Chapter 1- Introduction

Brainstorming
1. Which one has more consequences
a. Data lost due to disasters such as a flood or fire, Or
b. Losing data to hackers or a malware infection
2. What type of data is more at risk?
a. Data resided on single computer or server
b. Data connected to internet
3. Every time data moves, it can be exposed to different dangers. Does stopping data from
moving a solution? To be meaningful data must be accessed and used by employees,
analyzed and researched for marketing purposes, used to contact customers, and even
shared with key partners.
4. Do you think protection of Privacy increases profitability?

We are living in the information age. We need to keep information about every aspect of our
lives. In other words, information is an asset that has a value like any other asset. As an asset
information needs to be secured from attacks. To be secured, information needs to be hidden
from unauthorized access (confidentiality), protected from unauthorized change (integrity), and
available to an authorized entity when it is needed (availability).
Until a few decades ago, the information collected by an organization was stored on physical
files. The confidentiality of the file was achieved by restricting the access to a few authorized
and trusted people in the organization. In the same way, only a few authorized people were
allowed to change the contents of the files. Availability was achieved by designating atleast one
person who would have access to the files at all times.
With the advent of computers, information storage became electronic. Instead of being stored
on physical media, it was stored in computers. The three security requirements however, did
not change. The files stored in computers require confidentiality, integrity and availability. The
implementation of these requirements, however, is different and more challenging.
The major change that affected security is the introduction of distributed systems and the use
of networks and communications facilities for carrying data between terminal user and
computer and between computer and computer. Network security measures are needed to
protect data during their transmission. In fact, the term network security is somewhat
misleading, because virtually all business, government, and academic organizations
interconnect their data processing equipment with a collection of interconnected networks.
Such a collection is often referred to as an internet, and the term internet security is used.
Computing systems are the resources to attackers. Today computers are very powerful, work at
unimaginable speed and at very high accuracy. With computers we now have new concerns
namely automated attacks, privacy breach, ease of theft etc.

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
Automating attacks
The speed of computers makes several attacks worthwhile. For example, in the real world,
suppose that someone manages to create a machine that can produce counterfeit coins, would
that not bother authorities? It certainly would. However, producing so many coins on a mass
scale may not be that much economical compared to the return on that investment! How many
such coins would the attacker be able to get into the market so rapidly? This is quite different
with computers. They are quite efficient and happy in doing routine, mundane and repetitive
tasks. For example, they would excel in somehow stealing a very low amount say half a dollar
from a million bank accounts in a matter of few minutes. This would give the attacker half a
million dollars possibly without any major complaints!
Privacy concerns
Collecting information about people and later misusing it is turning out to be a huge problem,
these days. The so called data mining applications gather process and tabulate all sorts of
details about individuals. People can then illegally sell this information. For example, companies
like Experian (formerly TRW), TransUnion and Equifax maintain credit history of individuals in
the USA. Similar trends are seen in the rest of the world. These companies have volumes of
information about a majority of citizens of that country. These companies can collect, collate,
polish and format all sorts of information to whosoever is ready to pay for that data! Examples
of information that can come out of this are: which store the person buys more from, which
restaurant she eats in, where she goes for vacations frequently and so on! Every company (Eg.
Shop keepers, banks, airlines, insurers) is collecting and processing a complex amount of
information about us, without we realizing when and how it is going to be used.
Distance does not matter
Thieves would earlier attack banks, because banks had money. Banks do not have money
today! Money is in digital form inside computers and moves around by using computer
networks. Therefore, a modern thief would perhaps not like to wear a mask and attempt a
robbery! Instead it is far easier and cheaper to attempt an attack on the computer system of
the bank, sitting at home! It may be far prudent for the attacker to break into the bank‟s
servers or steal credit card or ATM information from the comforts of her home or place of
work.
In 1995, A russian hacker broke into Citibank‟s computers remotely, stealing $12 million.
Although the attacker was traced, it was very difficult to get him extradited for the court case.

In 2014-15, Computer Emergency Response Team (CERT) Australia responded to

11,733 incidents affecting businesses, 218 of which involved systems of national interest and
critical infrastructure.
For countries to be trusted place in the world to do business it is must to understand cyber
threat and implement strong cyber defenses.

