email security, web security and malicious programs lecture 9

Email Security, Web Security and Email Security, Web Security and Malicious ProgramsMalicious Programs

Lecture 9Lecture 9

Information and Nework Security 2

Email Basis Email Basis

Email InfrastructureEmail InfrastructureAllows a user to send a message to one or Allows a user to send a message to one or

more recipientsmore recipientsUsing either single email address or a Using either single email address or a

distribution listdistribution listIf a distribution list is used then:If a distribution list is used then:

The message is sent to a site where the The message is sent to a site where the distribution list is maintained and that site then distribution list is maintained and that site then sends the message to each of the recipient sends the message to each of the recipient from the list, orfrom the list, or

The sender retrieves the list and then sends The sender retrieves the list and then sends the message to each recipient from the list the message to each recipient from the list


Email Infrastructure Email Infrastructure

Source and destination computers are Source and destination computers are directly communicate to each otherdirectly communicate to each otherBoth machines have to be running and reachable Both machines have to be running and reachable

on the network (not always work if the user on the network (not always work if the user machine is only occasionally connected to the machine is only occasionally connected to the network)network)

In general, email infrastructure consists of:In general, email infrastructure consists of: a whole mesh of mail forwarders or Mail Transfer a whole mesh of mail forwarders or Mail Transfer

Agents (MTA)Agents (MTA)The mail processing at the source and destination The mail processing at the source and destination

computers is done by a program called User computers is done by a program called User Agent (UA)Agent (UA)


Email Infrastructure (e.g)Email Infrastructure (e.g)

UA

MTA

MTA

MTA

MTA

MTA

MTA

UA

MTA

Authentication between MTAs or between MTA and users

Not authenticated path


Reasons for multiple MTAsReasons for multiple MTAs

Reasons for needing multiple MTAs along a Reasons for needing multiple MTAs along a mail path from the source to the destination:mail path from the source to the destination:Part of the network may be occasionally Part of the network may be occasionally

connectedconnectedMTAs may need to authenticate other MTAs or MTAs may need to authenticate other MTAs or

user machinesuser machinesA company may want a security gateway through A company may want a security gateway through

which all mail has to be forwardedwhich all mail has to be forwardedDifferent parts of the network may be using Different parts of the network may be using

different protocol suites different protocol suites


Email Services and Security Email Services and Security

Privacy:Privacy: message is only for intended message is only for intended recipient(s) recipient(s)

Authentication:Authentication: authentication of the source authentication of the source Integrity:Integrity: integrity of message integrity of message Non-repudiation:Non-repudiation: sender can’t deny her sent sender can’t deny her sent

messagemessage Proof of submission:Proof of submission: verification to the verification to the

sender that the message was handed to the sender that the message was handed to the mail delivery system mail delivery system


Email Services and SecurityEmail Services and Security

Message flow confidentiality:Message flow confidentiality: a third person a third person C cannot even determine whether A sent B a C cannot even determine whether A sent B a mail or notmail or not

Containment:Containment: the ability of the network to the ability of the network to keep certain security levels of information keep certain security levels of information from leaking out of a particular regionfrom leaking out of a particular region

Self-destruction:Self-destruction: message can’t be message can’t be forwarded or storedforwarded or stored

Proof of delivery:Proof of delivery: verification that the verification that the recipient received the messagerecipient received the message

Anonymity:Anonymity: recipient can’t find out the recipient can’t find out the identity of the sender identity of the sender


Email Security ServicesEmail Security Services

Most email security services can be Most email security services can be provided by cryptographic meansprovided by cryptographic meansPrivacy: Privacy: using secret or public keyusing secret or public keyNon-repudiation: Non-repudiation: digital signaturedigital signatureAuthentication:Authentication: using secret and public using secret and public

key technologykey technologyIntegrity:Integrity: using secured hash function using secured hash function

and secret or public key technologyand secret or public key technology


Email Security ServicesEmail Security Services

Proof of delivery: Proof of delivery: Is it possible to provide a receipt if and only if Is it possible to provide a receipt if and only if

the recipient got the message (Yes/No) – Yes? the recipient got the message (Yes/No) – Yes? How?How? If the recipient signs before the message is delivered, If the recipient signs before the message is delivered,

the message can be lost but the mail system has the the message can be lost but the mail system has the signature.signature.

If the recipient signs after receiving the message, the If the recipient signs after receiving the message, the recipient may not furbish a signature at that point, but recipient may not furbish a signature at that point, but yet has the message.yet has the message.

Anonymity: Anonymity: What for?What for? Is it easy? Is it easy? (most mail systems automatically include the (most mail systems automatically include the

sender’s name in the message)sender’s name in the message)Does it compromise mail security?Does it compromise mail security?


