Chapter One

Introduction to Computer Security

Contents
 Basic concepts of computer security
 Threats, vulnerabilities, controls, risk
 Goals of computer security
 Security attack
 Security policies and mechanisms
 Prevention, detection, and deterrence
 Software security assurance
 What is Security?
 In general, security is “the quality or state of being
secure—to be free from danger.”
 In other words, protection against adversaries—from
those who would do harm, intentionally or otherwise—is
the objective.
 National security, for example, is a multilayered system
that protects the sovereignty of a state, its assets, its
resources, and its people.

compiled by: Gizachew M.(MSc in CS)

 What is computer security?
 It is the protection of the items you value, called the assets
of a computer or computer system. There are many types of
assets, involving hardware, software, data, people,
processes, or combinations of these. To determine what to
protect, we must first identify what has value and to whom.
 It is the protection of computer systems and information
from harm, theft, and unauthorized use.
 It is the process of preventing and detecting unauthorized
use of your computer system.
 It is the protection of computing systems and the data that
they store or access.
 The protection afforded to an automated information system
in order to attain the applicable objectives of preserving the
integrity, availability, and confidentiality of information
system resources (includes hardware, software, firmware,
information/data, and telecommunications).
compiled by: Gizachew M.(MSc in CS)
 Computer Security terms
• Threat – Set of circumstances that has the potential to cause
loss or harm. Or a potential violation of security. It is a new or
newly discovered incident that has the potential to harm a
system or your company overall.
• Vulnerability – Weakness in the system that could be exploited
to cause loss or harm, or to cross
privilege boundaries within a computer system.
• Attack – When an entity exploits a vulnerability on system.
It is an intentional or unintentional act that can cause damage to or
otherwise compromise information and/or the systems that
support it.
• Control – A means to prevent a vulnerability from being
exploited. Or safeguards or countermeasures to avoid, detect,
counteract, or minimize security risks to computer systems, or
other assets.
• Risks- is defined as the potential for loss or damage when a
threat exploits a vulnerability. Or The probability that something
unwanted will happen.
compiled by: Gizachew M.(MSc in CS)
Cont…
 Cryptography is the science of using mathematics to encrypt
and decrypt data. Or the art and science of keeping messages
secure.
 Plaintext- a message in clear text form.
 Cipher text- a message in encrypted form (hidden/unreadable
form)
 cryptanalysis is the science of analyzing and breaking secure
communication.

compiled by: Gizachew M.(MSc in CS)

Cont…
 Computer Security
Generic name for the collection of tools designed to protect
data and to thwart hackers
 Network Security
Measures to protect data during their transmission
 Internet Security
Measures to protect data during their transmission over a
collection of interconnected networks.

compiled by: Gizachew M.(MSc in CS)

compiled by: Gizachew M.(MSc in CS)
Goals of Computer Security

Three key objectives that are at the heart of computer security:

 Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is
not made available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information
related to them may be collected and stored and by whom and to whom
that information may be disclosed.
 Integrity: This term covers two related concepts:
Data integrity: Assures that information and programs are changed
only in a specified and authorized manner.
System integrity: Assures that a system performs its intended function
in an unimpaired manner, free from deliberate or inadvertent
unauthorized manipulation of the system.
 Availability: Assures that systems work promptly and service is not
denied to authorized users.
These three concepts form what is often referred to as the CIA triad.

compiled by: Gizachew M.(MSc in CS)

compiled by: Gizachew M.(MSc in CS)
compiled by: Gizachew M.(MSc in CS)
 Security attacks
 A human who exploits a vulnerability perpetrates an attack on the
system.

 An attack can also be launched by another system, as when one

system sends an overwhelming set of messages to another, virtually
shutting down the second system's ability to function.

