Professional Documents
Culture Documents
Lecture 5
Security Practices
Syed Naqvi
snaqvi@ieee.org
Outline
♦ Risk Management
♦ Watermarking
♦ Intrusion Detection Systems
♦ Computer Forensics
♦ Legal and Ethical Issues
1
Risk
♦ The likelihood that a particular threat using a
specific attack, will exploit a particular
vulnerability of a system that results in an
undesirable consequence
Risk Management
♦ The process concerned with identification, measurement, control and
minimization of security risks in information systems to a level
commensurate with the value of the assets protected
Identify
the
Risk Areas
Re-
Re-evaluate
the Risks Assess the
Risk Risks
Management
Cycle Risk Assessment
Implement Risk
Management Develop Risk
Actions Risk Mitigation
Management
Plan
2
Risk Assessment/Analysis
♦ A process of analyzing threats to and vulnerabilities of an
information system and the potential impact the loss of
information or capabilities of a system would have
– List the threats and vulnerabilities
– List possible control and their cost
– Do cost-benefit analysis
• Is cost of control more than the expected cost of loss?
3
Risk Assessment – Steps
♦ Identify assets
– Hardware, software, data, people, supplies
♦ Determine vulnerabilities
– Intentional errors, malicious attacks, natural disasters
♦ Estimate likelihood of exploitation
– Considerations include
• Presence of threats
• Tenacity/strength of threats
• Effectiveness of safeguards
– Delphi approach
• Raters provide estimates that are distributed and re-estimated
4
Risk Mitigation
♦ Risk Mitigation is any step taken to reduce risk
♦ Safeguards for RR
– Difficult to completely eliminate RR
– Keep RR minimum, at acceptable level
Watermarking
5
Watermarking – A Scenario …
♦ Alice owns object A.
Watermarking – A Scenario …
♦ Alice encodes a secret message W inside object A such
that:
– She can retrieve W from A whenever she wants (and hence prove
ownership).
– Bob cannot tamper W (by meddling with O) so as to:
• Make W unreadable.
• Introduce W` on top of W and confuse the reader.
• Remove W and introduce W` and claim object A is his own.
♦ W has to be stealthy
♦ W has to be resilient
6
Watermarking
Watermarking
♦ Visible watermarks
– Similar to physical counterpart
(digitally stamped!)
♦ Invisible watermarks
– Useful as for identifying the
source, author, owner, distributor
or authorized consumer
– Permanently, unalterably mark the
image
♦ Also used for tracing images in
the event of their illicit
distribution
– Unique watermark for each buyer
7
Watermarking
♦ Spatial domain watermarking
– Simplest: flip the lowest order bit of chosen pixels
– Superimpose a watermark
– Color separation – watermark in only one color band
– Picture cropping can be used to eliminate some spatial
watermark
♦ Frequency domain watermarking
– Use Fast Fourier Transform – alter the values of chose
frequencies
– Watermarks will be dispersed spatially (cropping or
spatial technique will not defeat it)
Watermarking
♦ Text-line coding
– Text lines of a document
page are shifted
imperceptibly up or
down
♦ Word-shift coding
– Spacing between words
in a line text is altered
♦ Character coding
– E.g., endline at the top of
a letter, say “t” is
extended
8
Intrusion Detection System (IDS)
♦ Practical goals of intrusion detection systems:
– Detect a wide variety of intrusions (known + unknown)
– Detect in a timely fashion
– Present analysis in a useful manner
• Need to monitor many components; proper interfaces needed
– Be (sufficiently) accurate
• Minimize false positives and false negatives
False Positive: Not intrusive but being detected as intrusive.
False Negative: Intrusive but not being detected.
9
Intrusion Detection System (IDS)
IDS Configuration
Indication
Warning
Alarms Intrusion
Response
IDS Function Function
Audit Trail,
Packets,
Results from other IDSs Responses
10
IDS Types : Misuse Modeling
♦ Does sequence of instructions violate security policy?
– Problem: How do we know all violating sequences?
