Cyber Security

There are bad guys (and girls) out there!

Q: What can a “bad guy” do?
A: A lot! (recall section 1.6)
• eavesdrop: intercept messages
• actively insert messages into connection
• impersonation: can fake (spoof) source address in packet (or any
field in packet)
• hijacking: “take over” ongoing connection by removing sender or
receiver, inserting himself in place
• denial of service: prevent service from being used by others (e.g.,
by overloading resources)

https://gaia.cs.umass.edu/kurose_ross/ppt.php
What is network security?
confidentiality: only sender, intended receiver should “understand”
message contents
• sender encrypts message
• receiver decrypts message
authentication: sender, receiver want to confirm identity of each
other
message integrity: sender, receiver want to ensure message not
altered (in transit, or afterwards) without detection
access and availability: services must be accessible and available to
users

https://gaia.cs.umass.edu/kurose_ross/ppt.php
Authentication
• Authentication is used by a server when the server needs to
know exactly who is accessing their information, service or site.

• Authentication is used by a client when the client needs to know

that the server is system it claims to be.

• In authentication, the user or computer has to prove its identity

to the server or client.

• Usually, authentication by a server entails the use of a

use-name and password. Other ways to authenticate can be
through cards, retina scans, voice recognition, and fingerprints.
source: https://www.bu.edu/tech/about/security-resources/bestpractice/auth/
Authentication

• Authentication by a client usually involves the server giving a

certificate to the client.
• In which a trusted third party such as Verisign or Thawte states
that the server belongs to the entity (such as a bank) that the
client expects it to.

• Authentication does not determine what tasks the individual can

do or what files the individual can see. Authentication merely
identifies and verifies who the person or system is.

source:
https://www.bu.edu/tech/about/security-resources/bestpracti
ce/auth/
Authorization

• Authorization is a process by which a server determines if the

client has permission to use a resource or access a file.
• Authorization is usually coupled with authentication so that the
server has some concept of who the client is that is requesting
access.
• The type of authentication required for authorization may vary;
passwords may be required in some cases but not in others.

source: https://www.bu.edu/tech/about/security-resources/bestpractice/auth/
Authorization

• In some cases, there is no authorization; any user may use a

resource or access a file simply by asking for it. Most of the web
pages on the Internet require no authentication or authorization.

• Authorization is the procedure of permitting someone to do something.

It defines it an approach to check if the user has permission to
use/access a resource or not. It can represent that what data and
information one user can access.
source: https://www.bu.edu/tech/about/security-resources/bestpractice/auth/
https://www.tutorialspoint.com/what-is-authorization-in-information-security
Encryption

• Encryption involves the process of transforming data so that it is

unreadable by anyone who does not have a decryption key.

• The Secure Shell (SSH) and Socket Layer (SSL) protocols are
usually used in encryption processes. The SSL drives the secure part
of “https://” sites used in e-commerce sites (like E-Bay and
Amazon.com.)

• All data in SSL transactions is encrypted between the client (browser)

and the server (web server) before the data is transferred between
the two.
source: https://www.bu.edu/tech/about/security-resources/bestpractice/auth/
Encryption

• All data in SSH sessions is encrypted between the client and

the server when communicating at the shell.

• By encrypting the data exchanged between the client and

server information like social security numbers, credit card
numbers, and home addresses can be sent over the Internet
with less risk of being intercepted during transit.

source: https://www.bu.edu/tech/about/security-resources/bestpractice/auth/
What is Private Key?

• The private key is used in both encryption as well as decryption.

• This key is shared between the sender and receiver of the encrypted
sensitive information.

• The private key is also called "symmetric" because it is shared by both

parties.

• Private key cryptography is faster than public-key cryptography mechanism.

source: https://www.tutorialspoint.com/difference-between-private-key-and-public-key#:~:text=Conclusion,freely%20circulated%20among%20multiple%20users.
What is Public Key?

• Asymmetric cryptography, often known as public-key cryptography, is a

type of encryption that employs pairs of keys.