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
Symantec has established one of the most comprehensive sources of Internet threat data in the
world through the Symantec™ Global Intelligence Network, which is made up of more than 63.8
million attack sensors and records thousands of events per second. This network monitors
threat activity in over 157 countries and territories through a combination of Symantec
products and services, such as Symantec Deep Sight™ Intelligence, Symantec™ Managed
Security Services, Norton™ consumer products, and other third-party data sources.
At the close of 2015, the world experienced the largest data breach ever publicly reported. An
astounding 191 million records were exposed. It may have been the largest mega-breach, but it
wasn’t alone. In 2015, a record-setting total of nine mega-breaches were reported. (A mega-
breach is defined as a breach of more than 10 million records.)
The total reported number of exposed identities jumped 23 percent to 429 million. But this
number hides a bigger story. In 2015, more and more companies chose not to reveal the full
extent of the breaches they experienced. Companies choosing not to report the number of
records lost increased by 85 percent. A conservative estimate by Symantec of those unreported
breaches pushes the real number of records lost to more than half a billion.
Examples of Security Violations
 User A transmits a file to user B. The file contains sensitive information (e.g., payroll
records) that is to be protected from disclosure. User C, who is not authorized to read
the file, is able to monitor the transmission and capture a copy of the file during its
transmission.
 A network manager, D, transmits a message to a computer, E, under its management.
The message instructs computer E to update an authorization file to include the
identities of a number of new users who are to be given access to that computer. User F
intercepts the message, alters its contents to add or delete entries, and then forwards
the message to E, which accepts the message as coming from manager D and updates
its authorization file accordingly.
 Rather than intercept a message, user F constructs its own message with the desired
entries and transmits that message to E as if it had come from manager D. Computer E
accepts the message as coming from manager D and updates its authorization file
accordingly.
 An employee is fired without warning. The personnel manager sends a message to a
server system to invalidate the employee’s account. When the invalidation is
accomplished, the server is to post a notice to the employee’s file as confirmation of the
action. The employee is able to intercept the message and delay it long enough to make
a final access to the server to retrieve sensitive information. The message is then

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
 forwarded, the action taken, and the confirmation posted. The employee’s action may
go unnoticed for some considerable time.
 A message is sent from a customer to a stockbroker with instructions for various
transactions. Subsequently, the investments lose value and the customer denies sending
the message.
Goals of Information security computer security is defined as the protection pay for=to]\
an automated information system in order to attain the applicable objectives of preserving the
integrity, availability, and confidentiality of information system resources (includes hardware,
software, firmware, information/ data, and telecommunications).

This definition introduces three key Goals/objectives that are at the heart of information security.
 Confidentiality: This term covers two related concepts:
o Confidentiality: Assures that private or confidential information is not made
available or released to unauthorized individuals.
o Privacy: Assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information
may be disclosed.
o Example: Grade information should only be available to students, their parents, and
employees that require the information to do their job.
 Integrity: This term covers two related concepts:
o Data integrity: Assures that information and programs are changed only in a
specified and authorized manner.
o System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.
o Example: Several aspects of integrity are illustrated by the example of a hospital
patient’s allergy information stored in a database. The doctor should be able to
trust that the information is correct and current. Now suppose that an employee
(e.g., a nurse) who is authorized to view and update this information deliberately
falsifies the data to cause harm to the hospital.
 Availability: Assures that systems work promptly and service is not denied to authorized
users. These three concepts form what is often referred to as the CIA triad.
o E.g. A search for a website resulting unavailability
 Authenticity: The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or message originator. This
means verifying that users are who they say they are and that each input arriving at the
system came from a trusted source.
 Accountability: The security goal that generates the requirement for actions of an entity
to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
 isolation, intrusion detection and prevention, and after-action recovery and legal action.
Because truly secure systems are not yet an achievable goal, we must be able to trace a
security breach to a responsible party. Systems must keep records of their activities to
permit later forensic analysis to trace security breaches or to aid in transaction disputes.
OSI security architecture
The OSI security architecture focuses on security attacks, mechanisms, and services. These can
be defined briefly as follows:
Security attack
Security attack is any action that compromises the security of information owned by an
organization.
Security mechanism
A process (or a device incorporating such a process) that is designed to detect, prevent, or
recover from a security attack.
Security service
A processing or communication service that enhances the security of the data processing
systems and the information transfers of an organization. The services are intended to counter
security attacks, and they make use of one or more security mechanisms to provide the service.
In many literatures, the terms threat and attack are commonly used to mean more or less the
same thing. However RFC 2828 (RFC: Request For Comment- is a security standard)
differentiates threat and attack
Threat
Threat is a potential for violation of security, which exists when there is a circumstance,
capability, action, or event that could breach security and cause harm. That is, a threat is a
possible danger that might exploit vulnerability.
Attack
Attack is an assault on system security that derives from an intelligent threat; that is, an
intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to
evade security services and violate the security policy of a system.

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
Taxonomy of attacks

Attacks threatening confidentiality

In general, two types of attack threaten the confidentiality of information: snooping and traffic
analysis.

