Date post: | 14-Mar-2018 |
Category: |
Documents |
Upload: | truongtruc |
View: | 229 times |
Download: | 2 times |
Cyber Security Trends and Challenges
Prof. Heejo Lee
Dept. of Computer Science and Engineering
Korea University, [email protected]
June 23, 2015
Contents
2
Considerations for the future
Research challenges
Legal issues and investigation
Cyber security attack trends
Introduction
2
1
3
4
5
• The cyber security market is expected to grow at a compounded annual
growth rate of 11.3% to reach $120 billion during 2011-2017
Cyber Security Markets
4
http://marketrealist.com/2014/12/cyber-security-
presents-opportunity-symantec/http://www.bankinfosecurity.com/Obama-proposes-14-
billion-cybersecurity-budget-a-7867/op-1
• The detected security incidents in 2014 have increased 12 times
compared to the security incidents in 2009
– PwC survey from 9,700 CEOs/CSOs in154 countries
Incidents and Financial Impact
Continue to Soar
5
http://www.pwc.com/gx/en/consulting-services/information-
security-survey/key-findings.jhtmlhttp://www.mcafee.com/us/resources/
reports/rp-economic-impact-cybercrime2.pdf
<Net Losses: Estimating the Global
Cost of Cybercrime, June 2014><Global state of information
security survey, 2015>
Cyber Security Trends
• Sep 23, 2013 iPhone 5s fingerprint vulnerability
• Nov 12, 2013 ISS attacked by ‘virus epidemics’
• Apr, 2014 Heartbleed, OpenSSL vulnerability
• Nov 24, 2014 Sony Pictures Entertainment hack
• Mar, 2015 Newer aircraft Wi-Fi vulnerability
7
8
iPhone Fingerprint Authentication
Vulnerability
• German hacker group Chaos Computer Club(CCC) hacked iPhone with
TouchID, Sep 23, 2013
– A fingerprint of the phone user, photographed from a glass surface, is enough
– It simply has a higher resolution than previous sensors, so all the CCC
needed to do was increase the resolution of its fake
http://www.telegraph.co.uk/technology/apple/iphone/10327635/iP
hone-5s-fingerprint-sensor-hacked-within-days-of-launch.htmlhttp://www.cnet.com/news/iphone-5s-touch-id-
hacked-by-fake-fingerprints/
Virus Epidemics in Space
• Nov 12, 2013 ISS attacked by ‘virus epidemics’
• Infected International Space Station(ISS) computers and laptops through
the USB memory of the Russian cosmonaut brought a laptop
– Kaspersky guessed virus ‘W32.Gammima.AG’ or a type of Trojan virus
‘GameThief.Win32.Magania’
• To enhance the security and reliability of the computer system,
OS is changed from Windows XP to Linux
9http://www.theguardian.com/technology/2013/nov/12/international-space-station-virus-epidemics-malware
OpenSSL HeartBleed Vulnerability
• A security bug for OpenSSL library disclosed in April 2014
– Half a million of the Internet secure web servers were to be vulnerable
– Many other systems such as network equipments and security solutions were
also vulnerable, including 75 Cisco routers and switches
10http://unseennow.com/blog/protect-heartbleed-bug/https://en.wikipedia.org/wiki/Heartbleed
11
http://www.pocket-lint.com/news/131937-sony-pictures-hack-here-s-everything-we-know-about-the-massive-attack-so-far
• Nov 24, 2014. Hacked by Guardians of Peace (GOP)
• ‘The Interview’ the film believed to have been the reason
– The film’s plot involving the CIA planning to kill the secretive nation’s
supreme leader Kim Jong-un
• The hackers have obtained some100 terabytes of data stolen from Sony
– Estimated that the cost to fix the breach will be in the region of $100 million
• The director of the FBI has defended his bureau’s claim that the hacking
attack was the work of the North Korean government
Sony Pictures Hack
12
Newer Aircraft Vulnerable to Hacking
• Mar, 2015. The planes include the Boeing 787 Dreamliner, the Airbus
A350 and A380 aircraft were reported to have vulnerabilities
– The main plane computers and passenger internet area are physically
networked
• Airplane Wi-Fi hacking could take full control of the plane
– Main computers including control, navigation and communication systems
http://edition.cnn.com/2015/04/14/politics/gao-newer-aircraft-vulnerable-to-hacking/
Legal Issues in Cloud Computing
• By storing the data to cloud, criminals can avoid the legal issues
– Organizations don’t know where the data is located
14
http://www.cyberlawconsulting.com
http://www.mondaq.com/turkey/x/400668/Data+
Protection+Privacy/Critical+Legal+Issues+In+Cloud+Agreeme
nts
International Collaboration for Global Incidents
• Computer Security Incident Response Team (CSIRT)
– A reliable and trusted single point of contact for
reporting computer security incidents worldwide
• Forum of Incident Response and Security Team (FIRST)
– A premier organization and recognized global leader
in incident response
• Asia Pacific Computer Emergency Response Team (APCERT)
– Work to help create a safe, clean and reliable cyber space
in the Asia Pacific Region through global collaboration
15
DDoS Attacks (1/3)
• A Distributed denial-of-service (DDoS) attacks is an attempt to make a
machine or network resource unavailable to its intended users
• One of the main threat to the cyber security
17
<DDoS attack diagram>
http://hackmageddon.com/2015/01/13/2014-
cyber-attacks-statistics-aggregated/
DDoS Attacks (2/3)
• Distributed reflection denial of service attack
– Using IP address spoofing, the source address is set to that of the targeted
victim, which means all the replies will go to (and flood) the target
18
DDoS Attacks (3/3)
• DDoS attacks continue to represent an insidious threat, with an alarming
