introduction to cybersecurity
play

Introduction to Cybersecurity Prof. Dr. Michael Backes Director, - PowerPoint PPT Presentation

Oct 08, 2023 •210 likes •929 views

Introduction to Cybersecurity Prof. Dr. Michael Backes Director, CISPA Center for IT Security, Privacy, and Accountability Chair for IT-security & Cryptography Organisation Course Registration / Course Number (97380) - Register both

  1. Introduction to Cybersecurity Prof. Dr. Michael Backes Director, CISPA – Center for IT Security, Privacy, and Accountability Chair for IT-security & Cryptography

  2. Organisation  Course Registration / Course Number (97380) - Register both in L:admin and in HISPOS (links on the course website) - Deadline for registration in L:admin: Monday 07 November 2016, 23:59  Lectures: When and where? - Friday 14:00-16:00 - Building E2 2, Günter-Hotz-Hörsaal  Tutorials: - 6 Tutorials - more information on the course website  Tutorial assignment on Wednesday, 09 Nov 2015 (after registration deadline) Foundations of Cybersecurity 2016 1

  3. Organisation  Tutors’ office hour for general questions & advice: - Tuesday 13:00-14:00 - Room TBA (see course website) - Starting Tuesday, 08 November 2015  Course website: https://infsec.cs.uni-saarland.de/index.php%3Fp=1758.html  Lecture notes / references will be published on website after each lecture  Mailing list for discussions: cysec16@mail-infsec.cs.uni-saarland.de Foundations of Cybersecurity 2016 2

  4. Organisation  Teaching assistants Oliver Schranz System Security, Web Security Praveen Manoharan Cryptography, Privacy, Theory Foundations of Cybersecurity 2016 3

  5. Organisation  Prerequisites: - Mathematical / logical understanding - Should attend Programmierung 1 in parallel, or have attended in the past - Should attend MfI 1 in parallel, or have attended in the past  Homeworks: - Theoretical exercises alone; practical projects may be groups of 2 people - Given out at the lecture in written form - To be handed in before the start of the resp. lecture (typically by email) - Email to: cysec16-submissions@mail-infsec.cs.uni-saarland.de  For some practical projects, you will need CIP pool accounts! - Make sure your solutions work on these machines - Subscribe for an account by filling out registration form that we hand out Foundations of Cybersecurity 2016 4

  6. Organization  Exam - Thursday, 23.02.17, 09:00-12:00 - E2 2, Günter-Hotz-Hörsaal + E1 3, HS002  Requirements for passing the course - To attend exam, must achieve • 50% in theoretical exercises and • 50% in practical projects - To pass the course, must achieve 50% in exam  Grading: - 60% from exam, 20% from theoretical exercises, 20% from practical projects Foundations of Cybersecurity 2016 5

  7. Structure of this lecture  This lecture consists of five parts (“chapters”) 1. Basics of System Security 2. Basics of Web Security 3. Basics of Cryptography 4. Basics of Data Privacy 5. Basics of Formal Methods in Security  Today’s lecture: General introduction to Cybersecurity and historical cryptography Foundations of Cybersecurity 2016 6

  8. Why Cyber attacks? Foundations of Cybersecurity 2016 7

  9. Hackers prior to 2003  Profile: - Male - Between 14 and 34 years of age - Computer addicted - No permanent girlfriend No commercial Interest Source: Raimund Genes Foundations of Cybersecurity 2016 8

  10. Hackers after 2003 - Commercialization Option 1 : bug bounty programs (many)  Google Vulnerability Reward Program: up to 20K $ - For Chrome exploits even up to 50K $  Microsoft Bounty Program: up to 100K $ - For Browser exploits up to 100K $ and for novel browser defenses up to 50k $  Mozilla Bug Bounty program: 500$ - 3000$  Pwn2Own competition: 15K $  Zero Day Initiative, Verisign iDefense: 2K – 25K $ - ZDI even has a ‘rewards program’ similar to a ‘frequent flyer program’ Foundations of Cybersecurity 2016 9

