Cyber Security Trends and Challenges
Prof. Heejo Lee
Dept. of Computer Science and Engineering
Korea University,
Contents
Considerations for the future
Research challenges
Legal issues and investigation
Cyber security attack trends
Introduction
2
1
3
4
5
• The cyber security market is expected to grow at a compounded annual
growth rate of 11.3% to reach $120 billion during 2011-2017
Cyber Security Markets
http://marketrealist.com/2014/12/cyber-security-presents-opportunity-symantec/
http://www.bankinfosecurity.com/Obama-proposes-14-billion-cybersecurity-budget-a-7867/op-1
• The detected security incidents in 2014 have increased 12 times
compared to the security incidents in 2009
– PwC survey from 9,700 CEOs/CSOs in154 countries
Incidents and Financial Impact
Continue to Soar
http://www.pwc.com/gx/en/consulting-services/information-security-survey/key-findings.jhtml reports/rp-economic-impact-cybercrime2.pdfhttp://www.mcafee.com/us/resources/
<Net Losses: Estimating the Global Cost of Cybercrime, June 2014> <Global state of information
CYBERSECURITY ATTACK
TRENDS
Cyber Security Trends
• Sep 23, 2013 iPhone 5s fingerprint vulnerability
• Nov 12, 2013 ISS attacked by ‘virus epidemics’
• Apr, 2014 Heartbleed, OpenSSL vulnerability
• Nov 24, 2014 Sony Pictures Entertainment hack
• Mar, 2015 Newer aircraft Wi-Fi vulnerability
iPhone Fingerprint Authentication
Vulnerability
• German hacker group Chaos Computer Club(CCC) hacked iPhone with
TouchID, Sep 23, 2013
– A fingerprint of the phone user, photographed from a glass surface, is enough – It simply has a higher resolution than previous sensors, so all the CCC
needed to do was increase the resolution of its fake
http://www.telegraph.co.uk/technology/apple/iphone/10327635/iP hone-5s-fingerprint-sensor-hacked-within-days-of-launch.html
Virus Epidemics in Space
• Nov 12, 2013 ISS attacked by ‘virus epidemics’
• Infected International Space Station(ISS) computers and laptops through
the USB memory of the Russian cosmonaut brought a laptop
– Kaspersky guessed virus ‘W32.Gammima.AG’ or a type of Trojan virus ‘GameThief.Win32.Magania’
• To enhance the security and reliability of the computer system,
OS is changed from Windows XP to Linux
OpenSSL HeartBleed Vulnerability
• A security bug for OpenSSL library disclosed in April 2014
– Half a million of the Internet secure web servers were to be vulnerable
– Many other systems such as network equipments and security solutions were also vulnerable, including 75 Cisco routers and switches
http://unseennow.com/blog/protect-heartbleed-bug/ https://en.wikipedia.org/wiki/Heartbleed
http://www.pocket-lint.com/news/131937-sony-pictures-hack-here-s-everything-we-know-about-the-massive-attack-so-far
• Nov 24, 2014. Hacked by Guardians of Peace (GOP)
• ‘The Interview’ the film believed to have been the reason
– The film’s plot involving the CIA planning to kill the secretive nation’s supreme leader Kim Jong-un
• The hackers have obtained some100 terabytes of data stolen from Sony
– Estimated that the cost to fix the breach will be in the region of $100 million
• The director of the FBI has defended his bureau’s claim that the hacking
attack was the work of the North Korean government
Newer Aircraft Vulnerable to Hacking
• Mar, 2015. The planes include the Boeing 787 Dreamliner, the Airbus
A350 and A380 aircraft were reported to have vulnerabilities
– The main plane computers and passenger internet area are physically networked
• Airplane Wi-Fi hacking could take full control of the plane
– Main computers including control, navigation and communication systems
LEGAL ISSUES AND
INVESTIGATION
Legal Issues in Cloud Computing
• By storing the data to cloud, criminals can avoid the legal issues
– Organizations don’t know where the data is located
http://www.cyberlawconsulting.com
http://www.mondaq.com/turkey/x/400668/Data+
Protection+Privacy/Critical+Legal+Issues+In+Cloud+Agreeme nts
International Collaboration for Global Incidents
• Computer Security Incident Response Team (CSIRT)
– A reliable and trusted single point of contact for reporting computer security incidents worldwide
• Forum of Incident Response and Security Team (FIRST)
– A premier organization and recognized global leader in incident response
• Asia Pacific Computer Emergency Response Team (APCERT)
– Work to help create a safe, clean and reliable cyber space in the Asia Pacific Region through global collaboration
