 So, to introduce the course, we want to actually introduce what do we mean by security? What are some different definitions of security with respect to IT security, computer security and network security? And today we'll go through some of the concepts and terminology that's used and that we'll see throughout the rest of the course. Let's get started. Here's a definition from NIST. NIST is a standards organization. They create standards in the US, the National Institute of Standards and Technology, and they actually have a handbook because they provide advice to governments and other organizations of how to secure their computer systems. So this is from there, what do they mean by computer security? The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources. So there's a few key points in that definition. We want to protect an automated information system or maybe protect a computer system and we want to preserve the integrity, availability and confidentiality of information system resources. So resources in an information system usually include the information, we want to protect information, data files for example, and also other resources like the computing resources, parts of the computer, the software and hardware. So preserve the integrity, availability and confidentiality of information and related resources. So the next slide talks about those three things that we want to preserve. But in a different order, confidentiality, integrity and availability. What do we mean by those things? They are considered three important objectives of computer security. CIA, confidentiality is keeping things secret, keeping something confidential. And often we can split it into two types of confidentiality because sometimes we use the word to refer to different things. Data confidentiality, making sure data or information is not released to unauthorized people. So assure confidential information is not made available to someone who's not authorized to access it. So keep data confidential. And I think most people understand that when we hear about security we think about keeping secrets. You've got a file, you don't want others apart from you don't want everyone to be able to see the contents of that file, then you want to keep the contents of that file secret or confidential. So data confidentiality is a common thing that we aim to achieve in computer security. Related to confidentiality is privacy, which is making sure people can control the information about them and control how it's collected, stored and distributed to others. So that sometimes comes up in, for example, when you're visiting websites, that is some information about what you're doing. And privacy, one aspect of privacy therefore is can you control what others can observe about what websites you visit? Can others observe the websites you're visiting? How can they collect that information, store that information and distribute that information to others? So there's another related aspect of confidentiality. Sometimes we use different words to mean the same thing here. So sometimes we say confidentiality, keep it confidential. Sometimes we say we want to keep our data private. But sometimes private gets confused with other users in security. And other times we say we want to keep our data secret. So keep our data confidential, secret, private really mean the same thing in this context. But we'll try and use the word confidential to avoid confusion with other terms later. So that's a key objective of computer security. Keep things confidential. Integrity, we've got two different types of integrity here. Data integrity is making sure the information is only changed as it is allowed to be changed. Or another way is that the information is not changed without your permission. And an example is if you want to send a file or send an email across a computer network, data integrity, you send the file. The file that's received at the destination should be the same as the file that you send. If it's modified along the way, then we haven't maintained the integrity of the data. Something's been changed in an unauthorized manner. So we often want to make sure that the information doesn't get modified without or outside of our expectations. Not just data, but also software in some cases. In computer security you're running software, you expect it to do some operations. If that software gets modified in a way such that it does operations which do bad things on your computer, then that's also a problem with computer security. Similar system integrity, make sure the system, what system? A computer system, maybe a networked computer system, does what it's intended to do. So we have a computer, it has a purpose of performing some calculations. System integrity is making sure that system, that computer system performs those calculations and again is not modified in some way that it does something different than its intended function. So integrity is making sure things stay as we expect them, they're not modified. The other key aspect of computer security is availability. We have a computer system or a computer network. We want to make sure that that computer system works as again as expected and responds in a reasonable manner, so promptly and is available to the normal users. For example, the Amazon website. That's a computer system, the web server or the set of web servers that serve the Amazon website. That's a computer system. So the normal purpose of that computer system is such that people can go to the website and buy things. That's the normal purpose. If there's some form of security attack on that computer system such that people can no longer access the website, they can no longer visit Amazon, then we can see that that's a security attack against the availability of the computer system. The computer system is not available for the normal purpose and that can be a problem. It would be a problem for Amazon because they'd lose money if people cannot go to their website to buy things. So we'll see some further examples of that that normally we would like to have our information kept confidential, maintain the integrity of our system and data, and make sure that the computer systems that we're using are available for their intended purpose. So they come up in this definition of computer security. We want to protect our computer system so that we achieve the objectives of preserving the integrity, availability and confidentiality. Some other objectives which are not mentioned in that definition but also come up sometimes. Authenticity, making sure things are genuine. So making sure users of a computer system are who they say they are. If a user logs in to a computer system, we want to authenticate that user and make sure that the user, the human user that's actually trying to log into that computer system is who they say they are. They're not pretending to be someone else. So we use authentication techniques to do that. We authenticate the source of who's communicating with us. And sometimes we authenticate the data, make sure that the data that we receive comes from the appropriate person and that the data is valid. It hasn't been faked or modified in some way. So sometimes authenticational authenticity is related to integrity of the data. So in many systems we want to make sure that our data and sources are authentic. Another thing that we often need in computer system is accountability. That is that we can trace what people are doing. We can trace actions and events back to the original source so that we can hold them accountable for what happens. An example is you perform some transaction, some financial transaction across the network. So you pay someone some money across a computer network. And accountability is about making sure that that payment cannot be denied later. So I receive the money, you pay me the money, I receive it. And then later I say no, I didn't receive it. That's a problem. And that's a security problem. And accountability contains the mechanisms to try and make sure that that's not possible, to make sure that if something happens then we can trace back and find out that payment did occur. Therefore no one can deny that occurring. That example comes under what's called non-repudiation, that people cannot deny that something happened. We may see some further examples of that later. And accountability is useful if something happens on a computer system, something bad happens with respect to security, and we cannot stop it from happening then at least later we may better once we detect it happening we may be able to take some action to prevent