Upload
branden-gonzalez
View
18
Download
1
Embed Size (px)
DESCRIPTION
Electronic Commerce Security and Computer Forensics. David Dampier Department of Computer Science & Engineering Center for Computer Security Research [email protected] http://www.cse.msstate.edu/~security. Pervasive Inexpensive Easy to use No one in charge Robust - PowerPoint PPT Presentation
Citation preview
1
Electronic Commerce Securityand Computer Forensics
David Dampier
Department of Computer Science & Engineering
Center for Computer Security Research
http://www.cse.msstate.edu/~security
2
Paradox of the Internet
• Pervasive– Inexpensive– Easy to use
• No one in charge• Robust• Used extensively
today
• Intrinsically insecure– Expensive to secure– Hard to secure - an
afterthought
• No one responsible• Ill defined boundaries• Laws of use not clear
3
What is EC Security?• A special case of network security• A special case of client server security• An evolving area of computer science
– Digital cash– Internet banking– Store fronts versus Store reality– International market place …
• Still an area of immense temptation for the criminal element
4
What are the threats?• First - the traditional threats apply
– Confidentiality, Integrity, Availability, Accountability– Malicious code – Network vulnerabilities – Others ???
• Second - Additional privacy concerns surface (…ethics concerns)– cookies– buying habits and profiling– shared databases (???) – short term and long term storage of sensitive data– others ...
5
More threats ...
• Authentication takes on a new role– Who is the buyer?– Who is the seller?– Is the seller real?– Where is the seller?– Non-repudiation is important– Accountability for seller and buyer actions
• Availability – loss of access equals loss of revenue– recovery procedures are very important– The greatest threat to E-Commerce today (arguable perhaps…)
6
A Simple View
Server
Client
E-Commerce protection must include data in transit;data in processing; and, data in storage
•over an open network•in a client server environment
7
Security Requirements include
• Transaction integrity • Confidentiality of the transaction• Mutual authentication of all parties (customer,
store, bank)• Non-repudiation • Timely service• Record keeping• Protection of the systems against intrusion
8
Client Side Security
• Essentially “web browser” security• Two main risks have emerged
– Vulnerabilities in the Web Browser software– Risk of Active Content
• Active Content (mobile code) – Java and Java Applets– Active X controls– Push technology– MS Macros– Plugin’s
9
Secure Transport
• Secure Channels – Secure Sockets Layer (SSL)– Secure HTTP (S-HTTP)
• Smart Cards carrying a private key for encryption
• E-Cash protocols
10
Web Server Side
• Typically a front end web server, backend database, and interface software (e.g., CGI scripts).
• Firewalls are most useful here - but varying degrees of strength and responsiveness
• Operating system security an issue (for both the network OS and the server OS)
11
Solution Sets ...• Encryption plays a very big role
– SSL, S-HTTP– Digital Signatures– Certificates (X.509 - PKI)– PGP
• Firewalls• Trusted OS and products• Disaster recovery plans• Education and awareness• Law
12
Public Key Infrastructure
• Enables the Use of Public Key Technology
• Parts– Certificate Maintenance
Issuance, Reissuance, Revocation
– Certificate Availability– Interoperations
13
Answer:Public Key Infrastructure
• Getting public-key materials
Jane DoeAcme
public
private
Where they are needed
When they are needed
14
Doing Business With Keys
Internet
PKIforDummies
4417 5712 1238 51961
PKIforDummies
Xyl?wk$
public
But where did the key come from?
private
amazon.com
4417 5712 1238 51961 Sold
15
Certificate: ID? Or ATM Card?
• Identity Card– Something you have
– Something you are
• ATM Card– Something you have
– Something you know
A Certificate is Three Things
• An ID Card
Jane DoeAcme
public
• A Notarized Signature • A Scrambling Device
plaintext X&8uj*l.
Mississipp
i Jane Doe105 Lee StreetAnywhere, MS 39759
16
Doing Business With Certificates
amazon.comInternet
PKIforDummies
4417 5712 1238 51961
PKIforDummies
Xyl?wk$
public
But where did the certificate come from?
private
Jane DoeAcme
public
4417 5712 1238 51961 Sold!
17
Certifying Authorities
• Public Key technology is powerful - but you can’t keep everyone’s public key on your hard drive– hundreds of thousands of users globally– expiration and maintenance issues
• More practical to rely on trusted “third parties” - Certifying authorities
18
Certifying Authorities
• A commercial enterprise that vouches for the identities of individuals and organizations.
• Browsers have public keys of well known CA’s built in.
• Certificates are (for most practical purposes) viewed as “untamperable” and “unforgeable”
• VeriSign, AT&T, BBN, CeriSign, and others (check your browser)
19
A Process for Secure EC
• Assess your risks
• Secure the Infrastructure
• Secure your Internet Connections
• Secure Electronic Commerce
• Disaster Recovery
- David Cullinane - “Electronic Commerce Security, 1999
20
Assessing Risk -• Conduct a Threat and Vulnerability Analysis
– What are the threats to your information assets– How vulnerable are each of those threats– What would be the business impact if each of the threats
were to occur– What controls are available/needed to mitigate the threats
• Identify and Prioritize (...and build a plan)– address the threats and vulnerabilities– insure plan is consistent with business objectives and cost– plan fits with organizational culture?