  11. Hackers after 2003 - Commercialization Option 2 : Black/Grey Market - What did a Mozilla zero-day exploit in 2007 buy you? • $500: A Playstation 4 - What did an Adobe Reader zero-day exploit in 2012 buy you? • $5,000 - $30,000: Extreme gaming PC Yoyotech’s XDNA Aurum 24K - What did an iOS zero-day exploit in 2012 buy you? • $100,000 - $250,000: 2014 Lamborghini Gallardo Foundations of Cybersecurity 2016 10

  12. Hackers after 2003 - Commercialization Option 2 : Black/Grey market Source: Rand Corp., National Security Research Division. Markets for Cybercrime Tools and Stolen Data: Hackers ’ Bazaar Foundations of Cybersecurity 2016 11

  13. Marketplace for Owned Machines spam Pay-per-install (PPI) services Clients keylogger bot PPI operation: 1. Own victim’s machine 2. Download and install client’s code PPI service 3. Charge client Cost: US - 100-180$ / 1000 machines Asia - 7-8$ / 1000 machines Victims Source: Caballero et al. (www.icir.org/vern/papers/ppi-usesec11.pdf) Foundations of Cybersecurity 2016 12

  14. Tracking vulnerability disclosures  CVSS Base Score composed from different factors such as: Access Vector - - Access Complexity - Confidentiality Impact - Integrity Impact  Higher score  Higher security impact Source: http://www.cvedetails.com/cvss-score-distribution.php ; 04/09/2014 Cumulative Disclosures 1988-2014 80.000 Source: http://web.nvd.nist.gov/view/vuln/statistics-results?adv_search=true&cves=on 60.000 40.000 20.000 0 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Foundations of Cybersecurity 2016 13

  15. CVSS Score Distribution For Top 30 Products By Total Number Of "Distinct" Vulnerabilities Source: http://www.cvedetails.com/top-50-product-cvssscore-distribution.php Foundations of Cybersecurity 2016 14

  16. World’s biggest data breaches Hacked Poor security Inside job Lost/stolen computer Lost/stolen media Accidentally published All Source: http://www.informationisbeautiful.net/ visualizations/worlds-biggest-data- breaches-hacks/ Foundations of Cybersecurity 2016 15

  17. What is Cybersecurity? What needs to be secured? Foundations of Cybersecurity 2016 16

  18. Attacking the software – slot machines  Developer of the software modifies the code  If a sequence of 10, 5, 25, 10, 5,… cent coins is inserted, the machine gives out the jackpot.  He was caught because he was greedy. Foundations of Cybersecurity 2016 17

  19. Attacking the software – horse races  Developer of the software modifies the code  Allows to place a bet after the race is over.  He was caught because he was greedy. Foundations of Cybersecurity 2016 18

  20. What is Cybersecurity? Software OS Foundations of Cybersecurity 2016 20

  21. Hacking Computer via USB Hey, I am a  Virus makes USB key’s firmware keyboard. impersonate a keyboard. OK, so tell me what you are typing.  Stuxnet uses USB keys to attack computers that are not online. Targeting uranium enrichment fabrics in Iran. - Goal: Destroy parts of the fabric Foundations of Cybersecurity 2016 21

  22. New era of mobile phone attacks  Baseband attacks: infiltrate your phone through the airwaves themselves. Completely bypasses operating system and antivirus software to hack directly into the radio processor.  USB attacks: Use a hidden device https://www.usenix.org/conference/woot12/workshop -program/presentation/weinmann packed inside a telephone charger or docking station to casually mining phone for personal data. Steal saved passwords, pictures, and probably deliver some nasty malware for good measure. http://i1227.photobucket.com/albums/ee430/kalsta1 /malicious-usb-charger.jpg Foundations of Cybersecurity 2016 22

  23. What is Cybersecurity? Software OS Hardware Foundations of Cybersecurity 2016 23

  24. Mifare Classic and Crypto  Used a microscope to see which hardware is inside the card  Analyzed 10,000 blocks on the chip  70 different types  Reconstructed random number generation - Had only 16-bit keys: 2 16 = 65.536  Use case of such cards were (!) students’ IDs Foundations of Cybersecurity 2016 24

