Cyber Crimes and Internet Security
िशवकुमार G. Sivakumar சிவகுமா
Computer Science and Engineering
भारतीय ूौोिगकी संान मुंबई (IIT Bombay) siva@iitb.ac.in
April 29, 2016
• The Good (Web 3.0, 3rd Platform, Emerging Trends)
• The Bad (Security- sine qua non! Threats, Vulnerabilities)
• The Ugly(Tools for Defence, Offence)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityBlind men and the Elephant - अ-गज ायः
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityTakeaways from Talk
• Web 3.0, 3rd platform (SMAC + IoT).
• Recent Attacks, Vulnerabilities, Defence Mechanisms.
• Different Perspectives
• Researcher (Protocol Security, Formal Methods)
• Defender (IITB Case Study: Iptables/Netfiler firewall, OSSIM)
• Attacker (Metasploit Framework)
• Investigator (Forensics using Autopsy, Wireshark, SiLK (netflow))
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Securityपूव प (Purva Paksha) for Web 3.0
Web 1.0 may have democratized access to information, but it is like drinking water from a fire hose!
Search engines provide partial solutions, but cannot combine, categorize and infer!
Web 2.0 may have allowed right to assembly/collaboartion, but
• Proliferated unreliable, contradictory information.
• Facilitated malicious uses including loss of privacy, security.
What do you want from Web 3.0?
What you want to see/hear when you wakeup?
I have a dream ...
AI meets the web!
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecuritySemantic Web
The application layer tapping the hardware (Web 1.0) and OS (Web 2.0)?
Ramana
Maharishi author-of
Naan Yaar?
Aksharamanamalai
Vichara Mani Mala Reality in Forty Verses
contemporaries Kanchi Chan- drasekara Saraswathi Jiddu
Krish- namurti Place: Tiru-
vannamali, Tamil Nadu Lived
30/12/1879 to 14/4/1950
Combined, categorized information inferred from various sites, languages. www.dbpedia.org comes close today!
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityRevival of AI
• Statistical Machine Learning (Unsupervised)
• Deep learning (structured learning, hierarchical learning or deep machine learning) models high-level abstractions in data by using multiple processing layers, with complex structures or otherwise, composed of multiple non-linear transformations.
• sens.ai
Connects to public, premium and proprietary unstructured and semi-structured data sets so that non-obvious
patterns related to money laundering and related suspicious activities can be identified, analyzed, and reported.
• Bots (not Botnets )
Microsoft’s experimental Mandarin-language bot, Xiaolce huge hit in China! (Whay Bots do professors use?)
• Algorithmic personality detection.
Predict financial risk from your facebook, twitter, ...
activity.
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Security3rd platform: SMAC + IoT
3rd Platform Social
Mobile
Analytics
Cloud Internet
of Things
• Main Frame (1960s ...)
• Client Server (1990s ...)
• Today (Handheld, Pervasive Computing)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Security3rd platform: SMAC + IoT
3rd Platform Social
Mobile
Analytics
Cloud Internet
of Things
• What’s App (how many engineers?)
• Facebook, Twitter, GooglePlus ...
• Web 2.0 (Right to Assembly)
• Crowdsourcing (Wikipedia)
• Crowdfunding (no banks!)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Security3rd platform: SMAC + IoT
3rd Platform Social
Mobile
Analytics
Cloud Internet
of Things
• Phone (Smart, Not-so-smart!)
• Wearables! (Google glass, Haptic)
• Internet of “Me” (highly personalized) Business (no generic products!)
• BYOx: Device security, App/content management nightmare.
• Data Loss Prevention (Fortress Approach - Firewall, IDS/IPS - won’t work!)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Security3rd platform: SMAC + IoT
3rd Platform Social
Mobile
Analytics
Cloud Internet
of Things
• Big Data
• Volume, Variety, Velocity, Veracity
• ACID properties Database not needed
• Hadoop, Map Reduce, NoSql
• Knowledge is Power!
• Collect, Analyse, Infer, Predict
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Security3rd platform: SMAC + IoT
3rd Platform Social
Mobile
Analytics
Cloud Internet
of Things
• Moore’s law
• What could fit in a building .. room ... pocket ... blood cell!
• Containers Analogy from Shipping
• VMs separate OS from bare metal (at great cost- Hypervisor, OS image)
• Docker- separates apps from OS/infra using containers.
• Like IaaS, PaaS, SaaS Have you heard of CaaS?
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Security3rd platform: SMAC + IoT
3rd Platform Social
Mobile
Analytics
Cloud Internet
of Things
• Sensors (Location, Temperature, Motion, Sound, Vibration, Pressure, Current, ....)
