SlideShare a Scribd company logo

Model pretnji za image pass - zoss

Download as PPTX, PDF
M
Milan Lukic

Prezentacija projekta analize modela pretnji za ImagePass mehanizam za grafičku autentifikaciju

Science
1 of 42
Model pretnji za ImagePass autentifikaciju
ImagePass Sistem za autentifikaciju zasnovan na grafičkim lozinkama: ▸ Prepoznavanje fotografija ▸ Koristi obučavajući set od 5x6 fotografija ▸ Autentifikacioni set od 4x4 fotografije ▸ Koriste se Single-Object fotografije 2
“ 3 Arhitektura sistema DB ImagePass Application User Web browser File system Cloud HTTPS
“ 4 Cloud
Cloud Klasifikacija cloud-a [1]: ▸ Privatni ▸ Javni ▸ Hibridni ▸ Community 5
Cloud Vrste slojeva (servisa) [2]: ▸ Sistemski (IaaS) ▸ Platformski (PaaS) ▸ Aplikacioni (SaaS) 6
Cloud Ključni sigurnosni zahtevi(CIA): ▸ Confidentiality ▸ Integrity ▸ Authentication ▸ Availability ▸ Authorization 7
“ 8 Cloud sigurnosne pretnje
Cloud sigurnosne pretnje 9 Data Loss and Data Breaches Account or Service Hijacking Insecure Interfaces and APIs Malicious Insiders Abusive use of Cloud Services
“ 10 Cloud sigurnosni napadi
Cloud sigurnosni napadi SQL Injection ❏ Izbegavati dinamički generisane SQL upite ❏ Filtriracija podataka sa ulaza pre samog upisa u bazu ❏ Parametrized queries i Prepared statements MITM (Man In The Middle) ❏ Pravilno konfigurisan SSL [7] ❏ Upotreba alata za enkripciju: Dsniff, Ettercap, Wsniff, Airjack
Cloud sigurnosni napadi DNS napadi: [9] ▸ DoS i DDoS ▸ NXDOMAIN ▸ TCP Syn floods ▸ DNS poisoning
Cloud sigurnosni napadi Šta je DNS?
Cloud sigurnosni napadi DoS i DDos:
Cloud sigurnosni napadi NXDOMAIN napad:
Cloud sigurnosni napadi TCP Syn floods:
Cloud sigurnosni napadi DNS poisoning:
Cloud sigurnosni napadi Rešenja protiv DNS napada: ▸ Sopstveni DNS resolver ▸ Sopstveni DNS server ▸ DNSSEC ▸ 2FA ▸ Zaključavanje modifikacija
Cloud sigurnosni napadi Sniffing napad: [10]
Cloud sigurnosni napadi Rešenja protiv Sniffing napada: ➢ Sprečavanje korišćenja nesigurnih mreža ➢ Upotreba VPN-a - enkripcija poruka ➢ Upotreba IDS sistema za uzbunu
Cloud Platforma koju bismo izabrali:
Cloud Razlozi: [11] ▸ Confidentiality ▹ Key Management Service (KMS), CERTIFICATE (SSL…) ▸ Integrity ▹ Hashing functions, public key cryptography ▸ Authentication ▹ IAM - Identity Access Magament ▸ Availability ▹ AutoScaling, LoadBalancing, Zone Deployment and Content Distribution Networks ▸ Authorization ▹ AWS S3 policy 22
“ 23 Napadi na bazu podataka
Active attacks [14] 24 ● Spoofing ● Splicing ● Replay
Passive attacks [14] 25 ● Static leakage ● Linkage leakage ● Dynamic leakage
SQLIA - with UNION query 26
SQLIA - error based 27
Odbrane od napada na BP 1. Access control - Mandatory access control - Discretionary access control - Role-based access control 28
Odbrane od napada na BP 2. Data encryption - Proces pretvaranja običnog teksta u kodiran tekst na osnovu enkripcijskog ključa i algoritma 29