 Unfortunately, we have seen this type of attack frequently, as denial-

of-service attacks flood servers with more messages than they can
handle.

compiled by: Gizachew M.(MSc in CS)

 Security Attacks:
The three goals of security –confidentiality, integrity, and availability –can be
threatened by security attacks. Security attacks can be divided into three groups
related to the security goals:
i. Attacks threatening Confidentiality: In general, two types of attacks
threaten the confidentiality of information:
--snooping
--traffic analysis
Snooping: Snooping refers to unauthorized access to or interception of data. For
example, a file transferred through the internet may contain confidential
information. An unauthorized entity may intercept the transmission and use the
contents for his own benefit.
Traffic Analysis: An unauthorized entity can obtain some other type information
by monitoring online traffic. For example, he can find the email id of the sender
or the receiver. He can collect pairs of request and response to help him guess the
nature of transaction.

compiled by: Gizachew M.(MSc in CS)

 Security attacks
ii. Attacks threatening Integrity
The integrity of data can be threatened by several kinds of attacks: modification, masquerading ,
replaying and repudiation.
Modification
After intercepting or accessing information, the attacker modifies the information to make it
beneficial to himself. For example, a customer sends a message to a bank to do some
transaction. The attacker intercepts the message and changes the type of transaction to benefit
him.
Masquerading
Masquerading, or spoofing , happens when the attacker impersonates somebody else,. For example,
the attacker might steal the bank card and PIN of a customer and pretend that he is that customer.
Replaying:
The attacker obtains a copy of a message sent by the user and later tries to reply it. For example, a
person sends a request to his bank to ask for payment to the attacker who has done job for him.
The attacker intercepts the message and sends it again to receive another payment from the bank.
Repudiation.
It is performed by one of the parties in the communication: the sender or the receiver. The sender of
the message might later deny that he has sent the message; the receiver of the message might
later deny that he has received the massage.

compiled by: Gizachew M.(MSc in CS)

 Security attacks
iii. Attacks threatening Availability:
We mention only one attack threatening availability: denial of
service
denial of service: It is a common attack, which may slow down
or totally interrupt the service of a system.
The attacker can use several strategies to achieve this. He may
send so many bogus requests to a server that the server crushes
because of heavy load.
The attacker may intercept and delete a server’s response to a
client, making the client believe that the server is not
responding

compiled by: Gizachew M.(MSc in CS)

 Security attacks
A security attacks, can be classified as passive attacks and active attacks.
i. Passive Attacks
In a passive attack, the attacker’s goal is just to obtain information. In this
case, the attacker does not modify data or harm the system. Here, the
system continues to be safe, but the attack may harm the sender or the
receiver of the message.
Attacks that threatens confidentiality –snooping and traffic analysis-
are passive attacks.
It is difficult to detect this type of attack until the sender or receiver finds
out about the leaking of confidential information.

compiled by: Gizachew M.(MSc in CS)

 Security attacks
ii. Active Attacks

An active attack may change the data and harm the system.
Attacks that threatens the integrity and availability are
active attacks . Active attacks are normally easier to detect
than to prevent, because an attacker can launch them in a
variety of ways.

compiled by: Gizachew M.(MSc in CS)

 Common Security Threats
This section identifies the more common threats to the information security of a
secured Communications and for each threat includes a link to the features,
technologies, and procedures that mitigate the threat.
Compromised-key attack: A compromised-key attack occurs when the attacker
determines the key, which is a secret code or number used to encrypt,
decrypt, or validate secret information. This key corresponds to the
certificate associated with the server. When the attacker is successful in
determining the key, the attacker uses the key to decrypt encrypted data
without the knowledge of the sender of the data.
Network Denial-of-Service Attack
The denial-of-service attack occurs when the attacker prevents normal network
use and function by valid users. By using a denial-of-service attack, the
attacker can:
Send invalid data to applications and services running in the attacked network
to disrupt their normal function.
Send a large amount of traffic, overloading the system until it stops responding
or responds slowly to legitimate requests.
Hide the evidence of the attacks.
Prevent users from accessing network resources.
compiled by: Gizachew M.(MSc in CS)
 Common Security Threats
Eavesdropping
Eavesdropping can occur when an attacker gains access to the data path in a
network and has the ability to monitor and read the traffic. This is also
called sniffing or snooping. If the traffic is in plain text, the attacker is
able to read the traffic when the attacker gains access to the path. An
example is an attack by controlling a router on the data path.
Identity Spoofing (IP Address Spoofing)
Spoofing occurs when the attacker determines and uses an IP address of a
network, computer, or network component when not authorized to do
so. A successful attack allows the attacker to operate as if the attacker is
the entity normally identified by the IP address.