• Device Eco System (Smart Phones, Communicate with so many servers!)
• Ambient Services (Maps, Messaging, Traffic modelling and prediction, ...)
• Business Use Cases (Ola Cabs, Home Depot, Philips Healthcare, ...)
• Impact on wireless bandwdith, storage, analytics (velocity of BIG data, not size)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWhat are Cyber crimes?
Cybercrime
Activity in which computers or networks are a tool, a target, or a place of criminal activity. (Categories not exclusive).
• Against People
• Cyber Stalking and Harrassment
• (Child) Pornography
• Phishing, Identity Theft, Nigerian 419
• Against Property
• Cracking, Virus and Spam
• Software/Entertainment Piracy
• Trade secrets, espionage
• Cyber Terrorism!
• Hactivism! (in some countries!)
• Information Warfare
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecuritySome Examples
Food for thought...
• Recent Examples later ...
• Vikram Buddhi, Assange, Snowden, Panama papers
• Stuxnet
Stuxnet is a computer worm discovered in June 2010 that is believed to have been created by the U nited States and Israel to attack Iran’s nuclear facilities. Stuxnet initially spreads via Mic rosoft Windows, and targets Siemens industrial control systems. While it is not the first time th at hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.
• Flame (Iran Oil terminals, 2012)
• DarkSeoul
Check out Wikipedia for more.
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWhat’s Bad about Computers and Internet?
• “Can’t live with them, can’t live without them!”
• Know Your Enemy (threats/Vulnerabilities)
Can cyber/internet crimes cause events like the following?
• July 2006 Mumbai rains
• 26/11 attack on Mumbai
• Gulf of Mexico oil spill
• Mangalore air crash
• Stop all Mumbai local trains
• Damage BARC nuclear reactor
• Disrupt all Mumbai mobile phones? (Prof.
Jhunjhunwala’s example)
• How to protect Critical National Infrastructure?
• Passive Defence
• Counter Intelligence (Technical side)
• Demo from atlas.arbor.net and cert-in.org.in Your questions/suggestions now will be invaluable!
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityOperation C-Major
Trend Micro report (Apr 2016) with all details avaialable at http://documents.trendmicro.com/assets/pdf/Indian-military- personnel-targeted-by-information-theft-campaign-cmajor.pdf The Trend Micro Forward-Looking Threat Research team recently uncovered an information theft campaign in India that has stolen passport scans, photo IDs, and tax information of high- ranking Indian military officers, non-Indian military attaché based in the said country, among others.
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityMajor Incidents in 2015
From www.wired.com/2015/12/the-years-11-biggest-hacks- from-ashley-madison-to-opm
• Office of Personnel Management. (OPM) - 21 million, including fingerprint files of govt. employees.
• Juniper NetScreen Firewalls - hardcoded backdoor password.
and hole in Dual-EC encryption. ( Apple/Fbi now)
• Ashley Madison - online partner site. blackmail.
payment/transaction data exposed many.
• Gemalto - Dutch Sim cards manufacturer
• Kaspersky Lab -stole research on how to bypass
• Hacking Team - white hats used to “bug” activists in morocco, uae, syria.
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityMajor Incidents in 2015 (ctd.)
• CIA Director John Brennan – socially phihsed his personal details, hacked AOL email and got sensitive data
• Experian’s T-Mobile Customers - 15 million applicants personal info- for credit check..
• LastPass - easy to store passwords with master key= hacked!
• IRS - accessed 1 lakh returns
• Anthem - health care records Even more recent
• Locky (Ransomware),
• Mazar Bot (Android malware),
• Whose side are you on? ... Why?
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityBig Bong Theory
• Korean Banking malware
• Detailed report at www.arbornetworks.com (ASERT)
• Patiently wait for opportunity to strike!
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecuritySecurity Concerns
Match the following!
Problems Attackers
Highly contagious viruses Unintended blunders
Defacing web pages Disgruntled employees or customers Credit card number theft Organized crime
On-line scams Foreign espionage agents Intellectual property theft Hackers driven by technical challenge
Wiping out data Petty criminals Denial of service Organized terror groups
Spam E-mails Information warfare
Reading private files ...
Surveillance ...
• Crackers vs. Hackers
• Note how much resources available to attackers.
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityAtlas.arbor.net
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityAtlas.arbor.net
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityAtlas.arbor.net
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityAtlas.arbor.net
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityReal-time Intelligence- atlas.arbor.net
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWho is scanning?
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWho is hosting phising sites?