Email Security counter measuresEmail Security counter measures

Make sure email software is configured Make sure email software is configured properlyproperly

Use wrappers to enhance security of email Use wrappers to enhance security of email softwaresoftware

Educate and regularly remind users of the Educate and regularly remind users of the danger of malicious programs (No email danger of malicious programs (No email system is secured)system is secured)

Design and implement prevention systems Design and implement prevention systems to early detect and give warning message to to early detect and give warning message to users or stop malicious programsusers or stop malicious programs


Further Readings about Email Security Further Readings about Email Security

PEM (Private Enhanced Mail)PEM (Private Enhanced Mail) Additional features: encryption, source authentication, and Additional features: encryption, source authentication, and

integrity protectionintegrity protection Relies on certificates and uses one path of certificatesRelies on certificates and uses one path of certificates

S/MIME (Secure Multipurpose Internet Mail S/MIME (Secure Multipurpose Internet Mail Extensions)Extensions) Additional features: Additional features: Similar to PEMSimilar to PEM Relies on certificates and usees multiple certificate Relies on certificates and usees multiple certificate

hierarchieshierarchies PGP (Pretty Good Privacy)PGP (Pretty Good Privacy)

Certificates are an optional in PGPCertificates are an optional in PGP Each user decides which keys to trust Each user decides which keys to trust Different from PEM & S/MIME by treating mails as filesDifferent from PEM & S/MIME by treating mails as files


Web SecurityWeb Security

Server-side security:Server-side security: Protect the server against denial of serviceProtect the server against denial of service Need to protect against site vandalismNeed to protect against site vandalism Protect against break-insProtect against break-ins

Client-site security: Client-site security: need to protect client’s machine against malicious need to protect client’s machine against malicious

programsprograms Limit the amount of personal information that the browser Limit the amount of personal information that the browser

can transmit without the user’s consent can transmit without the user’s consent Document confidentiality: Document confidentiality:

Need to protect documents against eavesdroppingNeed to protect documents against eavesdropping Protect against the risk of fraudulentProtect against the risk of fraudulent

A user misrepresents herself to get unauthorised access to A user misrepresents herself to get unauthorised access to the serverthe server

A web server tricks a user into sending it confidential A web server tricks a user into sending it confidential informationinformation


Web Security: Risks Web Security: Risks

Web and Email by their services have a high Web and Email by their services have a high security risk security risk

Web browsers and servers are large and Web browsers and servers are large and complex pieces of software => vulnerable to complex pieces of software => vulnerable to security bugs (security bugs (e.g: Internet Explorer 3.0e.g: Internet Explorer 3.0))

Webservers allow scripts, applets & Webservers allow scripts, applets & programs in many languages to run on programs in many languages to run on server machines by request from clients server machines by request from clients ( browsers) => high security risk( browsers) => high security risk

Web servers can be easily misconfigured => Web servers can be easily misconfigured => provide security holesprovide security holes


Web Security: RisksWeb Security: Risks

The server’s hardware may not be securedThe server’s hardware may not be secured Transmissions across the Internet are not Transmissions across the Internet are not

secured hence web documents and secured hence web documents and interactive login session are vulnerable to interactive login session are vulnerable to eavesdroppingeavesdropping

Remote authoring and administration tools Remote authoring and administration tools open security holesopen security holes

Many web accounts may need be created Many web accounts may need be created due to a high number of people involved in due to a high number of people involved in providing different information providing different information


Web Security (e.g)Web Security (e.g)

Possible attacks:Possible attacks: Integrity: Integrity:

Modification of messageModification of messageConfidentiality: Confidentiality:

Eavesdropping; theft; getting information about Eavesdropping; theft; getting information about network configuration or which client talk to which network configuration or which client talk to which serverserver

Denial of service:Denial of service: Killing of user processes; flooding servers with bogus Killing of user processes; flooding servers with bogus

requests; filling up memory or disk; etc.requests; filling up memory or disk; etc.Authentication: Authentication:

Impersonation of legitimate users; data forgeryImpersonation of legitimate users; data forgery


Web Security – counter measuresWeb Security – counter measures

Integrity: cryptographic checkIntegrity: cryptographic check Confidentiality: encryption (or using Confidentiality: encryption (or using

Web proxies – this is not an absolute Web proxies – this is not an absolute solution)solution)