compiled by: Gizachew M.(MSc in CS)

 Common Security Threats
Man-in-the-Middle Attack
A man-in-the-middle attack occurs when an attacker reroutes
communication between two users through the attacker's computer
without the knowledge of the two communicating users. The attacker can
monitor and read the traffic before sending it on to the intended
recipient. Each user in the communication unknowingly sends traffic to
and receives traffic from the attacker, all while thinking they are
communicating only with the intended user. This can happen if an
attacker can modify Active Directory to add his or her server as a trusted
server or modify DNS to get clients to connect through the attacker on
their way to the server. A man-in-the-middle attack can also occur with
media traffic between two clients, except that in Office Communications
Server 2007 point-to-point media streams are encrypted with SRTP, using
cryptographic keys that are negotiated between the peers using Session
Initiation Protocol (SIP) over TLS.

compiled by: Gizachew M.(MSc in CS)

 Common Security Threats
RTP Replay Attack: A replay attack occurs when a valid media transmission
between two parties is intercepted and retransmitted for malicious
purposes. SRTP used in connection with a secure signaling protocol
protects transmissions from replay attacks by enabling the receiver to
maintain an index of already received RTP packets and compare each new
packet with those already listed in the index.
SPIM: SPIM is unsolicited commercial instant messages, or presence
subscription requests. While not by itself a compromise of the network, it
is annoying in the least, can reduce resource availability and production,
and can possibly lead to a compromise of the network. An example of this
is users "spimming" each other by sending requests. Users can block each
other to prevent this, but with federation, if a coordinated spam attack is
established, this can be difficult to overcome unless you disable federation
for the partner.

compiled by: Gizachew M.(MSc in CS)

 Computer Security Threats
Viruses and Worms: A virus is a unit of code whose purpose is to reproduce
additional, similar code units. To work, a virus needs a host, such as a file,
e-mail, or program. Like a virus, a worm is a unit of code that is coded to
reproduce additional, similar code units, but that unlike a virus does not
need a host. This primarily shows up during file transfers between clients
or when URLs are sent from other users. If a virus is on your computer, it
can, for example, use your identity and send instant messages) on your
behalf.

compiled by: Gizachew M.(MSc in CS)

 Security Services and Mechanism:

The International Telecommunication Union –Telecommunication

Standardization Sector(ITU-T) provides some security services and some
mechanisms to implement those services.
Security Services:
ITU-T has defined five services relating to the security goals and attacks:
i. Data Confidentiality: This service is designed to protect data from disclosed attacks.
The services encompasses confidentiality of the whole message or part of a message
and also protection against traffic analysis. It is designed to protect against snooping
and traffic analysis attack .
ii. Data Integrity: this is designed to protect the data from modification , insertion,
deletion, and replaying by an adversary, It may protect the whole message or the part of
the message.
iii. Authentication: This service provides the authentication of the party at the other end
of the line. In connection-oriented communication, it provides authentication of the
sender or receiver during the connection establishment. In connectionless
communication, it authenticates the source of the data.
iv. Nonrepudiation: This service protects against repudiation by either the sender or the
receiver of the data. In non repudiation with proof of the origin, the receiver of the
data can later prove the identity of the sender if denied. . In non repudiation with proof
of the delivery, the sender of the data can later prove that data were delivered to the
intended recipient
compiled by: Gizachew M.(MSc in CS)
 Security Services and Mechanism:

v. Access Control:
This service provides protection against unauthorized access to data. The
term access in this definition is very broad and can involve reading,
writing, modifying, executing programs and so on.

