THE NEED FOR SECURITY

1. Basic Concepts

Most previous computer applications had no, or at best, very little security. When
computer applications were developed to handle financial and personal data, the real
need for security was felt like never before. People realized that data on computers is an
extremely important aspect of modern life.

Two typical examples of such security mechanisms were as follows:

 Provide a user identification and password to every user, and use that information to
authenticate a user.
 Encode information stored in the databases in some fashion, so that it is not visible
to users who do not have the right permission.

Organizations employed their own mechanisms in order to provide for these kinds of basic
security mechanisms. As technology improved, the communication infrastructure became
extremely mature, and newer applications began to be developed for various user demands
and needs. Soon, people realized the basic security measures were not quite enough.
Furthermore, the Internet took the world by storm. There were many examples of what
could happen if there was insufficient security built in applications developed for the
Internet. Figure 1.1 shows such an example of what can happen when you use your credit
card for making purchases over the Internet. From the user’s computer, the user details
such as user id, order details such as order id and item id,
and payment details such as credit-card information travel across the Internet to the server
(i.e. to the merchant’s computer). The merchant’s server stores these details in its database.

1. Modern Nature of Attacks

We can highlight a few salient features of the modern nature of attacks, as follows:

1. Automating Attacks
The speed of computers make several attacks worthwhile for miscreants. For
example, in the real world, let’s suppose someone manages to create a machine that
can produce counterfeit coins. For example, they would excel in somehow stealing a
very low amount (say half a dollar or 20 rupees) from a million bank accounts in a
matter of a few minutes. This would give the attacker a half million dollars possibly
without any major complaints!

2. Privacy Concerns
Collecting information about people and later (mis)using it is turning out to be a
huge problem these days. The so-called data mining applications gather, process,
and tabulate all sorts of details about individuals. People can then illegally sell this
information.
 3. Distance Does not Matter
Thieves would earlier attack banks, because banks had money. Banks do not have
money today! Money is in digital form inside computers, and moves around by using
computer networks. Therefore, a modern thief would perhaps not like to wear a
mask and attempt a robbery! Instead, it is far easier and cheaper to attempt an
attack on the computer systems of the bank while sitting at home!

SECURITY APPROACHES

1. Trusted Systems
A trusted system is a computer system that can be trusted to a specified extent to
enforce a specified security policy. Trusted systems often use the term reference
monitor.
Naturally, following are the expectations from the reference monitor:
(a) It should be tamper-proof.
(b) It should always be invoked.
(c) It should be small enough so that it can be tested independently.
2. Security Models

An organization can take several approaches to implement its security model. Let us
summarize these approaches.

1. No Security :
In this simplest case, the approach could be a decision to implement no security at all.
2. Security through Obscurity:
In this model, a system is secure simply because nobody knows about its existence and
contents. This approach cannot work for too long, as there are many ways an attacker
can come to know about it.
3. Host Security:
 In this scheme, the security for each host is enforced individually. This is a very safe
approach, but the trouble is that it cannot scale well. The complexity and diversity of
modern sites/organizations makes the task even harder.
4. Network Security:
Host security is tough to achieve as organizations grow and become more diverse. In
this technique, the focus is to control network access to various hosts and their services,
rather than individual host security. This is a very efficient and scalable model.
3. Security-Management Practices
Good security-management practices always talk of a security policy being in place.
Putting a security policy in place is actually quite tough. A good security policy and its
proper implementation go a long way in ensuring adequate security-management
practices.
A good security policy generally takes care of four key aspects, as follows.
 Affordability How much money and effort does this security implementation
cost?
 Functionality What is the mechanism of providing security?
 Cultural Issues Does the policy complement the people’s expectations,
working style and beliefs?
 Legality Does the policy meet the legal requirements?

Once a security policy is in place, the following points should be ensured.

(a) Explanation of the policy to all concerned.

(b) Outline everybody’s responsibilities.

(c) Use simple language in all communications.

(d) Accountability should be established.

(e) Provide for exceptions and periodic reviews.

PRINCIPLES OF SECURITY

1. Confidentiality
The principle of confidentiality specifies that only the sender and the intended
recipient(s) should be able to access the contents of a message. Confidentiality gets
compromised if an unauthorized person is able to access a message. An example of
compromising the confidentiality of a message is shown in Fig. 1.4. Here, the user of
computer A sends a message to the user of computer B. (Actually, from here
onwards, we shall use the term

A to mean the user A, B to mean user B, etc., although we shall just show the
computers of users A, B, etc.). Another user C gets access to this message, which is
not desired, and therefore defeats the purpose of confidentiality. An example of this
could be a confidential email message sent by A to B, which is accessed by C without
the permission or knowledge of A and B. This type of attack is called interception.