SQLIA post-generated pristup 30 SQLIA Context Sensitive String Evaluation Parse tree evaluation based on grammar: Positive tainting and Syntax aware evaluation Pixy Program Query Language
“ 31 Napadi na transportovane podatke
Napadi na transportovane podatke preko HTTPS-a 32 Man In The Middle [13] Heartbleed [14] ARP Spoofing DNS Spoofing Triple Handshake Authentication Attack [15] DROWN [16]
ARP Spoofing 33
DNS Spoofing 34
Heartbleed 35
Triple Handshake Authentication attack 36
DROWN 37
DROWN 38
Reference ● [1] - Amara, N., Zhiqui, H. and Ali, A., 2017, October. Cloud computing security threats and attacks with their mitigation techniques. In 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) (pp. 244-251). IEEE. ● [2] - Chou, T.S., 2013. Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), p.79. ● [3] - "Cloud Computing-ENISA-Benefits, risks, and recommendations for information security," ENISA, 2009 ● [4] - CSA: The Notorious Nine Cloud Computing Top Threats," Cloud Security Alliance, 2013 ● [5] - A. Behl, "Emerging security challenges in cloud computing: An insight to cloud security challenges and their mitigation," in World Congress on Information and Communication Technologies (WICT), Mumbai, India, 2011 ● [6] - J. G. a. I. M. Mohamed Al Morsy, "An Analysis of the Cloud Computing Security Problem," in In Proceedings of APSEC Cloud Workshop, Sydney, Australia, 2010 ● [7] - P. K. A. Freier, "Netscape Communications," August 2011. ● [8] - A. B. P. Rakshitha C M, "A survey on detection and mitigation of zombie attacks in the cloud environment," in 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT) , Bangalore, India,2016. ● [9] - What is a DNS attack? - https://cybernews.com/resources/what-is-a-dns-attack/ ● [10] - What is Packet Sniffing Attack? - Types and How to Prevent It? - https://www.thecrazyprogrammer.com/2021/12/packet-sniffing- attack.html#How_to_Prevent_Packet_Sniffing_Attack ● [11] - Michael Soltys, March 31, 2020. -Cybersecurity in the AWS Cloud ● [12] - S. Kulkarni and S. Urolagin, "Review of Attacks on Databases and Database Security Techniques", International Journal of Emerging Technology and Advanced Engineering, vol. 2, no. 11, November 2012, ISSN 2250-2459. 39
Reference ● [13] - Kefei Cheng, Tingqiang Jia, Meng Gao, Research and Implementation of Three HTTPS Attacks, journal of networks, vol. 6, no. 5, May 2011 ● [14] - Marco Carvalho, Jared DeMott, Richard Ford, David A. Wheeler, Heartbleed 101, published by the IEEE Computer and Reliability Societies July/August 2014 ● [15] - Ali Alkazimi, Eduardo B. Fernandez, A Misuse Pattern for Transport Layer Security (TLS): Triple Handshake Authentication Attack ● [16] - Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adria, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar and Yuval Shavitt, DROWN: Breaking TLS using SSLv2, Proceedings of the 25th USENIX Security Symposium, August 2016 40
41 Hvala na pažnji!
Tim 5 42 Nikola Zejak E2 140/2021 Milan Lukić E2 77/2021 Milana Tucakov E2 138/2021