compiled by: Gizachew M.(MSc in CS)

 Security Services and Mechanism:
Security Mechanism:
ITU-I also recommends some security mechanism to provide the security services. These
are:
Encipherment: Encipherment, hiding or covering data , can provide confidentiality. It
can also be used to complement other mechanisms to provide other services.
Today, two techniques-cryptography and steganography - are used for enciphering.
Data Integrity: This mechanism appends to the data a short check value that has been
created by a specific process from the data itself. The receiver receives the data and the
check value. He creates a new check value from the received data and compares the
newly created check value with the ones received. If the check values are same, the
integrity of data has been preserved.

compiled by: Gizachew M.(MSc in CS)

 Security Services and Mechanism
Digital signature:
This is a means by which the sender can electronically sign the data and the receiver can
electronically verify the signature. The sender uses a process that involves showing
that he owns a private key related to the public key that he has announced publicly.
The receiver uses the sender’s public key to prove that the message is indeed signed by
the sender who claims to have sent the message.
Authentication Exchange:
In this, two entities exchange some messages to prove their identity to each other. For
example, one entity can prove that he knows a secret that only he is supposed to
know.
Traffic Padding:
This means inserting some bogus data into the data traffic to thwart adversary’s attempt
to use the traffic analysis.

compiled by: Gizachew M.(MSc in CS)

 Security Services and Mechanism
Routing Control:
This means selecting and continuously changing different available routes between the
sender and the receiver to prevent the opponent from eavesdropping on a particular
route.
Notarization:
This means selecting a third trusted party to control the communication between two
entities. This can be done to prevent repudiation . The receiver can involve a trusted
party to store the sender request in order to prevent the sender from later denying
that he has made such a request.
Access Control:
This uses methods to prove that a user has access right to the data or resources owned
by a system. Examples of proofs are passwords and PINS

compiled by: Gizachew M.(MSc in CS)

 Security Technique
Security mechanism are only the theoretical recipes to implement security. The
actual implementation of security goals needs some techniques. Two
techniques are prevalent today:
i. Cryptography
ii. Steganography
Cryptography: Some security mechanism can be implemented using
cryptography. Today cryptography is defined as involving three distinct
mechanisms which are considered as the basic types of cryptosystems:
a. Symmetric-key encipherment or secret key encipherment or secret key
cryptography
b. Asymmetric-key encipherment or public key encipherment or public key
cryptography
c. Hashing
a. In symmetric-key encipherment,
--an entity can send a message to another entity over an insure channel with
the assumption that an adversary can not understand the content by
simply eavesdropping over the channel.
--The sender encrypts the message using an encryption algorithm. The
receiver decrypts the message using an decryption algorithm.

compiled by: Gizachew M.(MSc in CS)

 Security Technique
--a single secret key is used for both encryption and decryption.
--the sender puts a message in a box and locks the box using a shared key; the
receiver unlocks the box with the same key and takes out the message.

--Common symmetric key encryption algorithms include DES (the Data

Encryption Standard) and AES (the Advanced Encryption Standard).
b. In asymmetric-key encipherment,
-- we have the same situation as the symmetric-key encipherment with the
following exceptions,
--first there are two key instead of one: one public key and the other private key.
--to send a secure message to the receiver , the sender first encrypts the message by
using the receiver ‘s public key.
--to decrypt the message, the receiver uses his own private key.
--Common asymmetric key encryption algorithms include RSA algorithm and
Diffie-Hellman Key Exchange.
--Other one-way functions used for asymmetric cryptography include factoring
large numbers and elliptic curves.

compiled by: Gizachew M.(MSc in CS)

 Security Technique
c. In hashing,
-- a fixed length message digest is created out of variable-length message.
-- the digest is normally much smaller than the message.
--both the message and the digest must be sent to the receiver.
--The most popular hash functions are MD5 (Message Digest 5), which uses 128 bits
and SHA1 (Secure Hash Algorithm 1), which uses 160 bits.