  25. What is Cybersecurity? Software Crypto OS Hardware Foundations of Cybersecurity 2016 25

  26. Phishing Looks normal... …b ut is not! Foundations of Cybersecurity 2016 26

  27. Social Engineering  Sometimes you just need to ask nicely Foundations of Cybersecurity 2016 27

  28. What is Cybersecurity? User Software Crypto OS Hardware Foundations of Cybersecurity 2016 28

  29. Could Hackers Take Your Car for a Ride?  Attack categories: - Attacks requiring vehicle access : Attackers uses specially crafted CDs or media files (e.g., mp3) that include a Trojan horse to gain control of various automotive systems - Remote attacks: Attacking weaknesses in the baseband GPRS cellular, FM Radio Data System (RDS), SMS infrastructures used in remote- vehicular assistance services, or in Internet- enabled systems [https://www.youtube.com/watch?v=yTBfIrnSDQk]  2015 good year for car hacking - BlackHat 2015: Charlie Miller and Chris Valasek demonstrate how to hack the CAN bus of Jeep via the multimedia system controller’s WiFi interface - W00t’15: Remotely compromising the telematics control unit (TCU) allows arbitrary remote control of the vehicle NCC Group: Use fake digital audio broadcasting - (DAB) station to exploit bug in DAB system of car to seize control of a vehicle's brakes and other critical systems http://upload.wikimedia.org/wikipedia/commons/a/a3/Tesla_ Model_S_digital_panels.jpg Foundations of Cybersecurity 2016 29

Recommend

INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

Section 1 Dr. Bruce Burton California Cybersecurity INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and implications Learn from past attacks Understand the NIST Cybersecurity Framework (CSF) &

368 views • 33 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
Cybersecurity What you need to know Agenda Introduction Kevin Bobroske What is

Cybersecurity What you need to know Agenda Introduction Kevin Bobroske What is

Cybersecurity What you need to know Agenda Introduction Kevin Bobroske What is cybersecurity? Why should I care? What can I do about it? High level cyber framework overview Summary + QA Fun stuff BIO Kevin

546 views • 32 slides
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides
What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal Framework For Cybersecurity Compliance How Are Organizations Getting Hacked Oops, you clicked on the link. Now what? Best Practices and

1.09k views • 36 slides
Introduction to cybersecurity for Generalists James Davenport University of Bath 16 May 2019

Introduction to cybersecurity for Generalists James Davenport University of Bath 16 May 2019

Introduction to cybersecurity for Generalists James Davenport University of Bath 16 May 2019 James Davenport Introduction to cybersecurity for Generalists 1 / 16 CM50209: Security and Integrity Course is 6 ECTS (12 CATS) credits, in Semester

394 views • 16 slides
Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland Chapter Contents Cybersecurity and risk management 1 Cybersecurity and the regulatory 2 environment Cybersecurity and the audit 3 4 Appendix

685 views • 37 slides
Safety in the Cloud An Introduction to Cybersecurity Frank Chen | Spring 2017 Agenda

Safety in the Cloud An Introduction to Cybersecurity Frank Chen | Spring 2017 Agenda

CS 88S Safety in the Cloud An Introduction to Cybersecurity Frank Chen | Spring 2017 Agenda Introductions Icebreaker Activity Administrative Myths & Realities Computers, Networks, Paradigms of Cybersecurity Frank Chen |

1.05k views • 50 slides
KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

7/17/2020 KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing Attacks Malware/Ransomware Hacking Imposter Scams 1 7/17/2020 KACo Cybersecurity Training BEWARE OF Phishing Phishing attacks

248 views • 6 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2018 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

325 views • 18 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2019 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

212 views • 19 slides
ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity Related to Subregional Seminar on Cybersecurity for Information and Communication Networks 21 June 2005 Lima, Peru Christine Sund Christine Sund

921 views • 48 slides
Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel Sofia, Bulgaria Mr. Joaqun Castelln , Operational Director Spanish National Security Department Ms. Anita TIKOS , Desk Officer for International

197 views • 15 slides
EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU Cybersecurity European policy overview e-IRG e-IRG 4 December 2019 Brussels Anni Hellman, Senior Expert, Permanent Representation of Finland to the European Union Seconded for the Finnish Presidency from the Directorate General