• A public key (which may be known to everyone) and a private key (which is
known only to the owner) make up each pair.
• Cryptographic techniques based on mathematical problems known as
one-way functions are used to generate such key pairs.
• A private key should be kept secret for effective security; a public key can
be freely circulated without jeopardizing security.

source: https://www.tutorialspoint.com/difference-between-private-key-and-public-key#:~:text=Conclusion,freely%20circulated%20among%20multiple%20users.
What is Public Key?

• In such a system, anybody can encrypt a message using the intended

receiver's public key, but only the receiver's private key can decrypt
the message.
•
• A public-key encryption system's most apparent application is for
encrypting communication to guarantee secrecy – a message that a
sender encrypts using the recipient's public key and can only be
decoded by the recipient's associated private key.

source: https://www.tutorialspoint.com/difference-between-private-key-and-public-key#:~:text=Conclusion,freely%20circulated%20among%20multiple%20users.
Simple encryption scheme
substitution cipher: substituting one thing for another
▪ monoalphabetic cipher: substitute one letter for another

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

e.g.: Plaintext: bob. i love you. alice

ciphertext: nkn. s gktc wky. mgsbc

Encryption key: mapping from set of 26 letters

to set of 26 letters
https://gaia.cs.umass.edu/kurose_ross/ppt.php
The language of cryptography
Alice’s Bob’s
KA encryption KB decryption
key key
plaintext encryption ciphertext decryption plaintext
algorithm algorithm

m: plaintext message
KA(m): ciphertext, encrypted with key KA
m = KB(KA(m))
https://gaia.cs.umass.edu/kurose_ross/ppt.php
Digital Signature
• A digital signature is an electronic, encrypted, stamp of
authentication on digital information such as email messages,
macros, or electronic documents.

• A signature confirms that the information originated from the

signer and has not been altered.

www.pandadoc.com
Digital Signature
• A digital signature is a mathematical scheme for verifying the
authenticity of digital messages or documents.
• A valid digital signature on a message gives a recipient
confidence that the message came from a sender known to the
recipient and that it was not altered/modified in between.
File Sharing
• Back in the pre-cloud days, sharing files involved using file
transfer protocol applications like FTP or else copying files to a
disc and then mailing it or walking it over to a colleague
(affectionately known as ‘sneakernet’).

• Emails could also be sent (and many people still use email as
their main “file-sharing” option), but size limits on attachments
and security concerns discouraged this practice.
File Sharing
• Today’s world of file sharing offers nearly endless options.
• Giants like Dropbox, Box, Google, Microsoft, and Apple, as well as
smaller companies like MediaFire and Tresorit,
• all offer online cloud storage options that include file sharing,
synchronization across multiple devices, and collaboration features.

• Once you have uploaded a file to one of these services, file-sharing

is as easy as clicking a “share” button and then sending the link to a
colleague via email.
• While most offer desktop and mobile applications, users can also
upload, store, sync, and share files via a web browser.
Internet service provider (ISP)
• An Internet service provider (ISP) is an organization that provides
services for accessing, using, managing, or participating in
the Internet.

• ISPs can be organized in various forms, such as

commercial, community-owned, non-profit, or otherwise privately
owned.

• Internet services typically provided by ISPs can include Internet

access, Internet transit, domain name registration, web
hosting, Usenet service, and colocation.
Key Takeaways
• An internet service provider (ISP) is a company that provides web
access to businesses and consumers.
• ISPs may also provide other services such as email services, domain
registration, web hosting, and browser services.
• An ISP is considered to be an information service provider, storage
service provider, internet network service provider (INSP), or a mix of
all of them.
• Internet use has evolved from only those with university or
government accounts having access to nearly everyone having
access, whether it’s paid or free.
• Access has gone from dial-up connections to high-speed broadband
technology.
source: https://www.investopedia.com/terms/i/isp.asp
Server
• A server is a computer program or device that provides a
service to another computer program and its user, also known
as the client.
• In a data center, the physical computer that a server program
runs on is also frequently referred to as a server.
• In computing, a server is a piece of computer hardware or
software that provides functionality for other programs or
devices, called "clients".
• This architecture is called the client–server model.
Gateways
• A gateway is a network node used in telecommunications that
connects two networks with different
transmission protocols together.

