Basic Knowledge - Malware and Software Vulnerability Analysis - Lecture Slides, Slides of Software Engineering

During the last semester of our degree program, we study Malware and Software Vulnerability Analysis. These lecture slides are very informative for me. The major points which are core of course are:Basic Knowledge, Computer Network Security, Malware and Software, Vulnerability Analysis, Students, Basic Cryptography, Important, Software Security, Learning Malware, Friends and Enemies

Typology: Slides

2012/2013

Uploaded on 04/25/2013

ayushmati
ayushmati šŸ‡®šŸ‡³

4.4

(130)

159 documents

1 / 45

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Malware and Software Vulnerability Analysis
Basic Knowledge on Computer Network Security
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d

Partial preview of the text

Download Basic Knowledge - Malware and Software Vulnerability Analysis - Lecture Slides and more Slides Software Engineering in PDF only on Docsity!

Malware and Software Vulnerability Analysis

Basic Knowledge on Computer Network Security

Why This Introduction?

• Some students may have no knowledge of

basic cryptography and basic network security

  • Such knowledge is important
  • Such knowledge is necessary for continuing

learning malware and software security

Who might Bob, Alice be?

• Web client/server (e.g., on-line purchases)

• DNS servers

• routers exchanging routing table updates

• Two computers in peer-to-peer networks

• Wireless laptop and wireless access point

• Cell phone and cell tower

• Cell phone and bluetooth earphone

• RFID tag and reader

There are bad guys (and girls) out there!

Q: What can a ā€œbad guyā€ do?

A: a lot!

  • eavesdrop: intercept messages
  • actively insert messages into connection
  • impersonation: can fake (spoof) source address

in packet (or any field in packet)

  • hijacking: ā€œtake overā€ ongoing connection by

removing sender or receiver, inserting himself

in place

  • denial of service : prevent service from being

used by others (e.g., by overloading resources)

Classical Cryptography

• Transposition Cipher

• Substitution Cipher

  • Simple substitution cipher (Caesar cipher)
  • Vigenere cipher
  • One-time pad

Transposition Cipher: rail fence

• Write plaintext in two rows in column order

• Generate ciphertext in row order

• Example: ā€œHELLOWORLDā€

HLOOL

ELWRD

ciphertext: HLOOLELWRD

Problem: does not affect the frequency of individual

symbols

Problem of simple substitution cipher

  • The key space for the English Alphabet is very

large: 26!ā‰ˆ 4 x 10^26

  • However:
    • Previous example has a key with only 26 possible

values

  • English texts have statistical structure:
    • the letter ā€œeā€ is the most used letter. Hence, if one performs a frequency count on the ciphers, then the most frequent letter can be assumed to be ā€œeā€

Distribution of Letters in English

Frequency analysis

Problem of Vigenere Cipher

  • Vigenere is easy to break (Kasiski, 1863):
  • Assume we know the length of the key. We can organize the ciphertext in rows with the same length of the key. Then, every column can be seen as encrypted using Caesar's cipher.
  • The length of the key can be found using several methods:
      1. If short, try 1, 2, 3,....
      1. Find repeated strings in the ciphertext. Their distance is expected to be a multiple of the length. Compute the gcd of (most) distances.
      1. Use the index of coincidence.

One-time Pad

• Extended from Vigenere cipher

• Key is as long as the plaintext

• Key string is random chosen

  • Pro: Proven to be ā€œperfect secureā€
  • Cons:
    • How to generate Key?
    • How to let bob/alice share the same key pad?
  • Code book

Symmetric key crypto: DES

DES: Data Encryption Standard

  • US encryption standard [NIST 1993]
  • 56-bit symmetric key, 64-bit plaintext input
  • How secure is DES?
    • DES Challenge: 56-bit-key-encrypted phrase

(ā€œStrong cryptography makes the world a safer

placeā€) decrypted (brute force) in 4 months

  • no known ā€œbackdoorā€ decryption approach
  • making DES more secure (3DES):
  • use three keys sequentially on each datum
  • use cipher-block chaining

Symmetric key crypto: DES

initial permutation

16 identical ā€œroundsā€ of function application, each using different 48 bits of key

final permutation

DES operation

Block Cipher

  • one pass through: one input bit affects eight output bits

64-bit input

T (^1)

8bits

8 bits

8bits

8 bits

8bits

8 bits

8bits

8 bits

8bits

8 bits

8bits

8 bits

8bits

8 bits

8bits

8 bits

64-bit scrambler

64-bit output

loop for n rounds (^) T 2

T 3 T 4

T T 5 6 T 7

T 8

 multiple passes: each input bit affects most output bits

 block ciphers: DES, 3DES, AES

Cipher Block Chaining

  • cipher block: if input block repeated, will produce same cipher text:

t=1 m(1)^ = ā€œHTTP/1.1ā€^ block cipher

c(1) = ā€œk329aM02ā€

…

 cipher block chaining:

XOR ith input block, m(i), with previous block of cipher text, c(i-1)  c(0) transmitted to receiver in clear  what happens in ā€œHTTP/1.1ā€ scenario from above?

+

m(i)

c(i)

t=17 m(17)^ = ā€œHTTP/1.1ā€^ block cipher

c(17) = ā€œk329aM02ā€

block cipher

c(i-1)