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityMalicious Servers
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Securitycert-in.org.in
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Securitycert-in.org.in
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Securitycert-in.org.in
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet Securitycert-in.org.in
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityVulnerabilities
• Application Security
• Buggy code
• Buffer Overflows
• Host Security
• Server side (multi-user/application)
• Client side (virus)
• Transmission Security
A B
C Network Security Secrecy
Integrity
Availability
A B
C
A B
C
A B
C
(Modification) (Fabrication)
(Denial of Service attack)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWhat is a Computer Network?
TWO
or MORE
COMPUTERS sharing a LINK!
Point-to-Point
Shared Media (LAN)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecuritySo, what’s Internet?
• A bottom-up collection (interconnection) of networks
• TCP/IP is the only common factor
• Bureaucracy-free, reliable, cheap
• Decentralized, democratic, chaotic
• Internet Society (www.isoc.org)
• Internet Engineering Task Force (www.ietf.org)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWhy is Internet Vulnerable?
Quick overview of how Internet works.
Connectionless Best-Effort Datagram Routing through Internet
Analogy with PostCards
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityInternet Attacks Toolkits (Youtube)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityInternet Attacks Timeline
From training material at http://www.cert-in.org.in/
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityInternet Attack Trends
From training material at http://www.cert-in.org.in/
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecuritySecurity Requirements
Informal statements (formal is much harder)
• Confidentiality Protection from disclosure to unauthorized persons
• Integrity Assurance that information has not been modified unauthorizedly.
• Authentication Assurance of identity of originator of information.
• Non-Repudiation Originator cannot deny sending the message.
• Availability Not able to use system or communicate when desired.
• Anonymity/Pseudonomity For applications like voting, instructor evaluation.
• Traffic Analysis Should not even know who is communicating with whom. Why?
• Emerging Applications Online Voting, Auctions (more later)
And all this with postcards (IP datagrams)!
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecuritySecurity Landscape
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecuritySecurity Mechanisms
• System Security: “Nothing bad happens to my computers and equipment”
virus, trojan-horse, logic/time-bombs, ...
• Network Security:
• Authentication Mechanisms “you are who you say you are”
• Access Control Firewalls, Proxies “who can do what”
• Data Security: “for your eyes only”
• Encryption, Digests, Signatures, ...
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityNetwork Security Mechanism Layers
Application
TCP/Socket
IP
Data Comm.
Application
TCP/Socket
IP
Data Comm.
IPv6, AH, ..
SSL, TLS PGP
S-HTTP, S-MIME
Firewalls
Encryption can be done at any level!
Higher-up: more overhead (for each application) but better control
Cryptograhphic Protocols underly all security mechanisms.
Real Challenge to design good ones for key establishment, mutual authentication etc.
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityCryptography and Data Security
• sine qua non [without this nothing :-]
• Historically who used first? (L & M)
• Code Language in joint families!
Confidentiality Data Integrity Authentication Non-Repudiation
Encryption Digital
Signature Message
authentication User
Identification
Ciphers Block Stream
Ciphers Hashing Signatures
Pubic-Key Methods Secret Key
Establishment
Key Management
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityExchanging Secrets
Goal
A and B to agree on a secret number. But, C can listen to all their conversation.
Solution?
A tells B: I’ll send you 3 numbers. Let’s use their LCM as the key.
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityExchanging Secrets
Goal
A and B to agree on a secret number. But, C can listen to all their conversation.
Solution?
A tells B: I’ll send you 3 numbers. Let’s use their LCM as the key.
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityMotivation for Session keys
Combine Symmetric (fast) and Asymmetric (very slow) Methods using session (ephemeral) keys for the following additional reasons.
• Limit available cipher text (under a fixed key) for cryptanalytic attack;
• Limit exposure with respect to both time period and quantity of data, in the event of (session) key compromise;
• Avoid long-term storage of a large number of distinct secret keys (in the case where one terminal communicates with a large number of others), by creating keys only when actually required;
• Create independence across communications sessions or applications. No replay attacks.
How to establish session keys over insecure medium where adversary is listening to everything?
Can be done even without any public key! Randomization to rescue (like in CSMA/CD of Ethernet).
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityDiffie-Hellman Key Establishment Protocol
Alice Bob
Choose N Choose N
Send Send
Compute Compute
8
13 4
P,g
gN a
mod P gN bmod P
a b
45 4 mod 13 5
8
m a mb
Kab= m bN a
mod P m aN b
mod P = Kba
3 5 mod 13 = 9 = 10 8 mod 13
= 3 mod 13= 10
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityMan-in-the-middle attack
Vishwanathan Anand
Gary
Kasparov
Siva
e4 e4
c5 c5
• Authentication was missing!
• Can be solved if Kasparov and Anand know each other’s public key (Needham-Schroeder).