ii. Steganography
The word Steganography with origin in Greek, means ‘covered writing ’ in contrast
with cryptography which means “secret writing”.
Cryptography means concealing the content of a message by enciphering;
steganography means concealing the message itself by covering it with
something else.
Our discussion is mostly about cryptography, not the steganography.

compiled by: Gizachew M.(MSc in CS)

 3 Aspects of Info Security

 Security Attack
 Any action that compromises the security of
information.
 Security Mechanism
 A mechanism that is designed to detect, prevent, or
recover from a security attack.
 Security Service
 A service that enhances the security of data
processing systems and information transfers.
 Makes use of one or more security mechanisms.

compiled by: Gizachew M.(MSc in CS)

System security threats
 Interruption: This is an attack on availability/an
asset becomes lost, unavailable, or unusable
 Interception: This is an attack on
confidentiality/an unauthorized party (human or
not) gains access to an asset
 Modification: This is an attack on
integrity/ an unauthorized party changes the state of
an asset
 Fabrication: This is an attack on authenticity/an
unauthorized party counterfeits an asset

compiled by: Gizachew M.(MSc in CS)

 Security threats: Four Acts to Cause Security Harm

compiled by: Gizachew M.(MSc in CS)

 Vulnerabilities
 A vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to
cross privilege boundaries (i.e. perform unauthorized actions) within a computer system.
 Vulnerabilities are classified according to the asset class they are related to:-
 Hardware:- Susceptibility to humidity/dust ; Unprotected storage;
Over-heating.
 Software:- Insufficient testing; insecure coding; lack of audit trail;
Design flaw.
 Network:- Unprotected communication lines; Insecure network
architecture.
 Personnel:- Inadequate recruiting process; Inadequate security
awareness; insider threat
 Physical site:- Area subject to natural disasters (e.g. flood,
earthquake); interruption to power source
 Organizational:- Lack of regular audits; lack of continuity plans;

compiled by: Gizachew M.(MSc in CS)

 Threats
 A threat is a potential negative action or event facilitated by a
vulnerability that results in an unwanted impact to a computer system or
application.
 Any circumstance or event with the potential to adversely impact an IS through
unauthorized access, destruction, disclosure, modification of data, and/or denial of
service.
 A countermeasure is any step you take to ward off a threat to protect
user, data, or computer from harm.
 Various Security threats:-
 Users:- Identity Theft; Loss of Privacy; Exposure to Spam; Physical
Injuries.
 Hardware:- Power-related problems; theft; vandalism; and natural
disasters.
 Data:- Malwares; Hacking; Cybercrime; and Cyber-terrorism.
compiled by: Gizachew M.(MSc in CS)
COMPUTER SECURITY STRATEGY
Security strategy involves three aspects:
 Specification/policy: What is the security scheme supposed to
do?
 Implementation/mechanisms: How does it do it?
 Correctness/assurance: Does it really work?

compiled by: Gizachew M.(MSc in CS)

Security Policy
 The first step in devising security services and mechanisms is to
develop a security policy.
 A security policy is an informal description of desired system
behavior.
 Such informal policies may reference requirements for security,
integrity, and availability.
 is a formal statement of rules and practices that specify or regulate
how a system or organization provides security services to protect
sensitive and critical system resources .

compiled by: Gizachew M.(MSc in CS)

 In developing a security policy, a security manager needs to
consider the following factors:
 The value of the assets being protected
 The vulnerabilities of the system
 Potential threats and the likelihood of attacks

compiled by: Gizachew M.(MSc in CS)