it happening in the future. The action may be recovering data or even taking some legal action. So accountability making sure that we can trace what happens in a computer system is useful for securing a computer system. So just some objectives, very broad objectives of computer system security, what we'd like to do, keep things confidential, maintain the integrity, maintain the availability of the computer system, authenticate and make people or entities accountable for what they do. Through this course we'll see a number of ways to achieve these objectives. That's what this course is mainly about. How do we keep something confidential? How do we maintain the integrity? Why do we need a course on computer security or why do we need people to study and get jobs in computer security? Because it's hard. And here we will not go through all. Here are some broad challenges with computer security. What's hard about making computer systems secure? First, it's not as simple as it may appear to be to new people to computer security. So you may think, OK, making my laptop secure so that no one can access it inappropriately may be easy. I just install the firewall, update my operating system and no one can access it. But in fact it's much more challenging than we often are aware of. And therefore we have some false sense of security when in fact systems are not secure. We'll go through just a selection. Sometimes, what? OK, the second one. We want to achieve our goals of confidentiality, integrity and availability. So we apply some security mechanisms. Some we install some software to make my computer secure. I install a firewall. That's a security feature on my computer. But of course there may be a tax on that security feature that compromise that firewall, which of course then leads to the entire compromise of my computer. So we must make sure that the security features that we use actually work as intended. What else? Maybe some easy ones. OK, this one's a common one. That is, OK, from someone who needs to protect a computer system, like you have a job as a computer security expert, you need to protect computer systems for different companies. You need to make sure that you find all the weaknesses in the computer system and try and fix them or provide security mechanisms such that those weaknesses cannot be compromised. So you need to find all the weaknesses to make the system secure, but an attacker only needs to find one weakness to get access to that system usually. So it's usually much easier for the attacker because they just have to find one of many weaknesses as opposed to the person who's trying to protect the system who has to try and find all of the weaknesses, which is much harder. People who use computer systems and people who run businesses that rely on computer systems may not see the benefits of computer security until a failure occurs, and that's usually too late. So what's the benefit of installing some new software to secure our computer system? It's very hard to see that. In fact, often we see the disadvantages. We install a firewall or antivirus, and the disadvantages are it slows down our computer, and we often see that. But what's the advantage? It's hard to see and to even put a monetary value on what the advantage is until something goes wrong and we get a virus and then we see, oh, it would have been good to have antivirus. So it's hard for people to see the benefits of security. Security mechanisms usually impede the efficiency of computer systems. They make things work slower, and they make the computer systems less user-friendly, and that's commonly the case. We have a choice. Do we add a security feature to our computer system to make it more secure? If we do, the performance or the efficiency of that system may go down, and the user-friendliness of that system may go down. An example may be, okay, we all have logins and usernames and passwords for the SIT Internet. You all have a password. In a more secure way such that no one else can guess your password, let's say we implement a rule that says you must change your password every day, and your password must be 12 characters and it has to be 12 random characters. So that adds more security in terms of someone cannot guess your password. You change it every day and you have 12 random characters there. I think you know that that's not so user-friendly. It's much harder for you to remember your password and to type it in, and in fact in the long run it may compromise the security because what you start to do is use other techniques and you either write down your password or share it with other people. So there's this trade-off between security, performance and user-friendliness. So often people, well, computer security is challenging because we need to consider those trade-offs. It's not easy and that's why we have a course on computer security so we can try and make it a little bit easier. Some terminology that we talk about with computer security, we normally want to protect assets. So in a computer system we have assets and computer security is usually about protecting those assets. The resources that we want to protect are the assets and we usually break them into four different types. Hardware, so the assets may be the physical hardware. Software, so the programs that run on computers. Data, the information, so data in databases, files and so on. We want to protect them. And the communication lines that connect different computers together because the data usually traverses those communication lines. So we may want to protect all of them or just a selection of those assets in securing a computer system. Vulnerabilities are weaknesses in the implementation of our computer system or the way that we operate it. So a vulnerability is something that can, like a bug in the software or some weakness in the design or the implementation of a piece of hardware which has a potential of compromising or making an asset unavailable or losing an asset. And what can we do with an asset? We can corrupt an asset. We can talk about leaky assets and unavailable assets. Corrupting an asset. Give me an example. Any of those four types of assets, what does corrupting it mean? Consider data. If we corrupt the data, it means that let's say we have a file stored on our computer and a vulnerability leads to that file being corrupted. It means that data we can no longer access. Maybe the file is some information. If that data is corrupted, we would say that that information is no longer accessible in its original form. So that's what we mean by corruption. It gets changed. Leaky means information gets out. Think of confidentiality where we want to keep information confidential. A leaky asset is one which allows that information to be released to others. Unavailable means we can't use it. Go back to the original objectives. So we had what? Confidentiality. A leaky asset compromises the confidentiality. A corrupted asset compromises the integrity. Something's changed. An unavailable asset compromises the availability of our computer system. There will always be vulnerabilities. It's very hard to have complex computer systems without vulnerabilities. A security policy is a set of rules and practices that we want to use that tell us how to protect or how to provide security services to protect the assets. So we want to protect our assets. So a policy will say, well, what rules should we follow such that we do protect those assets when we get through the rest of the definitions? We'll see them all combined together. Threats are a potential violation of the policy. So my policy may be, say, for SIT. The policy is that no student can see the grades of any other student. That may be my aim. The assets is the information, the grade information. We can say from an organization perspective, the policy is that no student is allowed to see the grades on the registration system of any other student. So a threat is a potential violation of that policy. So if there's a vulnerability in our computer system, maybe a bug in the website or in the software. So if there's a vulnerability, then we may have a potential for violating that policy where a student can see the grades of other students. So that's called a threat. And an attack is a threat carried out. So if a threat takes place, then we call that an attack. And an attack may be successful or unsuccessful. A successful attack is one that does violate the security policy. So again, if our policy is that no student can see any other student's grades on the registration website, that's our policy, we may have a vulnerability in the