• Yes, but different attack possible.
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWhy Are Security Protocols Often Wrong?
They are trivial programs built from simple primitives, BUT, they are complicated by
• concurrency
• a hostile environment
• a bad user controls the network
• Concern: active attacks masquerading, replay, man-in-middle, etc.
• vague specifications
• we have to guess what is wanted
• Ill-defined concepts
Protocol flaws rather than cryptosystem weaknesses Formal Methods needed!
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityZero-Knowledge Proofs
Goal
A to prove to B that she knows how to solve the cube.
Without actually revealing the solution!
Solution?
A tells B: Close your eyes, let me solve it...
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityZero-Knowledge Proofs
Goal
A to prove to B that she knows how to solve the cube.
Without actually revealing the solution!
Solution?
A tells B: Close your eyes, let me solve it...
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityIIT Bombay Case Study (Defender’s Perspective)
• Campus Network Infrastructure
• Academic Area
• Hostels
• Residential
• Hardware and Network (the easy part!)
• Gigabit L3 switches
• 10 Mbps Internet (4 Links)
• 5000+ nodes
• Applications (Complex enough)
• Web Browsing/Hosting
• Users and Management (Nightmare begins)
• MisUse (mp3, movie, porn, hacking, fake mails, ...)
• CCTeam
• We carry your Bytes
• Our T-shirt (cows, dogs, leopards!)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityIIT-B’s WAN Links and Firewall
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityImportant LAN Issues
Important Considerations
• Virus, Spware
• Wrong IP addresses
• Wireless Access (guest house, conference halls)
• Static MAC-IP mapping
• Software Piracy
• Illegal Content (pornography,...)
• ...
Good LAN design can help a lot with this...
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityCritical Network Services
• Firewall (Security sine qua non)
• Domain Name Service (DNS) http://cr.yp.to/djbdns/
• Directory Services (LDAP)
• Virus Scanning clamav.elektrapro.com
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityCritical Network (WAN) Services
• E-mail (www.qmail.org)
• Newsgroups (inn)
• Web Proxy
• WWW Servers (httpd.apache.org)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityFirewall
• Inside IIT we have 50+ IP subnets.
• Over 5000 nodes.
• All Private addresses 10.x.y.z
• 4 Different WAN subnets
• 128, 64, 32, 32 address only!
• iptables (www.iptables.org) to the rescue.
• Selective services/machines opened up
• Incoming ssh to different dept. servers.
• Outgoing ssh, Yahoo/MSN chat
• Outgoing port for SciFinder
• Outgoing ftp from select machines
• Making a good policy is the hardest!
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWhy Monitor?
िचनीया िह िवपदां आदावेव ूितिबया
न कूपखननं युं ूदीे विना गृहे
The effect of disasters should be thought of beforehand. It is not appropriate to start digging a well when the house is ablaze with fire.
Security cannot be an afterthought!
There is a tide in the affairs of men, Which taken at the flood, leads on to fortune. Omitted, all the voyage of their life is bound in shallows and in miseries. Shakespeare
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityMonitoring Network and Services
How to answer the following questions?
1
How much traffic in/out? Anything abnormal?
2
How many emails came from outside IIT?
3
Who are the top 10 senders/receivers/domains?
4
Is anyone trying to spam/relay/DoS/break mail servers?
5
How much bandwidth is used for browsing? Top domains?
6
What are the biggest size downloads?
7
Is anyone attacking academic office from hostels?
Where is all this information? How to find out?
Reactive, static reports, pro-active, alerts?
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityNetwork, Services and User Management
Eternal vigilance is the price of liberty!
• How is network doing?
• Are all services up?
• How much email in/out? How many viruses?
• Who’s using Web proxy? For what?
• Are User’s happy? www.gnu.org/software/gnats
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityIIT Bombay WAN Links
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityIIT Bombay WAN Links
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityIIT Bombay WAN Links
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityNagios
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityNagios (ctd.)
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityMail Usage Statistics
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityMail Usage Statistics
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityMail Server Statistics
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityMail Server Statistics
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWeb Proxy Usage
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWeb Server Hits
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityWeb Server Hits
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecurityLog Archival at IIT Bombay
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecuritySquid Logs
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecuritySecurity Information and Event Management (SIEM)
OSSEC and OSSIM tool suite.
ELK (Elastic Search, LogStash, Kibana) Framework
िशवकुमार
G. Sivakumarசிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crimes and Internet SecuritySIEM Architecture
Image Reference : Unified Open Source Security- Santiago González Bassett, Alien Vault
www.ossec.net/files/OpenSourceSecurity 2013.pptx