情報科学 1

Security

Hiroshi Toyoizumitoyoizumi@waseda.jp

情報科学 2

Today’s Contents

1. Examples of Security Threats1. Computer Virus2. Cracking3. Phishing

2. Basic of Cryptography

1. Examples of Security Threats1. Computer Virus2. Cracking3. Phishing

2. Basic of Cryptography

情報科学 3

Malicious Mobile Codes: Viruses and Worms

crackings

Viruses

情報科学 4

Laroux: Excel Macro Virus

情報科学 5

Current epidemics

情報科学 6

Cracking

1. Hijacking your machine.2. Stepping stone.3. Tamper with www pages.4. Leak of important information.

1. Hijacking your machine.2. Stepping stone.3. Tamper with www pages.4. Leak of important information.

情報科学 7

Scanning IP addresses

情報科学 8

Detect Windows shared folder

情報科学 9

Phishing

From http://www.cobb.com/phish/ebay.html

eBay (phishing) Asking you to go to the fake eBay site and submit your information of password of eBay.

情報科学 10

Detail of PhishingThe scammers typically send out an e-mail that appears to come from a trusted company such as a bank or an e-commerce Web site. The phishing messages attempt to lure people to a bogus Web site, where they're asked to divulge sensitive personal information. The attackers can then use those details to steal money from the victims' accounts.

According to a report from online privacy watchdog Truste, 7 out of 10 people who go online have received phishing e-mails, and 15 percent of those have successfully been duped into providing personal information.

From CNET NEWS http://news.com.com/Caught+in+a+phishing+trap/2100-1029_3-5453203.html

情報科学 11

How to protect cracking

» Anti-virus» Pacth» Encryption» Firewalls» IDS:Intrusion Detection System

» Anti-virus» Pacth» Encryption» Firewalls» IDS:Intrusion Detection System

情報科学 12

BlackICE: An IDS

情報科学 13

Secure communication using cryptography

» Encrypt important information. » Certify the other party.» Encrypt important information. » Certify the other party.

情報科学 14

Common key system 　 Cryptograhpy

Plain textSame key for encrypt and decrypt

Cipher text

情報科学 15

Give it a try! Cipher communication

AliceBob

情報科学 16

Any problems?

» It is easy to eavesdropping the key on thei internet.

» It is easy to eavesdropping the key on thei internet.

情報科学 17

Public Key Cryptograhpy

Plain text

Unique keys for encrypt and decrypt

Cipher text

情報科学 18

Give it a try! Public key cipher communication

AliceBob

情報科学 19

Any problems？» Swiching the public key. » Man-in-the-middle-attack.» Swiching the public key. » Man-in-the-middle-attack.

AliceBob

情報科学 20

Digital signaturePlain text Cipher text

1. A makes a cipher text using the key only known to A.

2. B decrypts the cipher text with the public key of A

3. This is the proof of the plain text is made by A!

情報科学 21

Key with digital signature

AliceBob

情報科学 22

Real cipher communication

情報科学 23

Public key and digital signature

情報科学 24

Certificate authority

情報科学 25

e-Government

情報科学 26

Examples of Topics1. Stop Blaming the Victims2. The author of Sasser3. Adware,Spyware4. Spoofing, Backdoor5. Personal Firewall6. Anti-virus7. Spam8. Intrusion Detection System9. Cookies, Java, Active-x10. Biometric11. Examples of Phishing12. Bots

1. Stop Blaming the Victims2. The author of Sasser3. Adware,Spyware4. Spoofing, Backdoor5. Personal Firewall6. Anti-virus7. Spam8. Intrusion Detection System9. Cookies, Java, Active-x10. Biometric11. Examples of Phishing12. Bots

情報科学 27

Role Play

» Cast Ohta （太田） : Employee of Microsoft Yamada （山田） : Employee of Takada del

ivery Employees of Waseda Hospital

»Tahara （田原） : accounting section»Yano （矢野） : freshman in general affair»Yamaguchi( 山口）： freshman in general affair

» Cast Ohta （太田） : Employee of Microsoft Yamada （山田） : Employee of Takada del

ivery Employees of Waseda Hospital

»Tahara （田原） : accounting section»Yano （矢野） : freshman in general affair»Yamaguchi( 山口）： freshman in general affair

情報科学 28

Scene 1: Call from Takada delivery

1. Yano: Hello, this is Yano, general affair section in Waseda Hospital.

2. Yamada: Hi, this is Takada delivery calling. It seems that one of our customer wrongly faxed her address to your company. Could you fax it to us?

3. (after checking the fax machine.)4. Yano: No, we haven’t received your fax.5. Yamada: You may found it other place… Maybe

in your accounting section? If you find it, please fax it to us at 03-1111-1111.

6. Yano: OK.

1. Yano: Hello, this is Yano, general affair section in Waseda Hospital.

2. Yamada: Hi, this is Takada delivery calling. It seems that one of our customer wrongly faxed her address to your company. Could you fax it to us?

3. (after checking the fax machine.)4. Yano: No, we haven’t received your fax.5. Yamada: You may found it other place… Maybe

in your accounting section? If you find it, please fax it to us at 03-1111-1111.

6. Yano: OK.

情報科学 29

Scene 2:Call from Microsoft

1.Ohta: Hello, this Ohta from Microsoft customer service. We found that your PC is sending too much viruses on the internet, and we received many complaints about it. Please download the anti-virus software that I will mention and install it on your PC.

2.Yano: Sure. Where can I find the software?

1.Ohta: Hello, this Ohta from Microsoft customer service. We found that your PC is sending too much viruses on the internet, and we received many complaints about it. Please download the anti-virus software that I will mention and install it on your PC.

2.Yano: Sure. Where can I find the software?

情報科学 30

Scene 3:Call from accounting

section1. Tahara: This is Tahara from accounting. Could you

do me a favor?2. Yamaguchi: Yes. What?3. Thara: Our computers are all infected by viruses, bu

t I need the address of a patient, Ryoko Hirosue. Could you call up the data on your screen and fax it to me at accounting section?

4. Yamaguchi: No problem.

1. Tahara: This is Tahara from accounting. Could you do me a favor?

2. Yamaguchi: Yes. What?3. Thara: Our computers are all infected by viruses, bu

t I need the address of a patient, Ryoko Hirosue. Could you call up the data on your screen and fax it to me at accounting section?

4. Yamaguchi: No problem.

情報科学 31

Quiz

» Did you find any security problem in the role-play?

» Write them down.» Describe the counter measures.

» Did you find any security problem in the role-play?

» Write them down.» Describe the counter measures.

情報科学 32

Steps to obtain the address of Hirosue.

1. By pretending Tahara of accounting section, have Yamaguchi to fax the address to accounting section.

2. By pretending a wrong fax, asking Yano to send the fax to Takada delivery.

Each employee did what seems to be OK, but as a whole it would make a leak of private information.

1. By pretending Tahara of accounting section, have Yamaguchi to fax the address to accounting section.

2. By pretending a wrong fax, asking Yano to send the fax to Takada delivery.

Each employee did what seems to be OK, but as a whole it would make a leak of private information.