website. A threat is a potential violation of that policy. If an attack takes place and that attack is successful, then it means that, for example, a student can see the grade of another student. That's all we mean. An attack measure is a way to deal with attacks. And there are four different approaches. We want to prevent attacks. We want to stop them from happening in the first place. But if we cannot prevent them, we would like to at least detect them. If an attack does take place, we want to detect that and then respond in some manner to actually recover. If an attack does take place, maybe we can recover our data, for example. If our data is leaked or the integrity is compromised, we may be able to recover that data. So we'd have countermeasures to try to deal with attacks. Even with countermeasures, there may be still vulnerabilities and there are risks to our assets. So our overall aim is to protect our assets. So what we do is we consider what assets we want to protect, what are the vulnerabilities in our computer system, what things can go wrong. We have a policy. What do we want to achieve? We try and look at what threats may occur, what things can happen that will potentially violate our policy. And we develop countermeasures. We develop some mechanisms such that we can either prevent the attack or at least detect the attack if it takes place. But unfortunately, even with countermeasures, there may still be some risk to assets. So computer security is all about minimizing the risks. Sam is a business operation here with computer security. There's a chance that things will go wrong. We want to minimize that chance by using countermeasures, by considering the attacks, threats and vulnerabilities. This picture tries to combine those concepts together. We will not go through it, but if you follow it, you see, for example, the owners are the people who own the computer system. The threat agents are the people who potentially issue the threats or lead to threats happening. So the owners wish to minimize risk and they use countermeasures to try to reduce the risk. The owners value assets and so on. So you can see the relationship between those, if they're not clear to you already. Just going back, in terms of attacks, and we'll spend a little bit more on them, there are different types of attacks on computer systems. And a broad classification, sometimes we talk about active and passive attacks. And we'll see shortly in a few slides some examples of active versus passive attacks. And another way is, who performs the attack? Insider attacks or outsider attacks? An insider attack with respect to a computer system is someone who already is authorized to access that system. For example, an insider attack on the SIT computer network could be done by students or faculty members. They already have access to the computer system, but they do something that leads to a violation of the security policy. An outsider attack is done by someone who's outside the organization or doesn't normally have access. So sometimes the countermeasures that we need to develop, some of them will be tailored towards outside attacks, whereas others need to be tailored to inside attacks. And it turns out generally inside attacks or attacks from insiders are much harder to prevent and detect than from attacks from outsiders. So let's see some of those concepts from a different perspective. Threats, attacks and assets. Again, what we're doing today is just going through what we mean by computer security and mentioning some of the terminology that's commonly used to talk about computer security. So a threat is some potential violation of our security policy. More precisely, people have defined what's called a threat action and this terminology comes from some other documents. People use different terminology, but I'll show you more details of this in a moment, but some internet security glossary defines a threat action is really a threat carried out or what we simply call an attack. A threat agent is the entity that attacks. So the person or the computer system that performs the attack is the agent, the threat agent. Sometimes called the adversary, the attacker or malicious user. Any other names for attackers that you've heard of? A hacker, sometimes you hear of a hacker. A cracker. Okay, hacker, cracker, attacker, adversary. The formal name in this document is threat agent. Cyberterrorist. Okay, so there are different names. We would normally say, I'll usually use attacker or malicious user in this course. We'll see in some cases that the attacker with respect to some security mechanisms is not always the bad person. Later through the course, we'll see that the attacker on a computer system may be some police officer or some law enforcement agency that's trying to stop criminals from doing something. So in some cases, they're not always the bad person, but we refer to them as the attacker or the threat agent. A threat consequence is what happens if the threat is carried out. What's the consequence? What goes wrong? And again, we will not go through in detail. I've taken a lot of the definitions from this glossary, and in your printed handouts, you have a copy that if you scroll through a few pages, you'll find what? This document. And I would like you to read through that, another homework task, but we'll just have a look through and just explain, again, just some classification of threats. So a threat consequence is a security violation that results from a threat action. So if an attack takes place, then we violate our security policy and that's the consequence. And this classification breaks it into four different types. Disclosure, deception, disruption and usurpation. I had to look up that word to know what it means when I found it. So you have that printed there, maybe just go through to that. It's easier than on the slides. It's not in the book. Yes, it is. Page 13. We will not go through them all, but I'll just explain what it shows. So first, the threat consequence, unauthorized disclosure. So if an attack takes place and we disclose some information that should be confidential, that's the consequence. So then the next part lists some things, some threat actions that can lead to unauthorized disclosure. What leads to us leaking confidential information? And it gives really names to the different types of threat actions or attacks. Exposure. So it classifies as exposure. So for example, deliberate exposure is when someone, for example, they have access to a sensitive information, confidential information, a file of the financial information for all of SIT, and they deliberately release that to someone who's not authorized to access it. That's what deliberate exposure is. The consequence is that we've disclosed confidential information. That's what goes wrong. And the attack or the threat action is called deliberate exposure. Scavenging is another name, which is when someone searches through sort of leftover information, information that is, for example, left in the recycle bin on your computer, or maybe copies of the information you've deleted files, but it's still stored on the hard drive. Someone goes through and finds that and then can release or gain access to sensitive information. That's called scavenging. There's also exposure of information due to us making mistakes. So a user mistakenly releases data. I don't know. You send an email containing confidential information to your boss, but you accidentally see it to someone who cannot access it. That's due to human error. We're not going through all, but just to explain some of the main ones. What else can lead to disclosure, interception? So theft is someone, in this example, steals a shipment of the physical medium. For example, you've got a hard disk containing a lot of confidential information and someone steals that hard disk. That leads to the disclosure of that confidential information. Wiretapping means listening into communications. So the communication lines where the data is traversing, using some means to over here what's being sent across those communication lines to gain, gather confidential information. For example, you're sending confidential information from your mobile phone via the wireless access point, via the SIT unencrypted Wi-Fi network, and I sit here with my laptop just intercepting or passively overhearing all of the messages you send and get access to that confidential information. It's called wiretapping. Eminations analysis. There's things like overhearing. We're not overhearing. Last year there was some publicised ways that as you perform some