Denial of service: Difficult to preventDenial of service: Difficult to prevent Authentication: Cryptographic Authentication: Cryptographic

techniquestechniques


Web Security – counter measuresWeb Security – counter measures

Other web security issues can be Other web security issues can be minimized by:minimized by:Carefully design and test CGI scripts and Carefully design and test CGI scripts and

other added programsother added programsDo the configuration carefullyDo the configuration carefullyDo not provide more web accounts than Do not provide more web accounts than

necessarynecessary


Danger of Malicious ProgramsDanger of Malicious Programs

Systems such as Microsoft Outlook make it very Systems such as Microsoft Outlook make it very simple to send anything to anyone and to work with simple to send anything to anyone and to work with objects that are receivedobjects that are received

Mobile-program systems such as Java based Mobile-program systems such as Java based system, ActiveX based system, Mobile-agent based system, ActiveX based system, Mobile-agent based system, allow programs to move on their own from system, allow programs to move on their own from one system to another => malicious programs can one system to another => malicious programs can take advantage and spread quickly (modern take advantage and spread quickly (modern software systems tend to allow mobile agents and software systems tend to allow mobile agents and program migrations [program migrations [see see P.D Le, B. Srinivasan and P. Granville, "A P.D Le, B. Srinivasan and P. Granville, "A Prototype Tool to Support Migration in Distributed Environments", Prototype Tool to Support Migration in Distributed Environments", Proceedings of the 2nd International Symposium on Applied and Corporate Proceedings of the 2nd International Symposium on Applied and Corporate

Computing, pp. 53-62, 1994.Computing, pp. 53-62, 1994. ] ]))


Taxonomy of Malicious Programs

19

Need Host Program

Independent

Trapdoors Logic Bombs

TrojanHorses

Viruses Bacteria WormsZombie


Malicious Programs

Logic bomb: coded embedded in some program Logic bomb: coded embedded in some program that is set to explode when certain conditions are that is set to explode when certain conditions are metmet

Trapdoor: a secret entry point (often for debugging Trapdoor: a secret entry point (often for debugging purpose) in a program that allows someone to gain purpose) in a program that allows someone to gain access without going through normal procedureaccess without going through normal procedure

Trojan horse: instructions hidden inside an Trojan horse: instructions hidden inside an otherwise useful program that do the bad thingsotherwise useful program that do the bad things

Bacteria: programs that replicate themselves to fill Bacteria: programs that replicate themselves to fill disk and memory or to take up CPU disk and memory or to take up CPU

Worm: a program that replicates itself by installing Worm: a program that replicates itself by installing copies of itself on other machines across network copies of itself on other machines across network


Malicious Programs

Zombie: malicious code installed on a Zombie: malicious code installed on a system that can be remotely triggered system that can be remotely triggered to carry out some attack with less to carry out some attack with less traceability.traceability.

Virus: code that, when executed, Virus: code that, when executed, inserts copies of itself into another inserts copies of itself into another program – the infected program, when program – the infected program, when executed, will execute the virus executed, will execute the virus


Malicious Programs - Virus

Virus can be embedded into a program in Virus can be embedded into a program in different fashion (pre-pended, post-pended, different fashion (pre-pended, post-pended, pre-defined point, etc)pre-defined point, etc)

Most viruses are designed to work for Most viruses are designed to work for particular OS or environmentparticular OS or environment

They are designed to take advantage of the They are designed to take advantage of the weaknesses of a particular system or weaknesses of a particular system or software platformsoftware platform

Virus can do anything a program can do – it Virus can do anything a program can do – it attaches itself to a host program and attaches itself to a host program and executes secretly when the host program is executes secretly when the host program is runrun


Simple Structure of A VirusSimple Structure of A Virus

InfectedProgram {Goto virus_main;Label_for_virus;

Virus_main: Infect_executable (…); if Trigger-pulled (…) Do-damage (…)}

Do-damage (…){ do-whatever-damage-you-like}

Trigger-pulled (…){ if some condition holds return true else return false}

Infect_executable (…) { loop; AFile = randomly get an executable file; if there is Label_for_virus (file already infected)

goto loop; else prepend Virus to AFile}


Malicious programsMalicious programsImmune SystemImmune System

Derive prescription

Analyse virus behavior and structure

Extract signature

Virus analysis machine

Administrative machine

Individual user

Administrative machine

Virus infected client machine

client machine

client machine

client machine

client machine

A Private Network A

A Private Network B


Malicious programsMalicious programsImmune SystemImmune System

Each computer (client) has a monitoring program Each computer (client) has a monitoring program runningrunning

The monitoring program tries to find a thought-to-be The monitoring program tries to find a thought-to-be infected programinfected program

If there is one, then the client forwards a copy of that If there is one, then the client forwards a copy of that program to administrative machine within the program to administrative machine within the organisationorganisation

The administrative machine (AM) encrypts the The administrative machine (AM) encrypts the suspicious program and sends it to a virus analysis suspicious program and sends it to a virus analysis machine (VAM)machine (VAM)