increase in the Simple Service Discovery Protocol reflection attacks
19<Arbor networks quarterly report on global DDoS attack data Q3 2014>
20
Defense Strategies and Cyber
Shelter for DDoS Attacks (1/4)
Resilient topology & DNS load balancing
Dependable server design
URL splitting
ISP on-demand filtering
URL rate limiting
• Broader DDoS Solutions
– No single effective solution
• Network topology, server design, attack filtering
21
Defense Strategies and Cyber
Shelter for DDoS Attacks (2/4)
• Dependable Servers
– Servers are more susceptible to DDoS than networks
• Even though DDoS traffic filtered, a server can be suffered from
unfiltered attack traffic
– URL splitting
• Light weight first page in one server, redirect to next page in a different server
• Load sharing with multiple servers
22
Defense Strategies and Cyber
Shelter for DDoS Attacks (3/4)
• Resilient Topology
– Resiliency of network topology
• Avoid single point of failures via link congestion
– Disperse replicated servers
• Once a server crashed, then the other can continue to provide the same services
23
Defense Strategies and Cyber
Shelter for DDoS Attacks (4/4)
• DDoS Shelter Service
– Reroutes attack traffic
• Destined for the targeted website to the Shelter and cleans it
– All traffic to the website will be collected by the Shelter to cope with the attack
for a certain period of time
http://eng.krcert.or.kr/service/ddos.jsp
Malware in Documents
• Hangul Document Exploit
– Put the shell code to heap area in the document for exploiting the
vulnerability of HWP word processor
– OS shut down after a while and print the message ‘Who Am I?’
24
<Attack simulation in .hwp vulnerability>
https://www.youtube.com/watch?v=z0Cvca8Ak9A
• Detecting Android malware variants by family signature
• New approach using CodeGraph system and android API
Discovering Android Malware
using Behavior Signature
25
• Jonghoon Kwon, Jihwan Jeong, Jehyun Lee, Heejo Lee, “DroidGraph: Discovering Android Malware by Analyzing Semantic Behavior", IEEE Conf. on Communications and Network Security (IEEE CNS), Oct. 29. 2014.
• Suyeon Lee, Jehyun Lee, Heejo Lee, "Screening Smartphone Applications using Behavioral Signatures", IFIP Int'l Information Security and Privacy Conference (IFIP SEC), Vol. 405, pp. 14-27, Jul. 8. 2013.
Detecting Repackaged Malapps
using Software-based Attestation
• MysteryChecker
– Verifier randomly generates an attestation module
– Verifier transfers a new attestation module to target, and the target replies an
attestation result
26
• Chanyoung Lee, Dongwon Seo, Jihwan Jeong, Jonghoon Kwon, Heejo Lee, “MysteryChecker: Unpredictable Attestation to Detect Repackaged Malicious Applications in Android”, IEEE Conf. on Malicious and Unwanted Software (IEEE Malware), Oct. 2014
• Almost 40% of adults rarely protect themselves against cyber crooks
• National Crime Agency (NCA) has started a security awareness campaign
Security Awareness (1/2)
28http://www.nationalcrimeagency.gov.uk/news/news-listings/423-almost-
40-of-adults-rarely-protect-themselves-against-cyber-crooks
<August 13, 2014>
• NCA is urging you to be careful when using the internet
– Device’s software up-to-date
– Not opening files on a website or email from suspicious sources
– Being cautious when putting USB sticks and CDs into computer
• Cyber Streetwise campaign provides easy tips so that users stay safe
online
Security Awareness (1/2)
29https://www.cyberstreetwise.com/
Security Awareness Training
30
Youth IT security camp• Is held by MSIP
since 2012
• Plants the security
awareness in young people
V School• Is held annually by
AhnLab since 2006
• Is corporate social
activities as a talent donation
Human Resource Development (1/2)
Best of Best (BOB) program
• Is started from 2012
• A stepped mentoring program with top security experts
• A practice education and project of utility knowledge-based
• continuous support to white hackers for entering the workforce
31
Human Resource Development (2/2)
32
CODE GATE (Hacking conference)• Is the world-class global event on
information protection to foster the
global experts
• Capture the flag (CTF) sample problem
INCOGNITO (Hacking conference)• Is a name for the Korean university
computer security club union
created in 2012
• The members are 12 universities
including Korea Univ, POSTECH,
KAIST, and SNU.
CSIRT Training Program
33
APISC Security Training Course• Since 2005 KISA has been implementing the Asia-Pacific Information
Security Training Course (APISC)
• Program• 1-day on Information Security in Korea
• 1-day for economy update by participants
• 3-days of TRANSITS course on CSIRT building and operation
HRD Programs in Information Security(1/2)
• Undergraduate and graduate course for information security
– Information security departments in undergraduate course are established in
2002 from KCC of IT resources development project
– Graduate course
• 21 courses in general graduate school
• 11 courses in special graduate school
34
Universities StudentsGraduate
(2014)
Undergraduate
degree program36 5,701 545
Graduate
degree program32 1,241 281
http://isis.kisa.or.kr/ebook/swfViewPage.jsp?type=2015
• Selection of information security specialized university in Korea, June 2015
– Curriculum operation: incident response, digital forensics, cyber security
– Collaborative projects with enterprises
Korea university Seoul women’s university Ajou university
HRD Programs in Information Security(2/2)
35http://isis.kisa.or.kr/ebook/swfViewPage.jsp?type=2015