operations on your computer, like decrypt things using secrets, someone can have a microphone nearby and that microphone hears your CPU and from hearing what the CPU is doing and the different... So a CPU and a computer makes noise based upon the operations it performs so they can distinguish what is happening on your computer and gather confidential information, a secret key in that case. So emanations analysis is gaining information from monitoring really the signals that are created by computer systems as they perform operations. That's a little bit more complex. Some other threat actions. Inference is, for example, traffic analysis. Traffic analysis is... You cannot see the information that people are sending. Maybe they are sending messages to each other. You cannot see the contents of the messages but you can observe that two people are communicating at a particular point in time and with some frequency and infer from that that they are doing something that should be kept confidential. An example is that a law enforcement agency is monitoring the communications between some known terrorists over the internet. The known terrorists are using encryption such that the law enforcement agency cannot see the messages they are sending. So they cannot see the contents of the messages but what they do is that they observe that these known terrorists are communicating at a frequency which is not normal and maybe they can infer from that that the terrorists are planning some form of an attack. So by analyzing the communication patterns, the traffic, we can sometimes learn some information that's useful and that's inference using traffic analysis. Okay, let's go through another one. Deception, so the threat consequence of deception is that we deceive someone and for example thinking they're doing something or communicating with someone who's not real or not the right person. One is called masquerade. Masquerade means pretend to be something else, to masquerade as someone else or as something else, to pretend to be something else or someone else. So a spoofing attack involves trying to get access to a computer system by posing as someone who's authorized to get access. So I'm authorized to get access to the grading system for SIT. A student could perform a spoofing attack by trying to pretend to be me and try and access the grading system as me, pretending to be me or masquerading as me. So that results in deception. You're deceiving the computer system and that you're making it think you're someone you're not. We mentioned before repudiation this concept of denying things have happened. So false denial of origin. So someone who sends data denies responsibility for creating that data. So someone sends a message to someone else and that's not a nice message and then they later deny and say, I didn't send it. Someone else sent it. So that's an attack on a computer system or a potential attack. Or denying that you received it, like the financial transaction. Together they're called repudiation. Disruption is disrupting the computer system, making it not operate as we expect. Let's go to the last one so we can move on. What's this one mean? To usurp, someone takes over in a malicious manner. Someone takes over or takes control of the system when they're not supposed to. So some examples. Theft of service is, for example, there's a Wi-Fi access point to provide Wi-Fi for the people who live in an apartment building. Theft of service may be that someone sits outside the apartment building and accesses that Wi-Fi service to get free internet access. So they've taken control of the network access in that case. And I think that's enough to go through, for example. You don't have to remember all of these, but it's worth reading through them because I think some other things, you probably know about all of them, but you may not have seen the terminology that is used here. It's more formal than what you often see in other contexts. So that's there for you to have a read-through in your own time. It talks about different, go back to our slides. Threat actions, attacks. The consequences of attacks. What goes wrong? We disclose information, deception, disruption, usurpation, and the types of attacks, those actions that lead to those consequences. So it's one classification of different types of attacks. This picture brings together the different assets and leads to an overall of, when we talk about computer security, what entities are involved. So with computer systems, when I say computer system, what do I mean? Well, I don't necessarily just mean a single computer. Nowadays, most computer systems are made up of multiple computers communicating with each other. When I say a computer, I don't necessarily mean a laptop or a PC. It could be a server, a mobile phone. It could be a projector, a TV, a car, any computing device. And usually they communicate with other computing devices across a network. So with a computer system, it's not just one computer. It's usually multiple computers communicating nowadays across the internet and other networks. So this tries to capture some of the things that we try to do in computer security. So first, what does it show? Two different computers, these blue squares here. Inside them, in a computer system, we can think that we have data, the information, and we have software. Software that runs on the hardware and accesses the data. Usually the software is run as software processes. And computer systems may be connected via communication networks, communication lines or networks, links or networks. We have human users. That's these circles down here. So this is the physical computer. Here's the human user. So the users use the computer system to do something, to access files, to communicate with others. With regard to computer security, some things that we need to do is make sure that the access to the data on the computer system is controlled. We protect access to that data. If that data contains sensitive files or confidential information, then we need some way that we control which software processes on our computer can access those files. And sometimes we call that access control. And we'll see some mechanisms for that in one of our topics. So we have software on a computer. We have files. We want to have some way for controlling which pieces of software can access which files. That's one thing that we need to do. The very important files, even if the software can access them, we may want to provide an additional level of security of, for example, encrypting those files. So even though a piece of software can access it, still they cannot get the original information from that file without some other piece of information. And we'll talk a lot about encryption in this course as well. The human users. Of course, the software that's running on the computer is running on behalf of the human users. So the human user uses the software, for example, to access the files. We need some way to authenticate the human user to make sure that the human that's using the computer is who they say they are and is someone who's authorized to access those files. How does the computer know that you're Steve or you're Tanarak or someone else? So user authentication is important there. So we have some guard process that somehow checks. Is this human a person who's allowed to access this system and are they authorized to access these files and resources? So we've got a topic on user authentication. We've got a topic on access control, controlling software to access files. And file security will look at encryption. And the other aspect is, of course, computers exchange data between each other across networks. So we would like to protect the information going across networks, not just inside the computers, but also being transferred between those computers. So we've got several topics on network security. So computer security includes the security of the individual computers but also the security of the communications between computers, network security. And not yet, but in the next few slides we'll focus a little bit on network security. But first, here's some examples. Coming back to our four types of assets. Hardware, software, data and communication lines. The links or the networks. And our three key objectives. Availability, confidentiality and integrity. And it gives some examples of the threats on those different assets. For example, the availability of hardware. Someone steals the hardware. It's no longer available. It seems obvious, but that's a threat on the hardware. So for example, SIT provides Wi-Fi access. What