 Snooping refers to unauthorized access to or interception of data.

 Traffic analysis refers other types of information collected by an intruder by monitoring
online traffic.
Attacks threatening integrity
The integrity of data can be threatened by several kinds of attack:

 Modification
A modification attack is an attempt to modify information that the attacker is not
authorized to modify.
 Masquerading
A masquerade takes place when one entity pretends to be a different entity.
 Replaying
Involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect.
 Repudiation

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
 In a repudiation attack, false information may be given or a real event or transaction
may be denied.
Attacks threatening availability
Denial of service (DoS) attacks may slow down or totally interrupt the service of a system. The
attacker can use several strategies to achieve this. They might make the system so busy that it
collapses, or they might intercept messages sent in one direction and make the sending system
believe that one of the parties involved in the communication or message has lost the message
and that it should be resent.

Types of attacks
Attacks are generally classified as passive and active. A passive attack is an attempt to learn or
make use of information from the system without affecting system resources; whereas an
active attack is an attempt to alter system resources or affect their operation.
Passive Attacks
Passive attacks are in the nature of snooping on, or monitoring of, transmissions. The goal of the
opponent is to obtain information that is being transmitted. Two types of passive attacks are release of
message contents and traffic analysis.
The release of message contents is easily understood. A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or confidential information. We would like to
prevent an opponent from learning the contents of these transmissions.

A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of masking the
contents of messages or other information traffic so that opponents, even if they captured the message,
could not extract the information from the message. The common technique for masking contents is

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
encryption. If we had encryption protection in place, an opponent might still be able to observe the
pattern of these messages.

The opponent could determine the location and identity of communicating hosts and could observe the
frequency and length of messages being exchanged. This information might be useful in guessing the
nature of the communication that was taking place.
Passive attacks are very difficult to detect because they do not involve any alteration of the data.
Typically, the messages are sent and received in seemingly normal fashion. Neither the sender nor
receiver is aware that a third party has read the messages or observed the traffic pattern. However, it is
feasible to prevent the success of these attacks. Message encryption is a simple solution to thwart
passive attacks. Thus, the emphasis in dealing with passive attacks is on prevention rather than
detection.
Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream and can be
subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
Replay involves the passive capture of a data unit and its subsequent retransmission to produce an
unauthorized effect.

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
A masquerade takes place when one entity pretends to be a different entity. A masquerade attack
usually includes one of the other forms of active attack. For example, authentication sequences can be
captured and replayed after a valid authentication sequence has taken place, thus enabling an
authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those
privileges.

Modification of messages simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect. For example, a message
meaning "Allow John Smith to read confidential file accounts" is modified to mean "Allow Fred Brown to
read confidential file accounts."

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
The denial of service prevents or inhibits the normal use or management of communications facilities.
This attack may have a specific target; for example, an entity may suppress all messages directed to a
particular destination (e.g., the security audit service). Another form of service denial is the disruption of
an entire network, either by disabling the network or by overloading it with messages so as to degrade
performance. The information may be destroyed, converted into an unusable form, or shifted to an
inaccessible location.

C (Attacker) disrupts service to A

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
SECURITY MECHANISM
Security Mechanism is a mechanism that is designed to detect, prevent, or recover from a
security attack.
The following are lists of the security mechanisms defined in and ISO 7498-2.The mechanisms
are divided into those that are implemented in a specific protocol layer, such as TCP or an
application layer protocol, and those that are not specific to any particular protocol layer or
security.
SPECIFIC SECURITY MECHANISMS
May be incorporated into the appropriate protocol layer in order to provide some of the OSI
security services.
Encipherment
The use of mathematical algorithms to transform data into a form that is not readily intelligible.
The transformation and subsequent recovery of the data depend on an algorithm and zero or
more encryption keys.
Digital Signature
Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of
the data unit to prove the source and integrity of the data unit and protect against forgery (e.g.,
by the recipient).
Access Control
A variety of mechanisms that enforce access rights to resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
Authentication Exchange
A mechanism intended to ensure the identity of an entity by means of information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic analysis attempt Routing
Control
Enables selection of particular physically secure routes for certain data and allows routing
changes, especially when a breach of security is suspected.
Notarization
The use of a trusted third party to assure certain properties of a data exchange.
PERVASIVE SECURITY MECHANISMS
Mechanisms that are not specific to any particular OSI security service or protocol layer.
Trusted Functionality
That which is perceived to be correct with respect to some criteria (e.g., as established by a security
policy).
Security Label

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
The marking bound to a resource (which may be a data unit) that names or designates the security
attributes of that resource.