Recommended

"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesPantheon
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
project 11
project 11project 11
project 11K L University
 
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad SahputraContent Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputraidsecconf
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityferiuyolasyolas
 
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...PROIDEA
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesPantheon
 

Recommended

"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesPantheon
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
project 11
project 11project 11
project 11K L University
 
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad SahputraContent Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputraidsecconf
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityferiuyolasyolas
 
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...PROIDEA
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesPantheon
 
Web Security
Web SecurityWeb Security
Web SecurityADIEFEH
 
Zyncro security
Zyncro securityZyncro security
Zyncro securityCan dien tu TBD
 
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...Edureka!
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareKaspersky
 
"There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow""There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow"Christiaan Beek
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore apponix123
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)inventionjournals
 
Hashgraph as Code
Hashgraph as CodeHashgraph as Code
Hashgraph as CodeCalvin Cheng
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyEMC
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018randomuserid
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015n|u - The Open Security Community
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkSalam Shah
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseChristiaan Beek
 
603535ransomware
603535ransomware603535ransomware
603535ransomwareAlexander Constantinou
 
Https interception
Https interceptionHttps interception
Https interceptionAndrey Apuhtin
 
Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17Brian Vermeer
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Trupti Shiralkar, CISSP
 
e-Extortion Trends and Defense
e-Extortion Trends and Defensee-Extortion Trends and Defense
e-Extortion Trends and DefenseErik Iker
 
Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfHaris Chughtai
 
original research papers
original research papersoriginal research papers
original research papersrikaseorika
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3CCG
 

More Related Content

What's hot

Web Security
Web SecurityWeb Security
Web SecurityADIEFEH
 
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...Edureka!
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareKaspersky
 
"There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow""There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow"Christiaan Beek
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore apponix123
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)inventionjournals
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyEMC
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018randomuserid
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkSalam Shah
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseChristiaan Beek
 
Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17Brian Vermeer
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Trupti Shiralkar, CISSP
 
e-Extortion Trends and Defense
e-Extortion Trends and Defensee-Extortion Trends and Defense
e-Extortion Trends and DefenseErik Iker
 

What's hot (19)

Web Security
Web SecurityWeb Security
Web Security
 
Zyncro security
Zyncro securityZyncro security
Zyncro security
 
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry Ransomware
 
"There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow""There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow"
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
 
Hashgraph as Code
Hashgraph as CodeHashgraph as Code
Hashgraph as Code
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed Cryptography
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud network
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypse
 
603535ransomware
603535ransomware603535ransomware
603535ransomware
 
Https interception
Https interceptionHttps interception
Https interception
 
Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17Identity theft: Developers are key - JavaZone17
Identity theft: Developers are key - JavaZone17
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...
 
e-Extortion Trends and Defense
e-Extortion Trends and Defensee-Extortion Trends and Defense
e-Extortion Trends and Defense
 

Similar to Model pretnji za image pass - zoss

Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfHaris Chughtai
 
original research papers
original research papersoriginal research papers
original research papersrikaseorika
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3CCG
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...Manimaran A
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Implementation_of_User_Authentication_as
Implementation_of_User_Authentication_asImplementation_of_User_Authentication_as
Implementation_of_User_Authentication_asMasood Shah
 
Single Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using KerberosSingle Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using KerberosDeepak Bagga
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsSandeep Saxena
 
SecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the CloudsSecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the CloudsNexgen Technology
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computingijcnes
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET Journal
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingAnkit Singh
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computingijtsrd
 
Prevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptxPrevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptxNoorFathima60
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 

Similar to Model pretnji za image pass - zoss (20)

Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdf
 
original research papers
original research papersoriginal research papers
original research papers
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
Implementation_of_User_Authentication_as
Implementation_of_User_Authentication_asImplementation_of_User_Authentication_as
Implementation_of_User_Authentication_as
 
Single Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using KerberosSingle Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using Kerberos
 
R20BM564.pptx
R20BM564.pptxR20BM564.pptx
R20BM564.pptx
 
R20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptxR20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptx
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security Metrics
 
SecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the CloudsSecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the Clouds
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
 
MITx_Cyber security_Syllabus
MITx_Cyber security_SyllabusMITx_Cyber security_Syllabus
MITx_Cyber security_Syllabus
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computing
 
Prevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptxPrevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptx
 
IT CLOUD SECURITY
IT CLOUD SECURITYIT CLOUD SECURITY
IT CLOUD SECURITY
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 

Recently uploaded

PHOTOSYNTHETIC BACTERIA (OXYGENIC AND ANOXYGENIC)
PHOTOSYNTHETIC BACTERIA (OXYGENIC AND ANOXYGENIC)PHOTOSYNTHETIC BACTERIA (OXYGENIC AND ANOXYGENIC)
PHOTOSYNTHETIC BACTERIA (OXYGENIC AND ANOXYGENIC)kushbuR
 
PARENTAL CARE IN FISHES.pptx for 5th sem
PARENTAL CARE IN FISHES.pptx for 5th semPARENTAL CARE IN FISHES.pptx for 5th sem
PARENTAL CARE IN FISHES.pptx for 5th semborkhotudu123
 
Soil and Water Conservation Engineering (SWCE) is a specialized field of stud...
Soil and Water Conservation Engineering (SWCE) is a specialized field of stud...Soil and Water Conservation Engineering (SWCE) is a specialized field of stud...
Soil and Water Conservation Engineering (SWCE) is a specialized field of stud...yogeshlabana357357
 