happens if someone comes in and steals all our Wi-Fi access points overnight? Then we no longer can provide Wi-Fi access to our students and that's a problem for the organization. So the availability of the hardware is an issue. Availability of data, of files, if files are deleted by some attack then they're no longer available. Confidentiality of data is always important that if people can read data that they're not authorized to do and that compromises the confidentiality. Confidentiality in communication lines. So when we send data across links and networks if someone can access that link or network then they have the potential of reading the data. Or even if they cannot read the data they have the potential for analyzing who's communicating and try and infer what's happening based upon the patterns. In terms of integrity, we have some software running on our computer. If the integrity is compromised, that is an attacker modifies that software to do something else then that can lead to further compromises. For example, you have your firewall or your antivirus running on your computer. If an attack gets to modify that firewall or antivirus such that now the firewall always allows in and allows out communications to the attacker's computer then now you think your firewall is running but in fact it's allowing the attacker to still access your system. So we need to maintain the integrity of software, the integrity of data and the integrity of the communication lines in that making sure that the data sent across the communication links is not modified. We'll almost end this topic and this lecture today. Let's look at some aspects of the network security. Focusing on communicating between the computer systems. So we'll see some topics about access control or protection, user authentication but we'll have several topics about network security as well. So let's just say something about network security to finish today or communication security. Securing the communication lines or networks. And I'm going to skip this slide, not relevant right now. But the way that people think of communication security we often break it into three different things. Three aspects. Security attacks on the network. The different security mechanisms that we use to try and prevent attacks or detect attacks or recover. So an attack is something that tries to compromise our communication system. A security mechanism is a way to try and prevent attacks. If we can't prevent attacks, at least detect and recover from attacks. A security service, we use security mechanisms to provide some service to our users. So we'll go through, we'll look at security attacks on communication networks and then list a set of security services that we commonly want to provide. And the security mechanisms, we'll mention some but over the next topic we'll go into detail of different mechanisms. This explains where the terminology comes from but let's... Why did I list them first? I'm going to go straight to the attacks. We'll come back to services. And we'll go through six different types of attacks on communication systems. They'll be grouped into passive and active attacks. So the six are listed here. There's two types of passive attacks. Release message contents and traffic analysis. And four types of active attacks. So the next six slides go through these six and then we'll come back and explain what we mean by passive and active. And then back to services. So think of a communication network now. Six types of attacks in communication networks. Here we have these pictures from the textbook. We have the blue cloud being the communications network. Whether it's a single cable or the entire internet. It's our means for communicating between our users. And we have two users, Alice and Bob, A and B, which are our normal users. They are the normal users of the network. They want to communicate. And in this case, Bob wants to send a message to Alice. And he wants that message to be secret. It's only for Alice to read, no one else. An attack on this communication system is some other user, Darf in this case, somehow manages to overhear the communications as Bob sends the message to Alice and sees the message being sent and now that confidential information has been released to a third party, to someone who shouldn't have access. So this is the attack of really releasing the message contents to someone who shouldn't have access to it. Any questions on that type of attack? How do we prevent it? We encrypt the message first. So in the normal case, Bob sends a message to Alice and in the communications network, whether it's a link or a network across the globe, assume our other user, Darf, has some means for intercepting the message. Maybe the communications network, if Bob is my computer and Alice is somewhere in the US, then that message needs to go through many different links to get to the destination Alice. And there are many opportunities for some malicious user in between us to intercept that message. Maybe it's across the Wi-Fi link from my laptop to the access point. Maybe the malicious user is part of the computer center because this access point has a cable going into a device in the computer center and it's possible for them to listen in on those devices and intercept the messages. Or maybe when the message goes from SIT out to our internet service provider, some employee of the internet service provider can then quite easily intercept the message in the network equipment there. Or anywhere along the path to the destination. So there are many opportunities for someone to intercept the communications. And if they do, they can release the message contents. So if Bob encrypts the message before he sends it, he encrypts it usually with some secret value, a secret key. An encryption transforms that original message into an encrypted message such that when he sends it, Alice receives the encrypted message and Alice uses the same key to decrypt and get the original message. Even though Darth can intercept the communications, Darth can only see the encrypted message. And encryption should work such that the only way you can get the original back from the encrypted message is to have some secret key. And if Darth doesn't have the secret key, then he cannot decrypt the intercepted message. That's going a bit too far because our next topic talks a lot about encryption and how that works. So if that's not clear yet, we'll see encryption in the next topic. But the attack of releasing the message contents, someone intercepts the communications and they've got access if there's no encryption used. If there was encryption used, Bob's smart enough to encrypt, it's still possible for Darth to intercept the messages, but he just can't read the contents. But he may be able to infer from the communications that something's happening that's useful for Darth. For example, Bob is sending messages to Alice at a particular time of day, every day. From that information, even though Darth cannot see the contents of the messages, he may infer that they're doing something that he couldn't do otherwise or couldn't do without intercepting the traffic. So this isn't using inference to analyse the patterns of communications to learn something that we wouldn't be able to learn otherwise. Traffic analysis, analysing the traffic. Traffic really means the set of messages sent across the communications network. The frequency of messages, the time of day and the source and destination. So there are two types of attacks. These two are classified as passive attacks. They are passive and the way to distinguish between passive and active is that they do not modify the system when the attack occurs. Let's assume there's no attack. So imagine this picture, Darth is not there. The normal behaviour is that Bob sends a message to Alice. Let's say Bob sends one message, Alice receives one message. When the attack is introduced, Bob sends a message, Alice receives one message. Nothing's changed from Alice and Bob's perspective, even though the attack takes place. Darth intercepts but Bob doesn't know that and Alice doesn't know that. They still send a receive one message respectively. So this is a passive attack in that without the attack and with the attack from the perspective of the normal users, nothing has changed. It's the same with traffic analysis. Let's say Bob sends a thousand messages to Alice in the normal case. If the traffic analysis takes place, then still Bob sends those messages. It's just that Darth also gets a copy. From the perspective of Bob and Alice, nothing has changed. A masquerade