Email Security, Web Security and Malicious Programs Lecture 9

1
Email Security, Web Security and Malicious
ProgramsLecture 9

2
Email Basis

• Email Infrastructure
• Allows a user to send a message to one or more
  recipients
• Using either single email address or a
  distribution list
• If a distribution list is used then
• The message is sent to a site where the
  distribution list is maintained and that site
  then sends the message to each of the recipient
  from the list, or
• The sender retrieves the list and then sends the
  message to each recipient from the list

3
Email Infrastructure

• Source and destination computers are directly
  communicate to each other
• Both machines have to be running and reachable on
  the network (not always work if the user machine
  is only occasionally connected to the network)
• In general, email infrastructure consists of
• a whole mesh of mail forwarders or Mail Transfer
  Agents (MTA)
• The mail processing at the source and destination
  computers is done by a program called User Agent
  (UA)

4
Email Infrastructure (e.g)
MTA
MTA
MTA
MTA
UA
UA
MTA
MTA
Not authenticated path
MTA
Authentication between MTAs or between MTA and
users
5
Reasons for multiple MTAs

• Reasons for needing multiple MTAs along a mail
  path from the source to the destination
• Part of the network may be occasionally connected
• MTAs may need to authenticate other MTAs or user
  machines
• A company may want a security gateway through
  which all mail has to be forwarded
• Different parts of the network may be using
  different protocol suites

6
Email Services and Security

• Privacy message is only for intended
  recipient(s)
• Authentication authentication of the source
• Integrity integrity of message
• Non-repudiation sender cant deny her sent
  message
• Proof of submission verification to the sender
  that the message was handed to the mail delivery
  system

7
Email Services and Security

• Message flow confidentiality a third person C
  cannot even determine whether A sent B a mail or
  not
• Containment the ability of the network to keep
  certain security levels of information from
  leaking out of a particular region
• Self-destruction message cant be forwarded or
  stored
• Proof of delivery verification that the
  recipient received the message
• Anonymity recipient cant find out the identity
  of the sender

8
Email Security Services

• Most email security services can be provided by
  cryptographic means
• Privacy using secret or public key
• Non-repudiation digital signature
• Authentication using secret and public key
  technology
• Integrity using secured hash function and secret
  or public key technology

9
Email Security Services

• Proof of delivery
• Is it possible to provide a receipt if and only
  if the recipient got the message (Yes/No) Yes?
  How?
• If the recipient signs before the message is
  delivered, the message can be lost but the mail
  system has the signature.
• If the recipient signs after receiving the
  message, the recipient may not furbish a
  signature at that point, but yet has the message.
• Anonymity
• What for?
• Is it easy? (most mail systems automatically
  include the senders name in the message)
• Does it compromise mail security?

10
Email Security counter measures

• Make sure email software is configured properly
• Use wrappers to enhance security of email
  software
• Educate and regularly remind users of the danger
  of malicious programs (No email system is
  secured)
• Design and implement prevention systems to early
  detect and give warning message to users or stop
  malicious programs

11
Further Readings about Email Security

• PEM (Private Enhanced Mail)
• Additional features encryption, source
  authentication, and integrity protection
• Relies on certificates and uses one path of
  certificates
• S/MIME (Secure Multipurpose Internet Mail
  Extensions)
• Additional features Similar to PEM
• Relies on certificates and usees multiple
  certificate hierarchies
• PGP (Pretty Good Privacy)
• Certificates are an optional in PGP
• Each user decides which keys to trust
• Different from PEM S/MIME by treating mails as
  files

12
Web Security

• Server-side security
• Protect the server against denial of service
• Need to protect against site vandalism
• Protect against break-ins
• Client-site security
• need to protect clients machine against
  malicious programs
• Limit the amount of personal information that the
  browser can transmit without the users consent
• Document confidentiality
• Need to protect documents against eavesdropping
• Protect against the risk of fraudulent
• A user misrepresents herself to get unauthorised
  access to the server
• A web server tricks a user into sending it
  confidential information

13
Web Security Risks

• Web and Email by their services have a high
  security risk
• Web browsers and servers are large and complex
  pieces of software gt vulnerable to security bugs
  (e.g Internet Explorer 3.0)
• Webservers allow scripts, applets programs in
  many languages to run on server machines by
  request from clients ( browsers) gt high security
  risk
• Web servers can be easily misconfigured gt
  provide security holes

14
Web Security Risks

• The servers hardware may not be secured
• Transmissions across the Internet are not secured
  hence web documents and interactive login session
  are vulnerable to eavesdropping
• Remote authoring and administration tools open
  security holes
• Many web accounts may need be created due to a
  high number of people involved in providing
  different information

15
Web Security (e.g)

• Possible attacks
• Integrity
• Modification of message
• Confidentiality
• Eavesdropping theft getting information about
  network configuration or which client talk to
  which server
• Denial of service
• Killing of user processes flooding servers with
  bogus requests filling up memory or disk etc.
• Authentication
• Impersonation of legitimate users data forgery

16
Web Security counter measures

• Integrity cryptographic check
• Confidentiality encryption (or using Web proxies
  this is not an absolute solution)
• Denial of service Difficult to prevent
• Authentication Cryptographic techniques

17
Web Security counter measures

• Other web security issues can be minimized by
• Carefully design and test CGI scripts and other
  added programs
• Do the configuration carefully
• Do not provide more web accounts than necessary

