powerpointModelo de slide quimica para powerpoint
Modelo de slide quimica para powerpoint
 
The binding of cosmological structures by massless topological defects
The binding of cosmological structures by massless topological defectsThe binding of cosmological structures by massless topological defects
The binding of cosmological structures by massless topological defects
 
molar-distalization in orthodontics-seminar.pptx
molar-distalization in orthodontics-seminar.pptxmolar-distalization in orthodontics-seminar.pptx
molar-distalization in orthodontics-seminar.pptx
 
EWOCS-I: The catalog of X-ray sources in Westerlund 1 from the Extended Weste...
EWOCS-I: The catalog of X-ray sources in Westerlund 1 from the Extended Weste...EWOCS-I: The catalog of X-ray sources in Westerlund 1 from the Extended Weste...
EWOCS-I: The catalog of X-ray sources in Westerlund 1 from the Extended Weste...
 

Model pretnji za image pass - zoss

  • 2. ImagePass Sistem za autentifikaciju zasnovan na grafičkim lozinkama: ▸ Prepoznavanje fotografija ▸ Koristi obučavajući set od 5x6 fotografija ▸ Autentifikacioni set od 4x4 fotografije ▸ Koriste se Single-Object fotografije 2
  • 5. Cloud Klasifikacija cloud-a [1]: ▸ Privatni ▸ Javni ▸ Hibridni ▸ Community 5
  • 6. Cloud Vrste slojeva (servisa) [2]: ▸ Sistemski (IaaS) ▸ Platformski (PaaS) ▸ Aplikacioni (SaaS) 6
  • 7. Cloud Ključni sigurnosni zahtevi(CIA): ▸ Confidentiality ▸ Integrity ▸ Authentication ▸ Availability ▸ Authorization 7
  • 9. Cloud sigurnosne pretnje 9 Data Loss and Data Breaches Account or Service Hijacking Insecure Interfaces and APIs Malicious Insiders Abusive use of Cloud Services
  • 11. Cloud sigurnosni napadi SQL Injection ❏ Izbegavati dinamički generisane SQL upite ❏ Filtriracija podataka sa ulaza pre samog upisa u bazu ❏ Parametrized queries i Prepared statements MITM (Man In The Middle) ❏ Pravilno konfigurisan SSL [7] ❏ Upotreba alata za enkripciju: Dsniff, Ettercap, Wsniff, Airjack
  • 12. Cloud sigurnosni napadi DNS napadi: [9] ▸ DoS i DDoS ▸ NXDOMAIN ▸ TCP Syn floods ▸ DNS poisoning
  • 18. Cloud sigurnosni napadi Rešenja protiv DNS napada: ▸ Sopstveni DNS resolver ▸ Sopstveni DNS server ▸ DNSSEC ▸ 2FA ▸ Zaključavanje modifikacija
  • 20. Cloud sigurnosni napadi Rešenja protiv Sniffing napada: ➢ Sprečavanje korišćenja nesigurnih mreža ➢ Upotreba VPN-a - enkripcija poruka ➢ Upotreba IDS sistema za uzbunu
  • 22. Cloud Razlozi: [11] ▸ Confidentiality ▹ Key Management Service (KMS), CERTIFICATE (SSL…) ▸ Integrity ▹ Hashing functions, public key cryptography ▸ Authentication ▹ IAM - Identity Access Magament ▸ Availability ▹ AutoScaling, LoadBalancing, Zone Deployment and Content Distribution Networks ▸ Authorization ▹ AWS S3 policy 22
  • 24. Active attacks [14] 24 ● Spoofing ● Splicing ● Replay
  • 25. Passive attacks [14] 25 ● Static leakage ● Linkage leakage ● Dynamic leakage
  • 26. SQLIA - with UNION query 26
  • 27. SQLIA - error based 27
  • 28. Odbrane od napada na BP 1. Access control - Mandatory access control - Discretionary access control - Role-based access control 28
  • 29. Odbrane od napada na BP 2. Data encryption - Proces pretvaranja običnog teksta u kodiran tekst na osnovu enkripcijskog ključa i algoritma 29
  • 30. SQLIA post-generated pristup 30 SQLIA Context Sensitive String Evaluation Parse tree evaluation based on grammar: Positive tainting and Syntax aware evaluation Pixy Program Query Language
  • 32. Napadi na transportovane podatke preko HTTPS-a 32 Man In The Middle [13] Heartbleed [14] ARP Spoofing DNS Spoofing Triple Handshake Authentication Attack [15] DROWN [16]
  • 39. Reference ● [1] - Amara, N., Zhiqui, H. and Ali, A., 2017, October. Cloud computing security threats and attacks with their mitigation techniques. In 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) (pp. 244-251). IEEE. ● [2] - Chou, T.S., 2013. Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), p.79. ● [3] - "Cloud Computing-ENISA-Benefits, risks, and recommendations for information security," ENISA, 2009 ● [4] - CSA: The Notorious Nine Cloud Computing Top Threats," Cloud Security Alliance, 2013 ● [5] - A. Behl, "Emerging security challenges in cloud computing: An insight to cloud security challenges and their mitigation," in World Congress on Information and Communication Technologies (WICT), Mumbai, India, 2011 ● [6] - J. G. a. I. M. Mohamed Al Morsy, "An Analysis of the Cloud Computing Security Problem," in In Proceedings of APSEC Cloud Workshop, Sydney, Australia, 2010 ● [7] - P. K. A. Freier, "Netscape Communications," August 2011. ● [8] - A. B. P. Rakshitha C M, "A survey on detection and mitigation of zombie attacks in the cloud environment," in 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT) , Bangalore, India,2016. ● [9] - What is a DNS attack? - https://cybernews.com/resources/what-is-a-dns-attack/ ● [10] - What is Packet Sniffing Attack? - Types and How to Prevent It? - https://www.thecrazyprogrammer.com/2021/12/packet-sniffing- attack.html#How_to_Prevent_Packet_Sniffing_Attack ● [11] - Michael Soltys, March 31, 2020. -Cybersecurity in the AWS Cloud ● [12] - S. Kulkarni and S. Urolagin, "Review of Attacks on Databases and Database Security Techniques", International Journal of Emerging Technology and Advanced Engineering, vol. 2, no. 11, November 2012, ISSN 2250-2459. 39
  • 40. Reference ● [13] - Kefei Cheng, Tingqiang Jia, Meng Gao, Research and Implementation of Three HTTPS Attacks, journal of networks, vol. 6, no. 5, May 2011 ● [14] - Marco Carvalho, Jared DeMott, Richard Ford, David A. Wheeler, Heartbleed 101, published by the IEEE Computer and Reliability Societies July/August 2014 ● [15] - Ali Alkazimi, Eduardo B. Fernandez, A Misuse Pattern for Transport Layer Security (TLS): Triple Handshake Authentication Attack ● [16] - Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adria, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar and Yuval Shavitt, DROWN: Breaking TLS using SSLv2, Proceedings of the 25th USENIX Security Symposium, August 2016 40
  • 42. Tim 5 42 Nikola Zejak E2 140/2021 Milan Lukić E2 77/2021 Milana Tucakov E2 138/2021