2. Authentication
Authentication mechanisms help establish proof of identities. The authentication
process ensures that the origin of an electronic message or document is correctly
identified. For instance, suppose that user C sends an electronic document over the
Internet to user B. However, the trouble is that user C had posed as user A when
he/she sent this document to user B. How would user B know that the message has
come from user C, who is posing as user A? A real-life example of this could be the
 case of a user C, posing as user A, sending a funds transfer request (from A’s account
to C’s account) to bank B. The bank might happily transfer the funds from A’s
account to C’s account—after all, it would think that user A has requested for the
funds transfer! This type of attack is called fabrication.

3. Integrity
When the contents of a message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is lost. For
example, suppose you write a check for $100 to pay for goods bought from the US.
However, when you see your next account statement, you are startled to see that
the check resulted in a payment of $1000! This is the case for loss of message
integrity. This type of attack is called modification.
4. Non-repudiation
There are situations where a user sends a message, and later on refuses that she had
sent that message. For instance, user A could send a funds transfer request to bank B
over the Internet. After the bank performs the funds transfer as per A’s instructions,
A could claim that he/she never sent the funds transfer instruction to the bank!
Thus, A repudiates, or denies, his/her funds transfer instruction. The principle of
non-repudiation defeats such possibilities of denying something after having done it.

5. Access Control
The principle of access control determines who should be able to access what. For instance,
we should be able to specify that user A can view the records in a database, but cannot
update them. However, user B might be allowed to make updates as well. An access-control
mechanism can be set up to ensure this.
Access control is broadly related to two areas:
1. role management and rule management. Role management concentrates on the user
side (which user can do what),
2. whereas rule management focuses on the resources side (which resource is accessible,
and under what circumstances).
6. Availability
The principle of availability states that resources (i.e. information) should be available to
authorized parties at all times. For example, due to the intentional actions of another
unauthorized user C, an authorized user A may not be able to contact a server computer B,
Such an attack is called interruption.
SECURITY SERVICES AND MECHANISMS

 AUTHENTICATION: The assurance that the communicating entity is the one that it claims to
be.
o Peer Entity Authentication: Used in association with a logical connection to provide
confidence in the identity of the entities connected.
o Data Origin Authentication: In a connectionless transfer, provides assurance that the
source of received data is as claimed.
 ACCESS CONTROL: The prevention of unauthorized use of a resource (i.e., this service
controls who can have access to a resource, under what conditions access can occur, and
what those accessing the resource are allowed to do).
 DATA CONFIDENTIALITY The protection of data from unauthorized disclosure.
o Connection Confidentiality: The protection of all user data on a connection.
o Connectionless Confidentiality: The protection of all user data in a single data block.
o Selective-Field Confidentiality: The confidentiality of selected fields within the user
data on a connection or in a single data block.
o Traffic Flow Confidentiality: The protection of the information that might be derived
from observation of traffic flows.
 DATA INTEGRITY: The assurance that data received are exactly as sent by an authorized
entity (i.e., contain no modification, insertion, deletion, or replay).
 o Connection Integrity with Recovery: Provides for the integrity of all user data on a
connection and detects any modification, insertion, deletion, or replay of any data
within an entire data sequence, with recovery attempted.
o Connection Integrity without Recovery: As above, but provides only detection
without recovery.
o Selective-Field Connection recovery: Integrity Provides for the integrity of selected
fields within the user data of a data block transferred over a connection and takes
the form of determination of whether the selected fields have been modified,
inserted, deleted, or replayed.
o Connectionless Integrity: Provides for the integrity of a single connectionless data
block and may take the form of detection of data modification. Additionally, a
limited form of replay detection may be provided.
o Selective-Field Connectionless Integrity: Provides for the integrity of selected fields
within a single connectionless data block; takes the form of determination of
whether the selected fields have been modified.
 NONREPUDIATION: Provides protection against denial by one of the entities involved in a
communication of having participated in all or part of the communication.
o Nonrepudiation, Origin: Proof that the message was sent by the specified party.
Nonrepudiation, Destination: Proof that the message was received by the specified
party.