Event Detection
Detection of security-relevant events.
Security Audit Trail
Data collected and potentially used to facilitate a security audit, which is an independent review and
examination of system records and activities.
Security Recovery
Deals with requests from mechanisms, such as event handling and management functions, and takes
recovery actions.
SECURITY SERVICES

A processing or communication service that is provided by a system to give a specific kind of protection
to system resources; security services implement security policies and are implemented by security
mechanisms.
Authentication
The authentication service is concerned with assuring that a communication is authentic. In the
case of a single message, such as a warning or alarm signal, the function of the authentication
service is to assure the recipient that the message is from the source that it claims to be from.

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
In the case of an ongoing interaction, such as the connection of a terminal to a host, two
aspects are involved. First, at the time of connection initiation, the service assures that the two
entities are authentic (that is, that each is the entity that it claims to be). Second, the service
must assure that the connection is not interfered with in such a way that a third party can
masquerade as one of the two legitimate parties for the purposes of unauthorized transmission
or reception.
Two specific authentication services are defined in X.800:
 Peer entity authentication: Provides for the validation of the identity of a peer entity in
an association. Two entities are considered peers if they implement the same protocol
in different systems (e.g., two TCP modules in two communicating systems). Peer entity
authentication is provided for use at the establishment of or during the data transfer
phase of a connection. It attempts to provide confidence that an entity is not
performing either a masquerade or an unauthorized replay of a previous connection.
 Data origin authentication: Provides for the validation of the source of a data unit. It
does not provide protection against the duplication or modification of data units. This
type of service supports applications like electronic mail, where there are no prior
interactions between the communicating entities.
Access Control
In the context of network security, access control is the ability to limit and control the access to
host systems and applications via communications links. To achieve this, each entity trying to
gain access must first be identified, or authenticated, so that access rights can be tailored to
the individual.
Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With respect to the
content of a data transmission, several levels of protection can be identified. The broadest
service protects all user data transmitted between two users over a period of time. For
example, when a TCP connection is set up between two systems, this broad protection prevents
the release of any user data transmitted over the TCP connection. Narrower forms of this
service can also be defined, including the protection of a single message or even specific fields
within a message. These refinements are less useful than the broad approach and may even be
more complex and expensive to implement.
The other aspect of confidentiality is the protection of traffic flow from analysis. This requires
that an attacker not be able to observe the source and destination, frequency, length, or other
characteristics of the traffic on a communications facility.
Data Integrity
As with confidentiality, integrity can apply to a stream of messages, a single message, or
selected fields within a message. Again, the most useful and straightforward approach is total
stream protection. A connection-oriented integrity service deals with a stream of messages and

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
assures that messages are received as sent with no duplication, insertion, modification,
reordering, or replays. The destruction of data is also covered under this service. Thus, the
connection-oriented integrity service addresses both message stream modification and denial of
service. On the other hand, a connectionless integrity service deals with individual messages
without regard to any larger context and generally provides protection against message
modification only.
We can make a distinction between service with and without recovery. Because the integrity
service relates to active attacks, we are concerned with detection rather than prevention. If a
violation of integrity is detected, then the service may simply report this violation, and some
other portion of software or human intervention is required to recover from the violation.
Alternatively, there are mechanisms available to recover from the loss of integrity of data, as
we will review subsequently. The incorporation of automated recovery mechanisms is typically
the more attractive alternative.

Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus,
when a message is sent, the receiver can prove that the alleged sender in fact sent the
message. Similarly, when a message is received, the sender can prove that the alleged receiver
in fact received the message.
Availability Service
Both X.800 and RFC 2828 define availability to be the property of a system or a system resource
being accessible and usable upon demand by an authorized system entity, according to
performance specifications for the system (i.e., a system is available if it provides services
according to the system design whenever users request them). A variety of attacks can result in
the loss of or reduction in availability.
Some of these attacks are amenable to automated countermeasures, such as authentication
and encryption, whereas others require some sort of physical action to prevent or recover from
loss of availability of elements of a distributed system.
X.800 treats availability as a property to be associated with various security services. However,
it makes sense to call out specifically an availability service. An availability service is one that
protects a system to ensure its availability. This service addresses the security concerns raised
by denial-of-service attacks. It depends on proper management and control of system resources
and thus depends on access control service and other security services.

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)
 Security Services and Mechanisms
Mechanism
Service Encipherment Digital Access Data Authentication Traffic Routing Notarization
Signature Control Integrity Exchange Padding Control

Peer Entity Y Y Y
Authentication
Data-Origin Y Y
Authentication
Access Control Y
Confidentiality Y Y
Traffic-Flow Y Y Y
Confidentiality
Data Integrity Y Y Y
Nonrepudiation Y Y. Y

Availability Y Y

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software Engineering)