• Gateways serve as an entry and exit point for a network as all

data must pass through or communicate with the gateway prior
to being routed.
• In most IP-based networks, the only traffic that does not go
through at least one gateway is traffic flowing among nodes on
the same local area network (LAN) segment.
https://www.techtarget.com/iotagenda/definition/gateway
Phishing Attacks
• Phishing attacks are fraudulent emails, text messages, phone calls or
web sites designed to trick users into
• downloading malware, sharing sensitive information or personal data
(e.g., Social Security and credit card numbers, bank account numbers,
login credentials), or taking other actions that expose themselves or
their organizations to cybercrime.
• Successful phishing attacks often lead to identity theft, credit card
fraud, ransomware attacks, data breaches, and huge financial losses
for individuals and corporations.

https://www.ibm.com/topics/phishing
Phishing Attacks
• Phishing is the most common type of social engineering, the practice
of deceiving, pressuring or manipulating people into sending
information or assets to the wrong people.

• Social engineering attacks rely on human error and pressure tactics for
success.

https://www.ibm.com/topics/phishing
Phishing Attacks
• The attacker typically masquerades as a person or organization the
victim trusts—e.g., a coworker, a boss, a company the victim or
victim’s employer does business with—and creates a sense of urgency
that drives the victim to act rashly.

• Hackers and fraudsters use these tactics because it’s easier and less
expensive to trick people than it is to hack into a computer or network.

https://www.ibm.com/topics/phishing
Spoofing
• Spoofing is a broad term for the type of behavior that involves a
cybercriminal masquerading as a trusted entity or device to get
you to do something beneficial to the hacker — and detrimental
to you.
• Any time an online scammer disguises their identity as
something else, it's spoofing.
• In the context of information security, and especially network
security, a spoofing attack is a situation in which a person or
program successfully identifies as another by falsifying data, to
gain an illegitimate advantage.
Secure Socket Layer (SSL)
• Secure Socket Layer (SSL) provides security to the data that is
transferred between web browser and server.

• SSL encrypts the link between a web server and a browser which
ensures that all data passed between them remain private and free from
attack.

• It provides confidentiality and integrity of the exchanged messages

between the tow parties.
What is an SSL certificate?

• An SSL certificate is a digital certificate that authenticates a

website's identity and enables an encrypted connection.
• SSL stands for Secure Sockets Layer, a security protocol that
creates an encrypted link between a web server and a web
browser.
• It also ensures message integrity.
• Companies and organizations need to add SSL certificates to
their websites to secure online transactions and keep customer
information private and secure.

https://www.kaspersky.com/resource-center/definitions/what
-is-a-ssl-certificate
Certification authority (CA)
• In cryptography, a certification authority (CA) is an entity that stores, signs,
and issues digital certificates.

• A digital certificate certifies the ownership of a public key by the named

subject of the certificate.

• This allows others (relying parties) to rely upon signatures or on assertions

made about the private key that corresponds to the certified public key.

• A CA acts as a trusted third party—trusted both by the subject [1]

(owner) of
the certificate and by the party relying upon the certificate.
•

https://en.wikipedia.org/wiki/Certificate_authority
Certification authority (CA)
• One particularly common use for certificate authorities is to sign
certificates used in HTTPS, the secure browsing protocol for the
World Wide Web.
• Another common use is in issuing identity cards by national
governments for use in electronically signing documents.
Public key Certification Authorities (CA)
▪ certification authority (CA): binds public key to particular entity, E
▪ entity (person, website, router) registers its public key with CE
provides “proof of identity” to CA
• CA creates certificate binding identity E to E’s public key
• certificate containing E’s public key digitally signed by CA: CA says “this is E’s
public key”

Bob’s digital
public + signature +
key KB (encrypt) KB

CA’s
Bob’s
private
K
- certificate for Bob’s
key
identifying
CA public key, signed by CA
information

https://gaia.cs.umass.edu/kurose_ross/ppt.php
Public key Certification Authorities (CA)
▪ when Alice wants Bob’s public key:
• gets Bob’s certificate (Bob or elsewhere)
• apply CA’s public key to Bob’s certificate, get Bob’s public key

+
digital Bob’s
KB signature + public
(decrypt) KB key

CA’s
public +
key KCA

https://gaia.cs.umass.edu/kurose_ross/ppt.php