MSC IV_Forensic medicine - Mechanical injuries.pdf
MSC IV_Forensic medicine - Mechanical injuries.pdfMSC IV_Forensic medicine - Mechanical injuries.pdf
MSC IV_Forensic medicine - Mechanical injuries.pdfSuchita Rawat
 
FORENSIC CHEMISTRY ARSON INVESTIGATION.pdf
FORENSIC CHEMISTRY ARSON INVESTIGATION.pdfFORENSIC CHEMISTRY ARSON INVESTIGATION.pdf
FORENSIC CHEMISTRY ARSON INVESTIGATION.pdfSuchita Rawat
 
POST TRANSCRIPTIONAL GENE SILENCING-AN INTRODUCTION.pptx
POST TRANSCRIPTIONAL GENE SILENCING-AN INTRODUCTION.pptxPOST TRANSCRIPTIONAL GENE SILENCING-AN INTRODUCTION.pptx
POST TRANSCRIPTIONAL GENE SILENCING-AN INTRODUCTION.pptxArpitaMishra69
 
MSCII_ FCT UNIT 5 TOXICOLOGY.pdf
MSCII_ FCT UNIT 5 TOXICOLOGY.pdfMSCII_ FCT UNIT 5 TOXICOLOGY.pdf
MSCII_ FCT UNIT 5 TOXICOLOGY.pdfSuchita Rawat
 
Factor Causing low production and physiology of mamary Gland
Factor Causing low production and physiology of mamary GlandFactor Causing low production and physiology of mamary Gland
Factor Causing low production and physiology of mamary GlandRcvets
 
Fun for mover student's book- English book for teaching.pdf
Fun for mover student's book- English book for teaching.pdfFun for mover student's book- English book for teaching.pdf
Fun for mover student's book- English book for teaching.pdfhoangquan21999
 
Polyethylene and its polymerization.pptx
Polyethylene and its polymerization.pptxPolyethylene and its polymerization.pptx
Polyethylene and its polymerization.pptxMuhammadRazzaq31
 
Information science research with large language models: between science and ...
Information science research with large language models: between science and ...Information science research with large language models: between science and ...
Information science research with large language models: between science and ...Fabiano Dalpiaz
 
Harry Coumnas Thinks That Human Teleportation is Possible in Quantum Mechanic...
Harry Coumnas Thinks That Human Teleportation is Possible in Quantum Mechanic...Harry Coumnas Thinks That Human Teleportation is Possible in Quantum Mechanic...
Harry Coumnas Thinks That Human Teleportation is Possible in Quantum Mechanic...kevin8smith
 
Heads-Up Multitasker: CHI 2024 Presentation.pdf
Heads-Up Multitasker: CHI 2024 Presentation.pdfHeads-Up Multitasker: CHI 2024 Presentation.pdf
Heads-Up Multitasker: CHI 2024 Presentation.pdfbyp19971001
 
GBSN - Biochemistry (Unit 3) Metabolism
GBSN - Biochemistry (Unit 3) MetabolismGBSN - Biochemistry (Unit 3) Metabolism
GBSN - Biochemistry (Unit 3) MetabolismAreesha Ahmad
 
Mining Activity and Investment Opportunity in Myanmar.pptx
Mining Activity and Investment Opportunity in Myanmar.pptxMining Activity and Investment Opportunity in Myanmar.pptx
Mining Activity and Investment Opportunity in Myanmar.pptxKyawThanTint
 
VILLAGE ATTACHMENT For rural agriculture PPT.pptx
VILLAGE ATTACHMENT For rural agriculture PPT.pptxVILLAGE ATTACHMENT For rural agriculture PPT.pptx
VILLAGE ATTACHMENT For rural agriculture PPT.pptxAQIBRASOOL4
 
RACEMIzATION AND ISOMERISATION completed.pptx
RACEMIzATION AND ISOMERISATION completed.pptxRACEMIzATION AND ISOMERISATION completed.pptx
RACEMIzATION AND ISOMERISATION completed.pptxArunLakshmiMeenakshi
 