Encipherment: The use of mathematical algorithms to transform data into a form that is not readily
intelligible. The transformation and subsequent recovery of the data depend on an algorithm and
zero or more encryption keys.
Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a
recipient of the data unit to prove the source and integrity of the data unit and protect against
forgery (e.g., by the recipient).

Access Control: A variety of mechanisms that enforce access rights to resources.

Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data
units.

Authentication Exchange :A mechanism intended to ensure the identity of an entity by means of

information exchange.

Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Routing Control: Enables selection of particular physically secure routes for certain data and allows
routing changes, especially when a breach of security is suspected.

Notarization: The use of a trusted third party to assure certain properties of a data exchange.

Attacks:
A General View From a common person’s point of view, we can classify attacks into three
categories,

1. Criminal Attacks: Criminal attacks are the simplest to understand. Here, the sole aim of the
attackers is to maximize financial gain by attacking computer system.
2. Publicity Attacks: Publicity attacks occur because the attackers want to see their names
appear on television news channels and newspapers. History suggests that these types of
attackers are usually not hardcore criminals. They are people such as students in universities
or employees in large organizations, who seek publicity by adopting a novel approach of
attacking computer system.
3. Legal Attacks: This form of attack is quite novel and unique. Here, the attacker tries to make
the judge or the jury doubtful about the security of a computer system. This works as
follows. The attacker attacks the computer system, and the attacked party (say a bank or an
organization) manages to take the attacker to the court. While the case is being fought, the
attacker tries to convince the judge and the jury that there is inherent weakness in the
computer system and that she has done nothing wrongful. The aim of the attacker is to
exploit the weakness of the judge and the jury in technological matters.

Attacks: A Technical View

From a technical point of view, we can classify the types of attacks on computers and network
systems into two categories for better understanding:

(a) Theoretical concepts behind these attacks, and

 (b) Practical approaches used by the attackers.

1. Theoretical Concepts As we discussed earlier, the principles of security face threat from
various attacks. These attacks are generally classified into four categories, as mentioned earlier.
These are the following:

 Interception: It has been discussed in the context of confidentiality earlier. It means that
an unauthorized party has gained access to a resource. The party can be a person,
program, or computer-based system. Examples of interception are copying of data or
programs, and listening to network traffic.
 Fabrication: It has been discussed in the context of authentication earlier. This involves
the creation of illegal objects on a computer system. For example, the attacker may add
fake records to a database.
 Modification: It has been discussed in the context of integrity earlier. Here, the attacker
may modify the values in a database.
 Interruption: It has been discussed in the context of availability earlier. Here, the
resource becomes unavailable, lost, or unusable. Examples of interruption are causing
problems to a hardware device, erasing program, data, or operating-system
components.

These attacks are further grouped into two types:

a) passive attacks and

b) active attacks,
a) Passive attacks do not involve any modifications to the contents of an original message.

Further classification of passive attacks into two sub-categories. These categories are, namely

1. release of message contents and

2. traffic analysis.

Release of message contents is quite simple to understand. When you send a confidential email
message to your friend, you desire that only he/she be able to access it. Otherwise, the contents of
the message are released against our wishes to someone else. Using certain security mechanisms,
we can prevent the release of message contents.

However, if many such messages are passing through, a passive attacker could try to figure out
similarities between them to come up with some sort of pattern that provides her some clues
regarding the communication that is taking place. Such attempts of analyzing (encoded) messages to
come up with likely patterns are the work of the traffic-analysis attack.

(b) Active Attacks:

Unlike passive attacks, the active attacks are based on the modification of the original message in
some manner, or in the creation of a false message. These attacks cannot be prevented easily.
However, they can be detected with some effort, and attempts can be made to recover from them.
These attacks can be in the form of interruption, modification and fabrication. In active attacks, the
contents of the original message are modified in some way.

● Trying to pose as another entity involves masquerade attacks.

● Modification attacks can be classified further into replay attacks and alteration of messages.

● Fabrication causes Denial Of Service (DOS) attacks.

Masquerade is caused when an unauthorized entity pretends to be another entity. As we have seen,
user C might pose as user A and send a message to user B. User B might be led to believe that the
message indeed came from user A. In masquerade attacks, an entity poses as another entity. In
masquerade attacks, usually some other forms of active attacks are also embedded. As an instance,
the attack may involve capturing the user’s authentication sequence (e.g. user ID and password).
Later, those details can be replayed to gain illegal access to the computer system.