IDS Problem
♦ IDS useless unless accurate
– Significant fraction of intrusions detected
– Significant number of alarms correspond to intrusions
♦ Goal is
– Reduce false positives
• Reports an attack, but no attack underway
11
Intrusion Response
♦ Incident Prevention
– Stop attack before it succeeds
– Measures to detect attacker
– Example: Jailing (also Honey pots)
• Make attacker think they are succeeding and confine to an area
♦ Intrusion handling
– Preparation for detecting attacks
– Identification of an attack
– Contain attack
– Eradicate attack (terminate processes / network connection, close ports,
disallow specific IP addresses, wrappers around attacked applications)
– Recover to secure state
– Follow-up to the attack - Punish attacker
12
Network based IDS
♦ Deploying special sensors at strategic locations
– E.g., Packet sniffing via tcpdump at routers
13
Computer Forensics
♦ Forensics:
– The use of science and technology to investigate and establish
facts in criminal or civil courts of law.
♦ Computer Forensics:
– Commonly defined as the collection, preservation, analysis
and court presentation of computer-related evidence.
– Gathering and analyzing data in a manner as free from
distortion or bias as possible to reconstruct data or what has
happened in the past on a computer system.
Computer Forensics
♦ Who needs the Computer Forensics?
– The victim
– The Law Enforcement
– Insurance Carriers
– The Legal System
14
Reasons for a Forensic Analysis
♦ Identify the perpetrator.
15
Types of Forensic Requests
♦ Intrusion Analysis
♦ Damage Assessment
♦ Suspect Examination
♦ Tool Analysis
♦ Evidence Search
♦ Damage Assessment
– What was available for the intruder to see?
– What did he take?
– What did he leave behind?
– Where did he go?
16
Types of Forensic Requests
♦ Suspect Examination
♦ Tool Analysis
– What tools were used?
– How were the executed?
– What language were they written in?
– File Comparison with Suspect’s File.
17
Legal Issues
♦ Laws regulate the use, development and ownership of data
and programs
– Copyright: Gives an author exclusive rights to make copies of his
original ideas/work and sell them to public.
– Patent law: Protects novel innovations – applies to results of
science, technology and engineering.
– Trade secret: Prevents only misappropriation (wrongful taking) of
ideas, facts and know-how, whether in tangible form or not – can
be used in conjunction with copyright law and sometimes with
patent law.
Legal Issues
Copyright Patent Trade secret
Requirement Yes No No
to distribute
Ease of filing Very easy, do-it- Very complicated; No filing
yourself specialist lawyer
suggested
Duration Life of human 19 years Indefinite
originator or 75 years
of company
Legal Sue if copy sold Sue if invention Sue if secret improperly
protection copied obtained
18
Ownership Issues
♦ Ownership is an issue in computer security
♦ Ownership of products
– Eve writes programs at night and sells it herself
– If Eve is a programmer in a company and the program remotely
corresponds to her job,
• Employer may claim it!
– If Eve is self-employed but an earlier version was developed for a
company
• Company may show that it had paid for the program and then claim
ownership
Ownership Issues
♦ Ownership of patents
– If employee lets employer file the patent employer is
deemed to own the patent and therefore the rights to the
innovation
– Employer has right to patent if the employee’s job
function includes inventing the product
♦ Ownership of copyrights
– Work-for-hire
• Employer is the author of the work
– License
• Programmer owns the product – sells license to company
19
Digital Rights Management
♦ Digital rights determine who can do what under
which conditions.
♦ Digital rights are not static.
– E.g. The author of an academic paper has intellectual
property rights, the publisher holds copyright, readers
will have usage rights when the paper is purchased or
acquired.
20
Computer Crime
♦ Hard to predict for the following reason
– Low computer literacy among lawyers, police
agents, jurors, etc.
– Tangible evidence like fingerprints and
physical clues may not exist
– Forms of asset different
• Is computer time an asset?
– Juveniles
• Many involve juveniles
21
Cyber Crime
♦ Any illegal act committed using a computer
network (especially the Internet).
♦ A subset of Computer Crime.
♦ Trans-Frontiers Attacks
– Jurisdictions problems
Exercise
♦ Search for some Risk Analysis Tools on the internet OR
22