Heat Units in plant physiology and the importance of Growing Degree days
Heat Units in plant physiology and the importance of Growing Degree daysHeat Units in plant physiology and the importance of Growing Degree days
Heat Units in plant physiology and the importance of Growing Degree daysBrahmesh Reddy B R
 

Recently uploaded (20)

PHOTOSYNTHETIC BACTERIA (OXYGENIC AND ANOXYGENIC)
PHOTOSYNTHETIC BACTERIA (OXYGENIC AND ANOXYGENIC)PHOTOSYNTHETIC BACTERIA (OXYGENIC AND ANOXYGENIC)
PHOTOSYNTHETIC BACTERIA (OXYGENIC AND ANOXYGENIC)
 
PARENTAL CARE IN FISHES.pptx for 5th sem
PARENTAL CARE IN FISHES.pptx for 5th semPARENTAL CARE IN FISHES.pptx for 5th sem
PARENTAL CARE IN FISHES.pptx for 5th sem
 
Soil and Water Conservation Engineering (SWCE) is a specialized field of stud...
Soil and Water Conservation Engineering (SWCE) is a specialized field of stud...Soil and Water Conservation Engineering (SWCE) is a specialized field of stud...
Soil and Water Conservation Engineering (SWCE) is a specialized field of stud...
 
ABHISHEK ANTIBIOTICS PPT MICROBIOLOGY // USES OF ANTIOBIOTICS TYPES OF ANTIB...
ABHISHEK ANTIBIOTICS PPT MICROBIOLOGY // USES OF ANTIOBIOTICS TYPES OF ANTIB...ABHISHEK ANTIBIOTICS PPT MICROBIOLOGY // USES OF ANTIOBIOTICS TYPES OF ANTIB...
ABHISHEK ANTIBIOTICS PPT MICROBIOLOGY // USES OF ANTIOBIOTICS TYPES OF ANTIB...
 
MSC IV_Forensic medicine - Mechanical injuries.pdf
MSC IV_Forensic medicine - Mechanical injuries.pdfMSC IV_Forensic medicine - Mechanical injuries.pdf
MSC IV_Forensic medicine - Mechanical injuries.pdf
 
FORENSIC CHEMISTRY ARSON INVESTIGATION.pdf
FORENSIC CHEMISTRY ARSON INVESTIGATION.pdfFORENSIC CHEMISTRY ARSON INVESTIGATION.pdf
FORENSIC CHEMISTRY ARSON INVESTIGATION.pdf
 
POST TRANSCRIPTIONAL GENE SILENCING-AN INTRODUCTION.pptx
POST TRANSCRIPTIONAL GENE SILENCING-AN INTRODUCTION.pptxPOST TRANSCRIPTIONAL GENE SILENCING-AN INTRODUCTION.pptx
POST TRANSCRIPTIONAL GENE SILENCING-AN INTRODUCTION.pptx
 
MSCII_ FCT UNIT 5 TOXICOLOGY.pdf
MSCII_ FCT UNIT 5 TOXICOLOGY.pdfMSCII_ FCT UNIT 5 TOXICOLOGY.pdf
MSCII_ FCT UNIT 5 TOXICOLOGY.pdf
 
Factor Causing low production and physiology of mamary Gland
Factor Causing low production and physiology of mamary GlandFactor Causing low production and physiology of mamary Gland
Factor Causing low production and physiology of mamary Gland
 
Fun for mover student's book- English book for teaching.pdf
Fun for mover student's book- English book for teaching.pdfFun for mover student's book- English book for teaching.pdf
Fun for mover student's book- English book for teaching.pdf
 
Polyethylene and its polymerization.pptx
Polyethylene and its polymerization.pptxPolyethylene and its polymerization.pptx
Polyethylene and its polymerization.pptx
 
Information science research with large language models: between science and ...
Information science research with large language models: between science and ...Information science research with large language models: between science and ...
Information science research with large language models: between science and ...
 
Harry Coumnas Thinks That Human Teleportation is Possible in Quantum Mechanic...
Harry Coumnas Thinks That Human Teleportation is Possible in Quantum Mechanic...Harry Coumnas Thinks That Human Teleportation is Possible in Quantum Mechanic...
Harry Coumnas Thinks That Human Teleportation is Possible in Quantum Mechanic...
 