attack. Masquerade pretend to be someone else in this case. Alice is the finance officer for SIT and normally what happens is the director of SIT, Bob sends Alice an email saying, give this person a pay rise at the end of the month. So the director, Bob, usually sends Alice an email saying, give someone a pay rise or give them a decrease in pay at the end of the month. What Darth, our malicious user does is that he creates an email, makes it look like it's from Bob, sends it to Alice saying, please give Darth a pay rise at the end of the month. So Darth, our malicious user, is masquerading as Bob in that case. So there's the attack of a masquerade. Active or passive? Why is it active? It's active. If there was no attack, how many messages are sent and received? None. Let's say Darth didn't attack, then Bob never sends anything. Alice never receives anything. But now we introduce the attacker and what happens is Alice receives a message. So from the perspective of the normal users, something has changed when the attack has been introduced. So that's active. Masquerade, this comic is a famous comment saying, on the internet nobody knows you're a dog because generally in the internet there's no means for stopping masquerade attacks. The person that you're communicating across the network, it's very hard to determine who they actually are. And that's in the case that Alice receives a message, how does that Alice know that it's from Darth and not from Bob? Anyway, how do we stop this? Ask him, so Alice sends back a message, Darth gets it, and Alice sends back a message, are you Bob? Bob says yes, I am Bob. Darth says yes. Call him, so I intercept the telephone and I answer Bob's telephone and say yes. I'm Bob. How can we do it automatically then? And what would asymmetric cryptography do? Right, we need some... You're correct, we need some way for Alice to be able to confirm that the message she gets is from Bob. And one way to do that and a very common way is that Bob has, each user has a piece of information called a private key, and when they send a message, what we say we sign the message, we digitally sign the message with our private key, and that's an operation such that when someone receives a message they have a way to verify the signature and the way is to use the corresponding public key of Bob. So there's a means of cryptography such that someone can sign a message, that is, we take the message and attach some other information so that when Alice receives the message she can check that other information and check that other information can only have come from Bob if it's used a particular key and only Bob can have it. So we'll see in the next topic asymmetric cryptography in a particular digital signatures. So there are cryptographic means such that if Alice receives a message, she can verify who sent this message. Well, no, she can verify whether Bob sent this message or not. And another way is to have a secret code between Bob and Alice. So if Bob has a secret and Alice knows that secret, when Bob sends the message he includes that secret or transforms the message with that secret such that only Alice can decode the message and only Alice can confirm that it's from Bob. So if Alice receives a message from someone else she'll detect that it's not from Bob. But we'll see the mechanisms in the next topic. Today just the attacks. Replay attack. Bob, the director, this month he sends a message to Alice the finance office saying please give Darth a pay rise of 10,000 baht for this month. That's a normal message. That's expected. Darth did a good job. When that message was sent, Darth intercepted and kept a copy of the message. And then next month Darth takes that copy of that message and just sends it on to Alice. So Alice receives a second message a month later saying please give Darth a pay rise of 10,000 baht. But it's actually a replay of the original one. The second one didn't come from Bob. It was replayed by Darth. The result is that Alice increases Darth's salary by too much in this case. So this is we intercept a message and some time later send an identical copy of that message on. Even if we had some form of signature, Bob signed the first message. So the first message Alice received, Alice checked. Was this signed by Bob? Yes it was. The first one was from Bob. So she accepts that. The second message that she receives is also signed by Bob. Because it's the exact copy of the first one. So she accepts that one as well. How can we stop that? How can Alice know that the second message she received is in fact just a replay of the first one? And everyone, sorry. How can we do it automatically without having to go back and call Bob on the telephone or send a message back because if you send a message back it may be Darth intercepting again. One-time password. Not necessarily, no. Think back at the data communications. How do we detect messages which are repeats or duplicates? The send date. Or a sequence number. Whenever I send a message include a unique sequence number. When Bob sends the first message a sequence number or a date, a timestamp. So when Bob sends the first message it's signed by him and it includes the date of the message. Today. When Alice receives that, ok, she receives the message today. It was signed today, I'll accept that. When she receives the second message a month later but it has the date from last month then she knows not to accept that. So you need some way to identify that a second message is in fact just a copy of the previous message. Sequence numbers and timestamps are one way. Modification. Bob sends a message. It doesn't get to Alice. Somehow Darth intercepts and Darth modifies the message and then sends it onto Alice in the modified form. So the original message was please decrease Darth's salary by 10,000 baht. Darth gets it. Changes decrease to increase and then sends it onto Alice. So this is modification. Note that the original message sent by Bob didn't get to Alice. It was modified along the way. Active or passive? Why is it active? The data has changed. So even though the number of messages is the same so with no attack Bob sends one message, Alice receives one message. With the attack, Bob sends one, Alice receives one but what's received has changed. So something has been changed in the normal communications by this attack. So this is also an active attack. Last one. Alice has disappeared and been replaced by a server, a website for example. So Bob normally has to access this server to perform his job and Darth somehow disrupts the server, slows it down or makes it stop working so that Bob cannot normally access it and do his job. He may do that. The disruption may be done by just sending many messages to the server so it overloads. So this is a denial of service attack. We deny the normal users access to the service. How do we stop that? Firewall? Right, very hard. Let's say it's a public web server. We want people to access it. It's a website. We have some limits, okay? So have some limits so that if someone sends too fast to that server, slow them down. But what happens, okay, I have a website. Not many people access it but then someone posted a link on Facebook or was tweeted everywhere and now everyone accesses my website. I want them to access my website but your system slows them down. So stopping denial of service attacks is quite hard in fact. We will have a topic on denial of service attacks and we'll perform some in a small network and see sometimes they're quite easy to do and quite hard to stop. Still got five minutes. Jump back. So we've gone through six types of attacks on communication systems and of those six, the first to a passive, the last four were active. We mentioned some mechanisms to stop those attacks. We said encrypt the data. Use a digital signature. Those mechanisms we're going to cover in the subsequent topics. So there are security attacks, security mechanisms and together those security mechanisms try to provide services to the users. So this is the last slide for today. The six common security services that we'd like to provide in a network and in general in many computer systems are listed here. Some are easy and obvious. Number three for example, a service of data confidentiality. I want to provide the service of keeping the data confidential. That's one thing we'd like to provide our users so that the release of messages attack cannot be performed. So I need some mechanisms to provide this service. If an attack takes place that releases the message contents it means we didn't provide this service. We failed at providing data