The VAM creates an environment in which suspicious The VAM creates an environment in which suspicious program can be run safely for analysisprogram can be run safely for analysis

The VAM produces a prescription for treatment and The VAM produces a prescription for treatment and sends it back to the AMsends it back to the AM

The AM forwards the description to the client and othersThe AM forwards the description to the client and others With this method subscribers can receive antivirus With this method subscribers can receive antivirus

updatesupdates


How to Protect your Systems against How to Protect your Systems against Malicious Programs (MP)Malicious Programs (MP)

There are many ways to enhance your There are many ways to enhance your system security such as using encryption, system security such as using encryption, firewall, security at different layers, etcfirewall, security at different layers, etc

However, there is no absolute way to protect However, there is no absolute way to protect your system against malicious programsyour system against malicious programs

Modern computer systems allow mobile Modern computer systems allow mobile programs and services via Web, Email, programs and services via Web, Email, Internet software products and the like Internet software products and the like

MPs will be the main security concern for MPs will be the main security concern for modern computer systemsmodern computer systems


MP and Security MP and Security

How to prevent MPs from quickly spreadingHow to prevent MPs from quickly spreading Should your system provide rapid response so that Should your system provide rapid response so that

MPs can be stamped out almost as soon as they MPs can be stamped out almost as soon as they are introduced? How can it be done?are introduced? How can it be done?

Should your systems be able to automatically Should your systems be able to automatically capture new MPs when it enters your organisation capture new MPs when it enters your organisation computer system?computer system?

Should your system dynamically inform other Should your system dynamically inform other systems so that they can analyse, detect and systems so that they can analyse, detect and possibly remove MPs?possibly remove MPs?

Dynamically provide tools for diagnosis & Dynamically provide tools for diagnosis & treatment, etc. treatment, etc.


Malicious Program Detection System Malicious Program Detection System (MPDS) – Overview (MPDS) – Overview

Virtual machine 1

Quantum machine

Common Administrative machine

Network 1

Virtual machine 2

Virtual machine 3

Virtual machine N

Network 2 Network 3


Proposed Malicious Program Proposed Malicious Program Detection SystemDetection System

Reason: Modern computer systems allow Reason: Modern computer systems allow mobile programs and services via Web, mobile programs and services via Web, Email, Internet software products and the Email, Internet software products and the like like Such systems are more vulnerable due to the Such systems are more vulnerable due to the

nature of the services they provide and the nature of the services they provide and the heavy interactions between users and the heavy interactions between users and the systemssystems

Goals: Goals: The proposed system attempts to reduce the The proposed system attempts to reduce the

impact of MPs attackimpact of MPs attackThe idea can be applied at organisation level or The idea can be applied at organisation level or

larger scalelarger scale


How MPDS works?How MPDS works?

MPDS requires that if an application MPDS requires that if an application allows user interactions, then it must allows user interactions, then it must be constructed to allow corresponding be constructed to allow corresponding non-interactive optionsnon-interactive optionsThis requirement is reasonable since it This requirement is reasonable since it

allows automatic software testing, allows automatic software testing, analysis and correctionanalysis and correction

Modern software are object-oriented and Modern software are object-oriented and hence it facilitates both interactive and hence it facilitates both interactive and non-interactive optionsnon-interactive options


Main components of MPDSMain components of MPDS

A quantum or extremely fast computer (FC) is used A quantum or extremely fast computer (FC) is used as a simulation and detection centre on which as a simulation and detection centre on which many different software platforms can concurrently many different software platforms can concurrently residereside

A common administrative machine (CAM) forwards A common administrative machine (CAM) forwards all incoming messages to FCall incoming messages to FC

FC delivers messages to FC for analysis and FC delivers messages to FC for analysis and checkingchecking

If the analysis and checking says “If the analysis and checking says “Not O.KNot O.K”, then ”, then messages are messages are markedmarked “unsafe” and sent back to “unsafe” and sent back to CAMCAM

CAM forwards unmarked messages to intended CAM forwards unmarked messages to intended destinations or rejects destinations or rejects markedmarked messages messages


Further research readingFurther research reading

Security achievement is related to Security achievement is related to planning more than fixing, we planning more than fixing, we encourage you to:encourage you to:Discuss the trend of web, Email Discuss the trend of web, Email

applications and other Internet servicesapplications and other Internet servicesAttempt to provide some conceptual Attempt to provide some conceptual

models to deal with threats from MPsmodels to deal with threats from MPs

email security, web security and malicious programs lecture 9

Documents

message n anonymity

network n

security n privacy

message n proof of submission

n containment

lthe message

message yesno

source n integrity