In a replay attack, a user captures a sequence of events, or some data units, and re-sends them. For
instance, suppose user A wants to transfer some amount to user C’s bank account. Both users A and
C have accounts with bank B. User A might send an electronic message to bank B, requesting for the
funds transfer.

Alteration of messages involves some change to the original message. For instance, suppose user A
sends an electronic message Transfer $1000 to D’s account to bank B. User C might capture this, and
change it to.

Denial Of Service (DOS) attacks make an attempt to prevent legitimate users from accessing some
services, which they are eligible for. For instance, an unauthorized user might send too many login
requests to a server using random user ids in quick succession, so as to flood the network and deny
other legitimate users to use the network facilities.

The Practical Side of Attacks

The attacks discussed earlier can come in a number of forms in real life. They can be classified into
two broad categories: application-level attacks and network-level attacks,

1. Application-level Attacks: These attacks happen at an application level in the sense that the
attacker attempts to access, modify, or prevent access to information of a particular application, or
the application itself. Examples of this are trying to obtain someone’s credit-card information on the
Internet, or changing the contents of a message to change the amount in a transaction, etc.

2. Network-level Attacks: These attacks generally aim at reducing the capabilities of a network by a
number of possible means. These attacks generally make an attempt to either slow down, or
completely bring to halt, a computer network. Note that this automatically can lead to application-
level attacks, because once someone is able to gain access to a network, usually he/she is able to
access/modify at least some sensitive information, causing havoc.
Attacks on wireless networks

We can classify the attacks on wireless networks into four primary categories:

 Passive attacks - In passive attacks, the attacker silently monitors the wireless
communication without disrupting or altering the data. The goal is to gather
sensitive information.
 Active attacks - In active attacks, the attacker actively alters or disrupts the wireless
communication, aiming to cause damage, gain unauthorized access, or manipulate
data.
 Person-in-the-middle attacks - MITM attacks involve an attacker positioning
themselves between two communicating parties to intercept, manipulate, or steal
data.
 Jamming attacks - Jamming attacks involve intentionally flooding the wireless
network with interference, making it difficult or impossible for legitimate devices to
communicate.

Programs that Attack

A few programs that attack computer systems to cause some damage or to create confusion.

1. Virus
A virus is a computer program that attaches itself to another legitimate program, and
causes damage to the computer system or to the network.
During its lifetime, a virus goes through four phases:
(a) Dormant Phase: Here, the virus is idle. It gets activated based on a certain action or
event (e.g. the user typing a certain key or a certain date or time is reached, etc). This is an
optional phase.
(b) Propagation Phase: In this phase, a virus copies itself, and each copy starts creating
more copies of itself, thus propagating the virus.
(c) Triggering Phase: A dormant virus moves into this phase when the action/event for
which it was waiting is initiated.
(d) Execution Phase: This is the actual work of the virus, which could be harmless (display
some message on the screen) or destructive (delete a file on the disk).
 Viruses can be classified into the following categories:
(a) Parasitic Virus: This is the most common form of virus. Such a virus attaches itself to
executable files and keeps replicating. Whenever the infected file is executed, the virus looks
for other executable files to attach itself and spread.
(b) Memory-resident Virus: This type of virus first attaches itself to an area of the main
memory and then infects every executable program that is executed.
(c) Boot sector Virus: This type of virus infects the master boot record of the disk and
spreads on the disk when the operating system starts booting the computer.
(d) Stealth Virus: This virus has intelligence built in, which prevents anti-virus software
programs from detecting it.
(e) Polymorphic Virus: A virus that keeps changing its signature (i.e. identity) on every
execution, making it very difficult to detect.
(f) Metamorphic Virus: In addition to changing its signature like a polymorphic virus, this
type of virus keeps rewriting itself every time, making its detection even harder.

2. Worm

A worm does not perform any destructive actions, and instead, only consumes system
resources to bring it down.

3. Trojan Horse

A Trojan horse allows an attacker to obtain some confidential information about a

computer or a network.

Dealing with Viruses

Preventing viruses is the best option. However, in today’s world, it is almost impossible to achieve
security given that the world is connected to the Internet all the time. We have to accept that
viruses will attack, and we would need to find ways to deal with them. Hence, we can attempt to
detect, identify, and remove viruses.
Detection of viruses involves locating the virus, having known that a virus has attacked. Then we
need to identify the specific virus that has attacked. Finally, we need to remove it. For this, we need
to remove all traces of the virus and restore the affected programs/files to their original states. This
is done by anti-virus software.

Anti-virus software is classified into four generations,