Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
COMP416-Risk-and-threats_127798.pptx
1.
2. In the present era, not only business but almost all the
aspects of human life are driven by information.
Hence, it has become vital to protect useful
information from malicious activities such as attacks.
Let us consider the types of attacks to which
information is typically subjected to.
3. Attacks
Attacks are typically categorized based on the action
performed by the attacker. An attack, thus, can
be passive or active.
4. Passive Attacks
The main goal of a passive attack is to
obtain unauthorized access to the information.
For example, actions such as intercepting and
eavesdropping on the communication channel can be
regarded as passive attack.
5. Passive Attacks
These actions are passive in nature, as they neither
affect information nor disrupt the communication
channel. A passive attack is often seen as stealing
information. The only difference in stealing physical
goods and stealing information is that theft of data
still leaves the owner in possession of that data.
Passive information attack is thus more dangerous
than stealing of goods, as information theft may go
unnoticed by the owner.
6.
7. Active Attacks
An active attack involves changing the information in
some way by conducting some process on the
information. For example,
Modifying the information in an unauthorized manner.
Initiating unintended or unauthorized transmission of
information.
Alteration of authentication data such as originator name
or timestamp associated with information
Unauthorized deletion of data.
Denial of access to information for legitimate users (denial
of service).
8.
9. 1) Web Application
2) Vulnerabilities
3) Social Networks
4) Malware / Virus
5) DDOS attacks (Denial of Service)
6) Phishing
7) Social Engineering
8) Insider Threat
9) Software Vulnerabilities
10) Wireless
11) Botnet
12) Spam
13) Targeted mails
14 ) Murder
15) Reputation Loss
16) Scams
17) Identity Theft
18) Privacy
Violation
Threats and Attacks
11. Vulnerabilities:
Vulnerability comes from the
Latin word for "wound," vulnus
Vulnerability is a Weekness in
an information process, system
security procedures internal
control
13. Malware:
A virus is the most common type
of malware,
and it's defined as a malicious program that
can execute itself and spreads by infecting
other programs or files.
And spyware is a kind of malware and their
types: adware, bots, bugs, rootkits, spyware,
Trojan horses, viruses, and worms.
14. Phishing:
Phishing is a technique used to
gain personal information for
purposes of identity theft, using
fraudulent e-mail messages.
15. Social Engineering:
It is the most effective way to steal
confidential data from an
unsuspecting victims
Insider Threat:
An insider threat is a malicious threat to an
organization that comes from people within the
organization, such as employees, former
employees, contractors or business associates,
who have inside information concerning the
organization's security practices
16. Botnet:
first detected in 2007, is one of the best-known
and widely used malware types in the history
of information security and common types
are:
Conficker, Zeus, Waledac, Mariposa and
Kelihos.
17. Spam :
Spam is electronic junk
mail or junk newsgroup
postings
Targeted mails:
A targeted attack refers to a type
of threat in which threat actors
actively pursue and compromise
a target entity's infrastructure
while maintaining anonymity.
18. Scams:
The term SCAM in the online world has been
loosely translated. By definition, a scam is a
quick-profit scheme where a person cheats
another individual or group out of money by
presenting them with false information during
a deal or offer.
19.
20. Identity theft:
identity theft, also known as identity fraud, is a
crime in which an imposter obtains key pieces of
personally identifiable information, such as
Social Security or driver's license numbers, in order to
impersonate someone else.
and some identity theft is Social Security Identity
Theft.
Financial Identity Theft.
Driver's License Identity Theft.
Criminal Identity Theft.
Medical Identity Theft.
Insurance Identity Theft.
Synthetic Identity Theft.
21. Earlier Cryptographic Systems
Before proceeding further, you need to know some
facts about historical cryptosystems −
All of these systems are based on symmetric key
encryption scheme.
The only security service these systems provide is
confidentiality of information.
The earlier systems worked on alphabets as basic
element.
22. Earlier Cryptographic Systems
These earlier cryptographic systems are also referred to
as Ciphers.
In general, a cipher is simply just a set of steps (an
algorithm) for performing both an encryption, and the
corresponding decryption.
23. Caesar Cipher
It is a mono-alphabetic cipher wherein each letter of the
plaintext is substituted by another letter to form the
ciphertext. It is a simplest form of substitution cipher
scheme.