confidentiality. Another one is authentication. We need some service to make sure that the person we're communicating with is who they say they are. When I receive a message I want to be able to authenticate that that message came from Bob. It didn't come from Darth pretending to be Bob. So authentication is another service. Data integrity. When I receive a message I want to make sure that the message is identical to what they sent. It hasn't been modified along the way. So we maintain the integrity of the data. That's a third service. Access control, which is relevant in computer networks as well as in side computer systems. We didn't see it there. Prevent unauthorized use of a resource. So a firewall for example. A firewall is a piece of software or hardware that tries to control who can send messages into your network or computer. It tries to control who can access your computer. So that's a common service we want to provide. Access or control who can access our resources. We shouldn't allow anyone out on the internet to be able to access in and control this computer inside SIT. So a firewall will try and provide that access control. Availability. We need to make sure our computer system and our network is available for the normal purposes. That we cannot have a denial of service attack. Non-repudiation is this one of we want to make sure that people cannot deny things have taken place. Someone cannot deny that they sent the message and someone cannot deny that they've received a message. That's what non-repudiation is. So these are six common services that we need to provide in network security and some of them also relevant for general computer security. Know what they are. And know how they relate to those different attacks. What we'll do tomorrow morning is just summarize on some of that. Look at list some example mechanisms and some policies and then we'll look at the mechanisms in detail. In particular cryptography. How to encrypt things. And we'll talk about encryption, digital signals, signatures and other concepts. Don't forget your... This picture shows us the scope of computer security which covers many different things and we'll see our course topics that we cover a lot of the things shown in this picture. For example, we need to consider ways that users access computer systems, so human users, and to control to make sure that the human user that's using the computer system is the right person. So user authentication is one important aspect. Logins is one that we know but different ways to authenticate users. Inside the computer we have software running and some of the data on that computer should be accessible to some users and some not. So we need some ways to control how the software and the software is representing the human users can access particular files. So access control at the file level. So file permissions, for example. Some data that we store on the system we'd like to encrypt that data to provide extra level of security so that if we to get access to the data we need to decrypt it and someone needs to know some secret. So we'll look at encryption of files and similar as we send data between computer systems so across a network there are a number of issues and that's what we got to yesterday those six attacks that we went through are really about network communications. One is that if we send data across a network and if there's someone in the middle who can intercept that information we should try and stop them from being able to release the message contents from reading the data so we can use encryption there if we encrypt the data then even though they can intercept they cannot see the original contents but there's other things that we want to do with network security so not just stopping them from releasing the message contents maybe stopping them from being able to analyse our communication patterns authenticating the messages we receive when this computer system receives a message from this other one how does it know it's from the valid sender and it's not for someone pretending to be this computer system so authentication techniques denial of service for example this computer system receives data make sure that we try and stop others from being able to overload this computer so that the normal users cannot use it so provide availability so we consider network security file security access control on files user authentication and if you look at some of the topics from our course so this is from our website so today we'll start on the basic mechanisms of cryptography which include encryption plus other techniques and then we'll look at the more practical aspects of user authentication how do we authenticate users look at usernames and passwords as a common example access control is about how do we control who accesses particular files so permissions on files who can read the file and who cannot malicious software will mention how people use create viruses and other malicious software and try and classify different types of malicious software denial of service attacks are an attack on the availability of our system so we want to make our computer system available to all users an attack is to try and deny service so we look at how denial of service attacks occur and how we can try to work around them firewalls are a means of access control in a network so we have a communications network and we have computers inside that network say inside SIT we want to control who can access those computers inside SIT one way is to use a firewall to provide some protection and the last three topics will be really or three or four will be about network security and specific examples of securing websites different attacks on web based systems so if you create a website and the common types of attacks that may occur and some aspects of internet security and privacy so authentication access control denial of service and internet security really so let's just finish this topic and then we'll move on to cryptography so where do we get to we say we have assets that we want to protect there are threats against assets and if those threats are carried out that's an attack we went through in terms of communication security or network security that there may be attacks on the network we use mechanisms to try and prevent or detect those attacks and we'll list some mechanism shortly and we combine a set of mechanisms together to provide an enhanced security of our system so we provide a security service we went through the six attacks and then we finished yesterday mentioning those six security services which are commonly provided in communication systems we'd like to be able to authenticate who is sending the data when I receive something make sure I know who it's from access control for example use firewalls to prevent unauthorized people for accessing inside our network data confidentiality the data that we send across the network make sure no one can read the contents if they're not allowed to data integrity again when we send data across the network make sure that that data cannot be modified by someone in the network so it maintains the integrity of the data non-repudiation is to make sure that people cannot deny communications have taken place someone cannot deny that they've sent a message or someone cannot deny that they've received a message and availability is making sure our computer system and our network our assets in general are available to the normal users that someone cannot make them unavailable so that we cannot perform our normal operations so that common set of security services that we try to provide we may not want to provide all of them in a particular computer system but we would usually select from them remember passive attacks were those which do not modify the system in the presence of the attack active attacks do modify the system and we went through those six attacks so we use security mechanisms to try to stop those attacks first we'd like to prevent them stop them from happening but in the case that we cannot prevent them we'd like to at least detect them because if we can detect them then maybe we can take some further action what are the mechanisms well there are multiple mechanisms some of them are listed here and in fact we'll go through them in the next topic and subsequent topics but a lot of the mechanisms that we'll see use cryptography based upon cryptographic techniques and that's why the next topic which takes a few lectures introduces cryptography so maybe the better summary of that is this table which shows the services there's not six here there's eight but you