HIV AND INFULENZA VIRUS PPT HIV PPT INFULENZA VIRUS PPT
HIV AND INFULENZA VIRUS PPT HIV PPT INFULENZA VIRUS PPTHIV AND INFULENZA VIRUS PPT HIV PPT INFULENZA VIRUS PPT
HIV AND INFULENZA VIRUS PPT HIV PPT INFULENZA VIRUS PPT
 
Heads-Up Multitasker: CHI 2024 Presentation.pdf
Heads-Up Multitasker: CHI 2024 Presentation.pdfHeads-Up Multitasker: CHI 2024 Presentation.pdf
Heads-Up Multitasker: CHI 2024 Presentation.pdf
 
GBSN - Biochemistry (Unit 3) Metabolism
GBSN - Biochemistry (Unit 3) MetabolismGBSN - Biochemistry (Unit 3) Metabolism
GBSN - Biochemistry (Unit 3) Metabolism
 
Mining Activity and Investment Opportunity in Myanmar.pptx
Mining Activity and Investment Opportunity in Myanmar.pptxMining Activity and Investment Opportunity in Myanmar.pptx
Mining Activity and Investment Opportunity in Myanmar.pptx
 
VILLAGE ATTACHMENT For rural agriculture PPT.pptx
VILLAGE ATTACHMENT For rural agriculture PPT.pptxVILLAGE ATTACHMENT For rural agriculture PPT.pptx
VILLAGE ATTACHMENT For rural agriculture PPT.pptx
 
RACEMIzATION AND ISOMERISATION completed.pptx
RACEMIzATION AND ISOMERISATION completed.pptxRACEMIzATION AND ISOMERISATION completed.pptx
RACEMIzATION AND ISOMERISATION completed.pptx
 
Heat Units in plant physiology and the importance of Growing Degree days
Heat Units in plant physiology and the importance of Growing Degree daysHeat Units in plant physiology and the importance of Growing Degree days
Heat Units in plant physiology and the importance of Growing Degree days
 