320 views • 28 slides
Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical

Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical

Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical Facilities Local Government Schools Law Enforcement Media Outlets The threat and how to think about it Ransomware has rapidly emerged as the most

398 views • 15 slides
MAYASEVENs Hacking Diary Who are we? Nop Phoomthaisong MAYASEVEN Team Cybersecurity

MAYASEVENs Hacking Diary Who are we? Nop Phoomthaisong MAYASEVEN Team Cybersecurity

MAYASEVENs Hacking Diary Who are we? Nop Phoomthaisong MAYASEVEN Team Cybersecurity Consultants, The Cybersecurity Expert Guys Cybersecurity Researcher 2 Agenda 1. Account Takeover via Forgot Password Function 2. Amazon S3

2.36k views • 75 slides
Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive

Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive

Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive Director EY Chair AICPA Trust Information Integrity Task Force Agenda Item 8-D IAASB Meeting, September 21-25, 2015 New York, USA Page 1 Increasing

444 views • 17 slides
CYBERSECURITY Situational awareness Franois Thill, Director Cybersecurity, Ministry of the

CYBERSECURITY Situational awareness Franois Thill, Director Cybersecurity, Ministry of the

CYBERSECURITY Situational awareness Franois Thill, Director Cybersecurity, Ministry of the economy Agenda The actual situation Strategy of the ministry Risk management a common language Some good practice examples 2 The

427 views • 21 slides
Infrastructure Cybersecurity Introduction to Concepts, Language, Policy About me Jack

Infrastructure Cybersecurity Introduction to Concepts, Language, Policy About me Jack

Understanding Critical Infrastructure Cybersecurity Introduction to Concepts, Language, Policy About me Jack Whitsitt | http://twitter.com/sintixerr | jack@energysec.org Broad Background Lived in a little hacker compound as a

850 views • 47 slides
Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado

Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado

Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado Network vs. Internet a network is a system of computers that talk over some communication medium: phone line (analogue modem, DSL), cable,

957 views • 47 slides
CYBERSECURITY @ STEVENS CYBERSECURITY@STEVENS THE WORLD IS A DANGEROUS AND COSTLY PLACE

CYBERSECURITY @ STEVENS CYBERSECURITY@STEVENS THE WORLD IS A DANGEROUS AND COSTLY PLACE

GIUSEPPE ATENIESE FARBER CHAIR AND CS DEPT CHAIR CYBERSECURITY @ STEVENS CYBERSECURITY@STEVENS THE WORLD IS A DANGEROUS AND COSTLY PLACE According to insurance company Lloyds, cyberattacks cost businesses $400 billion a year A

123 views • 9 slides
Managing Cybersecurity & Safety Risk CTO, Industrial Cybersecurity CRO, TV Rheinland 2mc

Managing Cybersecurity & Safety Risk CTO, Industrial Cybersecurity CRO, TV Rheinland 2mc

Nigel Stanley MSc CEng FIET MIEEE Anthony Dickinson BSc MBA Managing Cybersecurity & Safety Risk CTO, Industrial Cybersecurity CRO, TV Rheinland 2mc In the Aluminium Industry nigel.stanley@us.tuv.com adickinson@2mc.co Building Cyber

405 views • 12 slides
Shaping the Future of Cybersecurity Education Is N.I.C.E. NATIONAL INITIATIVE FOR CYBERSECURITY

Shaping the Future of Cybersecurity Education Is N.I.C.E. NATIONAL INITIATIVE FOR CYBERSECURITY

UNCLASSIFIED Shaping the Future of Cybersecurity Education Is N.I.C.E. NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION (NICE) March 2011 UNCLASSIFIED UNCLASSIFIED 60 Day Cyber Review Building Capacity for a Digital Nation Promote

526 views • 14 slides
Economics of Cybersecurity An introduction to economics Ross Anderson The Computer Lab,

Economics of Cybersecurity An introduction to economics Ross Anderson The Computer Lab,

Economics of Cybersecurity An introduction to economics Ross Anderson The Computer Lab, University of Cambridge Economics for engineers To see what makes informa0on markets special, we

253 views • 13 slides

More recommend