18
Danger of Malicious Programs

• Systems such as Microsoft Outlook make it very
  simple to send anything to anyone and to work
  with objects that are received
• Mobile-program systems such as Java based system,
  ActiveX based system, Mobile-agent based system,
  allow programs to move on their own from one
  system to another gt malicious programs can take
  advantage and spread quickly (modern software
  systems tend to allow mobile agents and program
  migrations see P.D Le, B. Srinivasan and P.
  Granville, "A Prototype Tool to Support Migration
  in Distributed Environments", Proceedings of the
  2nd International Symposium on Applied and
  Corporate Computing, pp. 53-62, 1994. )

19
Taxonomy of Malicious Programs
Independent
Need Host Program
Trapdoors
Logic Bombs
Trojan Horses
Viruses
Bacteria
Worms
Zombie
19
20
Malicious Programs

• Logic bomb coded embedded in some program that
  is set to explode when certain conditions are met
• Trapdoor a secret entry point (often for
  debugging purpose) in a program that allows
  someone to gain access without going through
  normal procedure
• Trojan horse instructions hidden inside an
  otherwise useful program that do the bad things
• Bacteria programs that replicate themselves to
  fill disk and memory or to take up CPU
• Worm a program that replicates itself by
  installing copies of itself on other machines
  across network

21
Malicious Programs

• Zombie malicious code installed on a system that
  can be remotely triggered to carry out some
  attack with less traceability.
• Virus code that, when executed, inserts copies
  of itself into another program the infected
  program, when executed, will execute the virus

22
Malicious Programs - Virus

• Virus can be embedded into a program in different
  fashion (pre-pended, post-pended, pre-defined
  point, etc)
• Most viruses are designed to work for particular
  OS or environment
• They are designed to take advantage of the
  weaknesses of a particular system or software
  platform
• Virus can do anything a program can do it
  attaches itself to a host program and executes
  secretly when the host program is run

23
Simple Structure of A Virus
Do-damage () do-whatever-damage-you-like
InfectedProgram Goto virus_main Label_for_virus
Virus_main Infect_executable () if
Trigger-pulled () Do-damage ()
Trigger-pulled () if some condition holds
return true else return
false
Infect_executable () loop AFile
randomly get an executable file if there
is Label_for_virus (file already infected)
goto loop else prepend Virus to
AFile
24
Malicious programsImmune System
Virus analysis machine
Virus infected client machine
Analyse virus behavior and structure
Administrative machine
client machine
A Private Network A
client machine
Extract signature
Administrative machine
client machine
Derive prescription
A Private Network B
client machine
Individual user
25
Malicious programsImmune System

• Each computer (client) has a monitoring program
  running
• The monitoring program tries to find a
  thought-to-be infected program
• If there is one, then the client forwards a copy
  of that program to administrative machine within
  the organisation
• The administrative machine (AM) encrypts the
  suspicious program and sends it to a virus
  analysis machine (VAM)
• The VAM creates an environment in which
  suspicious program can be run safely for analysis
• The VAM produces a prescription for treatment and
  sends it back to the AM
• The AM forwards the description to the client and
  others
• With this method subscribers can receive
  antivirus updates

26
How to Protect your Systems against Malicious
Programs (MP)

• There are many ways to enhance your system
  security such as using encryption, firewall,
  security at different layers, etc
• However, there is no absolute way to protect your
  system against malicious programs
• Modern computer systems allow mobile programs and
  services via Web, Email, Internet software
  products and the like
• MPs will be the main security concern for modern
  computer systems

27
MP and Security

• How to prevent MPs from quickly spreading
• Should your system provide rapid response so that
  MPs can be stamped out almost as soon as they
  are introduced? How can it be done?
• Should your systems be able to automatically
  capture new MPs when it enters your organisation
  computer system?
• Should your system dynamically inform other
  systems so that they can analyse, detect and
  possibly remove MPs?
• Dynamically provide tools for diagnosis
  treatment, etc.

28
Malicious Program Detection System (MPDS)
Overview
Quantum machine
Common Administrative machine
Virtual machine 1
Virtual machine 2
Network 2
Network 1
Network 3
Virtual machine 3
Virtual machine N
29
Proposed Malicious Program Detection System

• Reason Modern computer systems allow mobile
  programs and services via Web, Email, Internet
  software products and the like
• Such systems are more vulnerable due to the
  nature of the services they provide and the heavy
  interactions between users and the systems
• Goals
• The proposed system attempts to reduce the impact
  of MPs attack
• The idea can be applied at organisation level or
  larger scale

30
How MPDS works?

• MPDS requires that if an application allows user
  interactions, then it must be constructed to
  allow corresponding non-interactive options
• This requirement is reasonable since it allows
  automatic software testing, analysis and
  correction
• Modern software are object-oriented and hence it
  facilitates both interactive and non-interactive
  options

31
Main components of MPDS

• A quantum or extremely fast computer (FC) is used
  as a simulation and detection centre on which
  many different software platforms can
  concurrently reside
• A common administrative machine (CAM) forwards
  all incoming messages to FC
• FC delivers messages to FC for analysis and
  checking
• If the analysis and checking says Not O.K, then
  messages are marked unsafe and sent back to CAM
• CAM forwards unmarked messages to intended
  destinations or rejects marked messages

32
Further research reading

• Security achievement is related to planning more
  than fixing, we encourage you to
• Discuss the trend of web, Email applications and
  other Internet services
• Attempt to provide some conceptual models to deal
  with threats from MPs