Model pretnji za image pass - zoss

  • 2. ImagePass Sistem za autentifikaciju zasnovan na grafičkim lozinkama: ▸ Prepoznavanje fotografija ▸ Koristi obučavajući set od 5x6 fotografija ▸ Autentifikacioni set od 4x4 fotografije ▸ Koriste se Single-Object fotografije 2
  • 5. Cloud Klasifikacija cloud-a [1]: ▸ Privatni ▸ Javni ▸ Hibridni ▸ Community 5
  • 6. Cloud Vrste slojeva (servisa) [2]: ▸ Sistemski (IaaS) ▸ Platformski (PaaS) ▸ Aplikacioni (SaaS) 6
  • 7. Cloud Ključni sigurnosni zahtevi(CIA): ▸ Confidentiality ▸ Integrity ▸ Authentication ▸ Availability ▸ Authorization 7
  • 9. Cloud sigurnosne pretnje 9 Data Loss and Data Breaches Account or Service Hijacking Insecure Interfaces and APIs Malicious Insiders Abusive use of Cloud Services
  • 11. Cloud sigurnosni napadi SQL Injection ❏ Izbegavati dinamički generisane SQL upite ❏ Filtriracija podataka sa ulaza pre samog upisa u bazu ❏ Parametrized queries i Prepared statements MITM (Man In The Middle) ❏ Pravilno konfigurisan SSL [7] ❏ Upotreba alata za enkripciju: Dsniff, Ettercap, Wsniff, Airjack
  • 12. Cloud sigurnosni napadi DNS napadi: [9] ▸ DoS i DDoS ▸ NXDOMAIN ▸ TCP Syn floods ▸ DNS poisoning
  • 18. Cloud sigurnosni napadi Rešenja protiv DNS napada: ▸ Sopstveni DNS resolver ▸ Sopstveni DNS server ▸ DNSSEC ▸ 2FA ▸ Zaključavanje modifikacija
  • 20. Cloud sigurnosni napadi Rešenja protiv Sniffing napada: ➢ Sprečavanje korišćenja nesigurnih mreža ➢ Upotreba VPN-a - enkripcija poruka ➢ Upotreba IDS sistema za uzbunu
  • 22. Cloud Razlozi: [11] ▸ Confidentiality ▹ Key Management Service (KMS), CERTIFICATE (SSL…) ▸ Integrity ▹ Hashing functions, public key cryptography ▸ Authentication ▹ IAM - Identity Access Magament ▸ Availability ▹ AutoScaling, LoadBalancing, Zone Deployment and Content Distribution Networks ▸ Authorization ▹ AWS S3 policy 22
  • 24. Active attacks [14] 24 ● Spoofing ● Splicing ● Replay
  • 25. Passive attacks [14] 25 ● Static leakage ● Linkage leakage ● Dynamic leakage
  • 26. SQLIA - with UNION query 26
  • 27. SQLIA - error based 27
  • 28. Odbrane od napada na BP 1. Access control - Mandatory access control - Discretionary access control - Role-based access control 28
  • 29. Odbrane od napada na BP 2. Data encryption - Proces pretvaranja običnog teksta u kodiran tekst na osnovu enkripcijskog ključa i algoritma 29
  • 30. SQLIA post-generated pristup 30 SQLIA Context Sensitive String Evaluation Parse tree evaluation based on grammar: Positive tainting and Syntax aware evaluation Pixy Program Query Language
  • 32. Napadi na transportovane podatke preko HTTPS-a 32 Man In The Middle [13] Heartbleed [14] ARP Spoofing DNS Spoofing Triple Handshake Authentication Attack [15] DROWN [16]
  • 39. Reference ● [1] - Amara, N., Zhiqui, H. and Ali, A., 2017, October. Cloud computing security threats and attacks with their mitigation techniques. In 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) (pp. 244-251). IEEE. ● [2] - Chou, T.S., 2013. Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), p.79. ● [3] - "Cloud Computing-ENISA-Benefits, risks, and recommendations for information security," ENISA, 2009 ● [4] - CSA: The Notorious Nine Cloud Computing Top Threats," Cloud Security Alliance, 2013 ● [5] - A. Behl, "Emerging security challenges in cloud computing: An insight to cloud security challenges and their mitigation," in World Congress on Information and Communication Technologies (WICT), Mumbai, India, 2011 ● [6] - J. G. a. I. M. Mohamed Al Morsy, "An Analysis of the Cloud Computing Security Problem," in In Proceedings of APSEC Cloud Workshop, Sydney, Australia, 2010 ● [7] - P. K. A. Freier, "Netscape Communications," August 2011. ● [8] - A. B. P. Rakshitha C M, "A survey on detection and mitigation of zombie attacks in the cloud environment," in 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT) , Bangalore, India,2016. ● [9] - What is a DNS attack? - https://cybernews.com/resources/what-is-a-dns-attack/ ● [10] - What is Packet Sniffing Attack? - Types and How to Prevent It? - https://www.thecrazyprogrammer.com/2021/12/packet-sniffing- attack.html#How_to_Prevent_Packet_Sniffing_Attack ● [11] - Michael Soltys, March 31, 2020. -Cybersecurity in the AWS Cloud ● [12] - S. Kulkarni and S. Urolagin, "Review of Attacks on Databases and Database Security Techniques", International Journal of Emerging Technology and Advanced Engineering, vol. 2, no. 11, November 2012, ISSN 2250-2459. 39
  • 40. Reference ● [13] - Kefei Cheng, Tingqiang Jia, Meng Gao, Research and Implementation of Three HTTPS Attacks, journal of networks, vol. 6, no. 5, May 2011 ● [14] - Marco Carvalho, Jared DeMott, Richard Ford, David A. Wheeler, Heartbleed 101, published by the IEEE Computer and Reliability Societies July/August 2014 ● [15] - Ali Alkazimi, Eduardo B. Fernandez, A Misuse Pattern for Transport Layer Security (TLS): Triple Handshake Authentication Attack ● [16] - Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adria, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar and Yuval Shavitt, DROWN: Breaking TLS using SSLv2, Proceedings of the 25th USENIX Security Symposium, August 2016 40
  • 42. Tim 5 42 Nikola Zejak E2 140/2021 Milan Lukić E2 77/2021 Milana Tucakov E2 138/2021