know the first two actually are just two specific cases of authentication and these two confidentiality and traffic flow confidentiality are two specific cases of what we call general data confidentiality and some mechanisms are listed along the top and we don't know them yet but we'll see them over the next few lectures encifement is encryption so encryption is a mechanism that we may use to provide a security service so we may use that to provide data confidentiality before sending a message encrypted such that even if someone can intercept they cannot get the original contents so we'll need to see how that works digital signatures are another important mechanism a signature as you know is a way for someone to to prove that they created that message you sign a document and that signature is some proof that it came from you well we want a similar concept in data communications we have a file we want to send it to someone and we want to that someone who receives it wants to make sure that it came from a particular person so the sender signs the document gives it uses a digital signature so that's important for authentication when you receive a message you want to be able to check that it came from the right person not from someone pretending to them access control the main example we'll see is firewalls in computer networks and there are another a number of other mechanisms some of them we'll see over the next topic and through the later topics so different mechanisms are used to implement the services with the aim of preventing and detecting attacks that almost finishes this topic I think strategy just one slide here from an organization's perspective usually we'd look at some overall strategy for computer security and we'd think about the policy so for an organization what do we want to achieve with security so we'd define a set of things that we want to achieve some informal description or maybe write a set of rules the example I used yesterday was a rule maybe for SIT that no student can see the grades of any other student in the registration system that's our policy and we may extend that that is no faculty member can see the grades of any other student unless they are teaching them or they are their advisor so a set of policies related to the organization define our security objectives so consider a set of rules that we want to achieve then consider the assets that we have remember we listed data, software, hardware and communication lines and consider their value for example with the data which pieces of data are the most valuable the students grades that's an asset the financial information of the institute is an asset for us and we have an organization that's of importance to us so we'd like to protect it but some of those assets have different values so we need to try and get value to those assets consider the different vulnerabilities the things that can go wrong and the potential threats and the probability of attacks and try and consider all of them and make trade-offs really do a risk analysis and make trade-offs so choosing the security mechanisms considering we want security but we need our users to be able to easily use our computer system and of course implementing security mechanisms may cost money so we need to consider the cost of implementing the security mechanisms versus the cost of not implementing them and having a failure occur so we may need to make some cost analysis there we may see over the course through some homework or small homework tasks some ways to try and do such an analysis really a risk analysis for an organization with respect to computer security so we'll see some of these in a bit more depth implementation okay we need to consider well how do we implement our security or achieve our objectives again, prevent is the best case prevent attacks detection if we cannot prevent them we at least want to detect them if we can detect we may take some responsive actions and eventually recover whether it's recovering data that's been compromised or recovering other assets and from an organization's perspective we come up with some policy and some implementation but we want to make sure that our implementation will really do what we expect and do some assurance so we want to consider well what's our confidence that our security mechanisms will work as intended so later in the course we may see through some homework tasks some aspects of coming up with a policy and doing some form of risk analysis I don't think we'll talk about that but NIST is an organization that produces standards on many different things but they have some good documents about computer security and give recommendations to organizations to how to implement security mechanisms so you may see the name NIST come up in many of my slides they have a website where most of the documents are available they have information they have one document about server security computer servers and security of them and give some guides as to what to do and they list a set of principles and I think I will not talk about them yet as we go through and we see these principles come up I'll explain them then so not now so confidentiality, integrity and availability we want to protect assets and there are different types of attacks so we have classified as passive versus active especially regarding network security and we saw six within them and also insider attacks versus outsider attacks and for the attacks we want to develop countermeasures and the countermeasures another name so a countermeasure is a security mechanism and these are the techniques that we're going to cover in the next topics to try and stop attacks and a lot of them use cryptography so the next topic is cryptography again you'll see a lot of acronyms that may be confusing I'm sure you'll find what they mean if you want to but there are many different organizations that produce documents and standards about computer security some of them are listed there NIST is one that we'll see ITF, ISO if you're interested there are organizations that monitor what's happening in security threats and attacks computer emergency response teams, certs so many companies and in fact countries have an organization that keeps track of the attacks that are happening regarding computer security and let people know when vulnerabilities arise bugs arise in software that lead to potential attacks and if you want to get a good job sometimes in terms of computer security getting some extra certification from different organizations saying you're an expert in computer security so you're getting up in your career and maybe getting some better pay so there are different organizations that actually give you tests to test your knowledge about computer security some of them are listed here you'll find more details of them on the course website and on the course website you read it for homework last night correct so you saw all them any questions a few people I think read the course website so check about the assessment the exams, there's quizzes some homeworks some students sent me an email this morning about the quizzes so maybe some feedback someone said for the security quizzes because you've done them last semester can they make them a little bit harder so we'll try and do that okay and I think in our class he and one of our exchange students so again maybe we should cut down the quizzes from four attempts down to one attempt is that okay you send that is it your name is it your email address that it's in my from account okay so you sent it at 8.20 this morning yes why would I do that I cannot do that okay so looks like we should make the quizzes harder it's very easy to send fake send emails with a fake from address okay so in fact from another computer what I did with those three was I created an email and I sent it to myself for this demonstration but when I send it I change the from address the person who receives it in this case well how do they know it's not from here usually you look at the from address it shows you in your email client who it's from and you believe who it's from but in fact with email it's very easy to send a fake from address so this is a masquerade attack where someone pretends to be someone else so we need some better ways to be able to check such that when I receive an email you receive an email that you can prove or confirm who the actual sender is just looking at the from address is not enough don't trust all the emails you receive and I think you may see them sometimes some spam that you get the from address looks like it's from someone important but in fact it's not