This cryptosystem is generally referred to as the Shift
Cipher. The concept is to replace each alphabet by another
alphabet which is ‘shifted’ by some fixed number between
0 and 25.
For this type of scheme, both sender and receiver agree on
a ‘secret shift number’ for shifting the alphabet. This
number which is between 0 and 25 becomes the key of
encryption.
24. Example of Shift Cipher
A shift cipher involves replacing each letter in the
message by a letter that is some fixed number of
positions further along in the alphabet. We’ll call this
number the encryption key. It is just the length of the
shift we are using. For example, upon encrypting the
message “cookie” using a shift cipher with encryption
key 3, we obtain the encoded message (or ciphertext):
FRRNLH.
25. Example of Shift Cipher
To make all of this more mathematical, consider the
following conversion table for the English alphabet:
i. Using the table, we can represent the letters in our
message “cookie” with their corresponding numbers:
2 14 14 10 8 4.
ii. Now add 3 (the encryption key) to each number to get:
5 17 17 13 11 7.
iii. Now use the table to replace these numbers with their
corresponding letters: FRRNLH
26. Monoalphabetic and
Polyalphabetic Cipher
Monoalphabetic cipher is a substitution cipher in
which for a given key, the cipher alphabet for each
plain alphabet is fixed throughout the encryption
process.
For example, if ‘A’ is encrypted as ‘D’, for any number
of occurrence in that plaintext, ‘A’ will always get
encrypted to ‘D’.
27. Monoalphabetic and
Polyalphabetic Cipher
Polyalphabetic Cipher is a substitution cipher in which
the cipher alphabet for the plain alphabet may be
different at different places during the encryption
process. The next two examples, playfair and
Vigenere Cipher are polyalphabetic ciphers.
28. Playfair Cipher
in this scheme, pairs of letters are encrypted, instead
of single letters as in the case of simple substitution
cipher.
In playfair cipher, initially a key table is created. The
key table is a 5×5 grid of alphabets that acts as the key
for encrypting the plaintext. Each of the 25 alphabets
must be unique and one letter of the alphabet (usually
J) is omitted from the table as we need only 25
alphabets instead of 26. If the plaintext contains J,
then it is replaced by I.
29. Playfair Cipher
The sender and the receiver deicide on a particular key,
say ‘tutorials’. In a key table, the first characters (going
left to right) in the table is the phrase, excluding the
duplicate letters. The rest of the table will be filled
with the remaining letters of the alphabet, in natural
order. The key table works out to be −
30. Process of Playfair Cipher
First, a plaintext message is split into pairs of two
letters (digraphs). If there is an odd number of letters,
a Z is added to the last letter. Let us say we want to
encrypt the message “hide money”. It will be written as
−
HI DE MO NE YZ
The rules of encryption are −
If both the letters are in the same column, take the letter
below each one (going back to the top if at the bottom)
31.
32. Playfair Cipher
If neither of the preceding two rules are true, form a
rectangle with the two letters and take the letters on
the horizontal opposite corner of the rectangle.
33. Playfair Cipher
Using these rules, the result of the encryption of ‘hide
money’ with the key of ‘tutorials’ would be −
QC EF NU MF ZV
Decrypting the Playfair cipher is as simple as doing the
same process in reverse. Receiver has the same key and
can create the same key table, and then decrypt any
messages made using that key.
34. Playfair Cipher
Security Value
It is also a substitution cipher and is difficult to break
compared to the simple substitution cipher. As in case
of substitution cipher, cryptanalysis is possible on the
Playfair cipher as well, however it would be against 625
possible pairs of letters (25x25 alphabets) instead of 26
different possible alphabets.
The Playfair cipher was used mainly to protect
important, yet non-critical secrets, as it is quick to use
and requires no special equipment.
35. Vigenere Cipher
Make a table
The key will be the same
size as plain text
If the key is small then
repeat the digit of key
E.x
p=CAD k=ad
then you make k=ada
A B C D E F . . .
A A B C D E F
B B C D E F G
C C D E F G H
D D E F G H I
E E F G H I J
F F G H I J K
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
36. Encryption in Vigenere Cipher
In this example k=CDE
and p=CAD
We will get cipher
text=EDH
A B C D E F . . .
A A B C D E F
B B C D E F G
C C D E F G H
D D E F G H I
E E F G H I J
F F G H I J K
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.