Law and Cybersecurity

(06407)

Instructor: Dr. Mohamed Abdelwahab Saleh

March 6, 2025

Lecture 1: Introduction
Section 1

Outline

2 / 18
Contents

Outline

Introduction

Defense

3 / 18
Course Outline

▶ Information Security Management.

▶ Data Security Properties.
▶ Sensitive Data and Privacy.
▶ Human Factors in Security.
▶ Cyber Crime and Cyber Warfare.
▶ National and International Information Security Regulation.
▶ Ethics and Legal Aspects of Software Development.

4 / 18
Course information

▶ Evaluation:
Assignments + Quizzes: 20% Project: 10%
Mid-term: 20% Final: 50%

▶ Schedule:
Day Time Location
Monday 8:30-10:10 402

5 / 18
Books

▶ A variety of cyber security laws and regulations.

▶ E. Amoroso and M. Amoroso. “From CIA to APT: An
Introduction to Cyber Security”. Independently published.
▶ W. Stallings. “Cryptography And Network Security”, 7th
Edition. Pearson Education.

6 / 18
 Section 2

Introduction

7 / 18
The Big Picture

Node A

▶ What sort of attacks? Security

services
▶ What security services?
▶ How to implement the services? Attackers
Attacks rely on the capabilities of the
intruder, so to investigate the attacks, Trusted servers
we must model the intruder.
Knowing the attacks, we can defend Security
the network against them. services

Node B

8 / 18
What Can the Attacker Do? – Attacker Model
The attacker is the network, i.e., all network nodes exist in a
hostile environment. The following is assumed:
1. The attacker monitors all network messages
(eavesdropping).
2. The attacker can peform computations on messages, e.g.,
encryption, decryption.
3. The attacker is a legitimate network user.
4. The attacker can send messages to any user and receive
messages from any other user.
5. The attacker can block messages.
6. The attacker can impersonate other users.
Active and passive attackers: A passive attacker just monitors
the network traffic without interrupting it. An active one is
involved in message reception and/or transmission, i.e., items
3–5 in the list above.
9 / 18
Types of attacks
▶ Eavesdropping (passive attacks).
▶ Man-in-the middle attacks, i.e., opening parallel sessions
with different network nodes.
▶ Impersonation attacks, i.e., pretend to be another network
node.
▶ Replay attacks, i.e., store a sequence of messages and
“play” it again later.
▶ Denial of Service (DOS) attacks.
▶ Cryptanalysis attacks, i.e., trying to “break” an encypted
text.
▶ Password guessing (brute-force and dictionary attacks).
▶ Malware (viruses, worms, trojan horses, time bombs, back
door) attacks.
▶ Software exploitation attacks, i.e., exploit a vulnerability.
▶ Timing attacks.
▶ Social engineering.
▶ etc.
10 / 18
Types of Malware
The following are categories of malware. Malicious code may
have more than one characteristic of the ones listed below:
▶ Viruses: It is malicious software, in the form of executable
code that is attached to a legitimate computer program.
Once it runs on a machine, it can self-replicate (copy itself)
to other programs on the machine.
▶ Worms: It is a malicious computer program that spreads
across a network causing harm and consuming resources.
▶ Trojan horses: It is a computer program that appears
legitimate and harmless but has hidden malicious features.
▶ Time bombs (logic bomb): It is malicious code that causes
dmamage when a certain event occurs or when a certain
time is reached.
▶ Back door: It is a hidden entry point to software giving
remote users access to the system without having proper
authorization.
11 / 18
Examples of Attacks–SYN Flood

A B
SYN
SYN
SYN

SYN ACK

A does not reply with ACK

A uses the TCP three-way handshake to initiate many “half-open”

connections. The TCP server is too busy to respond to other
users. This is a Denial of Service (DoS) attack.

12 / 18
Examples of Attacks–UDP Storm
echo chargen
M A B
m1

In this attack, A is running the echo protocol on port 7, while B is

running chargen (character generator) on port 19.
Both A and B use UDP. Therefore chargen will reply to any request by
a random number. M the malicious node, sends message m1 to B, with
source IP=A, source port=7, and destination port=19. A and B will start
bouncing messages off each other indefinitely.

13 / 18
Examples of Attacks–Ping Attack

M A
m1

The malicious node M, sends a broadcast echo message m1

with destination IP=A to the network. A is then flooded with
replies.

14 / 18
Examples of Attacks–TCP Session Hijacking

A M B
od SYN, s
Syn flo ource=
A, X
A is SYN-flooded
1, Y
SYN ACK, X+
ACK, X
+1, Y+1

The malicious node M first attacks A by SYN flood then

impersonates A. The success of this attack depends on M
knowing Y. It can intercept messages or guess Y, in case there is
a weakness in the algorithm for number generation.

15 / 18
Section 3

Defense

16 / 18
Security Properties
What properties do we want our network to have?
Below are very simple intuitive definitions.
▶ Confidentiality: A message m should be revealed only to
those parties who have the right to read it.
▶ Integrity: A message m should not be tampered with by an
itruder. If an intruder tampered with the message, the
receiver should be able to detect this.
▶ Availability: Sevices offered by the network should “always”
be available to legitiamte users, i.e., the network should be
imune against denial of service attacks.
▶ Authentication: Users should be able to verify the identity of
other users communication with them.
▶ Non-repudiation: A user should not be able to deny sending
(Non-Repudiation of Origin, NRO) or receiving
(Non-Repudiation of Receipt, NRR) a message.

17 / 18
Network Protection
We saw several examples of attacks. So, what should be done to
protect a network?
⇒ There is no silver bullet. However, there are measures that
should be taken:
▶ Plan a security policy.
▶ The policy is implemented using various mechanisms:
▶ Access control (authentication + authorization).
▶ Limiting access from/to private network using firewalls.
▶ Filter network traffic using an Intrusion Detection System
(IDS).
▶ etc.
▶ The basic building blocks of many of these security
mechanisms are cryptographic operations. They operate on data
in order to achieve some security objective.
▶ For instance, encryption is a cryptographic operation that is
used in order to achieve data secrecy.

18 / 18