Security Implementation/mechanism
Security implementation involves four complementary courses of
action:
 Prevention: An ideal security scheme is one in which no attack is
successful.
 Although this is not practical in all cases, there is a wide range of
threats in which prevention is a reasonable goal.
 For example, consider the transmission of encrypted data. If a secure
encryption algorithm is used, and if measures are in place to prevent
unauthorized access to encryption keys, then attacks on confidentiality
of the transmitted data will be prevented.
compiled by: Gizachew M.(MSc in CS)
 Detection: In a number of cases, absolute protection is not
feasible, but it is practical to detect security attacks.
 For example, there are intrusion detection systems designed
to detect the presence of unauthorized individuals logged onto a
system.
 Another example is detection of a denial of service attack, in
which communications or processing resources are consumed so
that they are unavailable to legitimate users

compiled by: Gizachew M.(MSc in CS)

 Response: If security mechanisms detect an ongoing attack, such
as a denial of service attack, the system may be able to respond in
such a way as to halt the attack and prevent further damage.
 Recovery: An example of recovery is the use of backup systems,
so that if data integrity is compromised, a prior, correct copy of
the data can be reloaded.

compiled by: Gizachew M.(MSc in CS)

Assurance and Evaluation
 assurance is the degree of confidence one has that the security
measures, both technical and operational, work as intended to
protect the system and the information it processes.
 This encompasses both system design and system
implementation.
 Thus, assurance deals with the questions, “Does the security system
design meet its requirements?” and “Does the security system
implementation meet its specifications?”

compiled by: Gizachew M.(MSc in CS)

Evaluation
is the process of examining a computer product or system with
respect to certain criteria.
 Evaluation involves testing and may also involve formal analytic
or mathematical techniques.
 The central thrust of work in this area is the development of
evaluation criteria that can be applied to any security system
(encompassing security services and mechanisms) and that are
broadly supported for making product comparisons.

compiled by: Gizachew M.(MSc in CS)

 Methods of Defense
 To protect against harm, then, we can neutralize the threat, close the
vulnerability, or both.
 The possibility for harm to occur is called risk.
 We can deal with harm in several ways.

We can seek to
 prevent it, by blocking the attack or closing the vulnerability
 deter it, by making the attack harder but not impossible
 deflect it, by making another target more attractive (or this one less so)
 detect it, either as it happens or some time after the fact
 recover from its effects

compiled by: Gizachew M.(MSc in CS)

Defence of computer systems
 Remember we may want to protect any of our assets
 Hardware, software, data
 Many ways to do this; for example:
 Cryptography
 Protecting data by making it unreadable to an attacker
 Authenticating users with digital signatures
 Authenticating transactions with cryptographic protocols
 Ensuring the integrity of stored data
 Aid customers' privacy by having their personal information
automatically become unreadable after a certain length of time

compiled by: Gizachew M.(MSc in CS)

Defence of computer systems
 Software controls
 Passwords and other forms of access control
 Operating systems separate users' actions from each other
 Virus scanners watch for some kinds of malware
 Development controls enforce quality measures on the original
source code
 Personal firewalls that run on your desktop

compiled by: Gizachew M.(MSc in CS)

Defence of computer systems
 Hardware controls
 (Not usually protection of the hardware itself, but rather using
separate hardware to protect the system as a whole.)‫‏‬
 Fingerprint readers
 Smart tokens
 Firewalls
 Intrusion detection systems

compiled by: Gizachew M.(MSc in CS)

Defence of computer systems
 Physical controls
 Protection of the hardware itself, as well as physical access to the
console, storage media, etc.
 Locks
 Guards
 Off-site backups
 Don't put your data centre on a fault line in California

compiled by: Gizachew M.(MSc in CS)

Defence of computer systems
 Policies and procedures
 Non-technical means can be used to protect against some classes of
attack
 If an employee connects his own Wi-fi access point to the internal
company network, that can accidentally open the network to outside
attack.
 So don't allow the employee to do that!
 Rules about changing passwords
 Training in best security practices

compiled by: Gizachew M.(MSc in CS)

compiled by: Gizachew M.(MSc in CS)
compiled by: Gizachew M.(MSc in CS)
Security mechanism

compiled by: Gizachew M.(MSc in CS)