21
Secure the Infrastructure
• Concerned with OS security, external connectivity, & network security ...
• Develop an Information Security Architecture– “…a structure for implementing security across an
enterprise”
– defines the organization of the information security program
– the foundation of a solid information security program
22
Secure Internet Connection
• Based on Firewall protection primarily
• Recall - firewalls vary in trust and capability
• Defense in depth is suggested
• Tradeoff between security and ease of access is a business and risk decision
• There is no cookbook solution
23
Disaster Recovery
• Continuity of operation plans– Written down, practiced, realistic and
implementable
• Backups
• Hot/Cold sites
• Usually overlooked
• Finding out what happened.
24
Basics of Computer Forensics
Mississippi State UniversityDept Of Computer Science and Engineering
25
What is Forensics?
• Forensics is the application of scientific techniques of investigation to the problem of finding, preserving and exploiting evidence to establish an evidentiary basis for arguing about facts in court cases
26
What is Computer Forensics?
• Computer forensics is forensics applied to information stored or transported on computers
• It “Involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis”
• Procedures are followed, but flexibility is expected and encouraged, because the unusual will be encountered.
27
Categories of Computer Crime
• Computer used to conduct the crime– Child Pornography/Exploitation
– Threatening letters
– Fraud
– Embezzlement
– Theft of intellectual property
• Computer is the target of the crime– Incident Reponse
– Security Breach
28
What is the evidence?
• Bytes• Files
– Present– Deleted– Encrypted
• Fragments of Files– Words– Sentences– Paragraphs
29
Where do we find it?
• Storage Media– Hard Disks– Floppy Disks– CDs, Zip disks, tapes, etc.– Thumb Drives
• RAM
• Log Files
30
What do we do with it?
• Acquire the evidence without altering or damaging the original.
• Authenticate that your recovered evidence is the same as the originally seized data.
• Analyze the data without modifying it.
• Be prepared to testify about it in a court of law.
31
Acquire the evidence
• How do we seize the computer?• How do we handle computer evidence?
– What is chain of custody?– Evidence collection– Evidence Identification– Transportation– Storage
• Documenting the Investigation
32
Authenticate the Evidence
• Prove that the evidence is indeed what the criminal left behind.– Readable text or pictures don’t magically
appear at random.– Calculate a hash value for the data
• CRC
• MD5
33
Analysis
• Always work from an image of the evidence and never from the original.– Prevent damage to the evidence– Make two backups of the evidence in most
cases.
• Analyze everything, you may need clues from something seemingly unrelated.
34
Analysis (cont.)
• Existing Files– mislabelled
• Deleted Files– Show up in directory listing with in place of first
letter• “Dave.txt” appears as “ ave.txt”
• Free Space• Slack Space• Swap Space
35
Storage Media Basics
• Sector: 512 Bytes
• Cluster (Block): 2 or more clusters (up to 64)
0 1 2 3 4 5 511…
0 1 2 3 4 5 511 0 1 2 3 4 5 511
36
Slack Space• RAM Slack: That portion of a sector that is
not overwritten in memory.
• Disk Slack: Those sectors of the cluster that are not needed to store file.
0 1 2 3 4 5 511…
EOF
RAM Slack
0 1 2 3 4 5 511 0 1 2 3 4 5 511
EOF
Disk Slack
37
Slack Space
• File Slack: Last cluster of file isn’t filled up completely, so data from the last use of that cluster isn’t overwritten.
• File Slack = Disk Slack + RAM Slack
0 1 2 3 4 5 511 0 1 2 3 4 5 511
EOF
Disk SlackRAM Slack
File Slack
38
Free Space
• That portion of the Media that is not currently in use.
• Could have been used before, but not overwritten.– Especially true today with very large disks
• Can we really erase a hard drive?– Even if formatted, the data is not lost.
39
Data Hiding
• Obfuscating Data– Encrypted– Compressed
• Hiding Data– In plain sight – innocent looking data has
alternate meaning– Within File system
40
Data Hiding in File System
• In a File– Steganography– Invisible names– Misleading names– Obscurity– No names
• Not in file– Slack, swap, free space
• Removable Media
41
Tools
• Password crackers• Hard Drive Tools
– Fdisk on Linux
• Viewers– QVP
– Diskview
• Thumbsplus• Unerase tools
• CD-R Utilities• Text search tools• Drive Imaging
– Safeback
– Linux dd
• Disk Wiping• Forensic Toolkits• Forensic Computers
42
QUESTIONS???
43
Contact Information
Dr. David Dampier
Department of Computer Science and Engineering
Box 9637, 300 Butler Hall
Mississippi State, MS 39762-9637
(011)(662)325-2756