DDoS Attacks (1/3)
• A Distributed denial-of-service (DDoS) attacks is an attempt to make a
machine or network resource unavailable to its intended users
• One of the main threat to the cyber security
<DDoS attack diagram>
http://hackmageddon.com/2015/01/13/2014-cyber-attacks-statistics-aggregated/
DDoS Attacks (2/3)
• Distributed reflection denial of service attack
– Using IP address spoofing, the source address is set to that of the targeted victim, which means all the replies will go to (and flood) the target
DDoS Attacks (3/3)
• DDoS attacks continue to represent an insidious threat, with an alarming
increase in the Simple Service Discovery Protocol reflection attacks
20
Defense Strategies and Cyber
Shelter for DDoS Attacks (1/4)
Resilient topology & DNS load balancing
Dependable server design URL splitting
ISP on-demand filtering
• Broader DDoS Solutions
– No single effective solution
Defense Strategies and Cyber
Shelter for DDoS Attacks (2/4)
• Dependable Servers
– Servers are more susceptible to DDoS than networks
• Even though DDoS traffic filtered, a server can be suffered from unfiltered attack traffic
– URL splitting
• Light weight first page in one server, redirect to next page in a different server • Load sharing with multiple servers
Defense Strategies and Cyber
Shelter for DDoS Attacks (3/4)
• Resilient Topology
– Resiliency of network topology
• Avoid single point of failures via link congestion
– Disperse replicated servers
Defense Strategies and Cyber
Shelter for DDoS Attacks (4/4)
• DDoS Shelter Service
– Reroutes attack traffic
• Destined for the targeted website to the Shelter and cleans it
– All traffic to the website will be collected by the Shelter to cope with the attack for a certain period of time
Malware in Documents
• Hangul Document Exploit
– Put the shell code to heap area in the document for exploiting the vulnerability of HWP word processor
– OS shut down after a while and print the message ‘Who Am I?’ <Attack simulation in .hwp vulnerability>
• Detecting Android malware variants by family signature
• New approach using CodeGraph system and android API
Discovering Android Malware
using Behavior Signature
• Jonghoon Kwon, Jihwan Jeong, Jehyun Lee, Heejo Lee, “DroidGraph: Discovering Android Malware by Analyzing Semantic Behavior", IEEE Conf. on Communications and Network Security (IEEE CNS), Oct. 29. 2014.
• Suyeon Lee, Jehyun Lee, Heejo Lee, "Screening Smartphone Applications using Behavioral Signatures", IFIP Int'l Information Security and Privacy Conference (IFIP SEC), Vol. 405, pp. 14-27, Jul. 8. 2013.
Detecting Repackaged Malapps
using Software-based Attestation
• MysteryChecker
– Verifier randomly generates an attestation module
– Verifier transfers a new attestation module to target, and the target replies an attestation result
26
• Chanyoung Lee, Dongwon Seo, Jihwan Jeong, Jonghoon Kwon, Heejo Lee, “MysteryChecker: Unpredictable Attestation to Detect Repackaged Malicious Applications in Android”, IEEE Conf. on Malicious and Unwanted
CONSIDERATION FOR THE
FUTURES
• Almost 40% of adults rarely protect themselves against cyber crooks
• National Crime Agency (NCA) has started a security awareness campaign
Security Awareness (1/2)
28
• NCA is urging you to be careful when using the internet
– Device’s software up-to-date
– Not opening files on a website or email from suspicious sources – Being cautious when putting USB sticks and CDs into computer
• Cyber Streetwise campaign provides easy tips so that users stay safe
online
Security Awareness (1/2)
Security Awareness Training
Youth IT security camp
• Is held by MSIP since 2012
• Plants the security
awareness in young people
V School
• Is held annually by AhnLab since 2006 • Is corporate social
Human Resource Development (1/2)
Best of Best (BOB) program
• Is started from 2012
• A stepped mentoring program with top security experts • A practice education and project of utility knowledge-based • continuous support to white hackers for entering the workforce
Human Resource Development (2/2)
CODE GATE (Hacking conference)
• Is the world-class global event on information protection to foster the global experts
• Capture the flag (CTF) sample problem
INCOGNITO (Hacking conference)
• Is a name for the Korean university computer security club union
created in 2012
• The members are 12 universities including Korea Univ, POSTECH, KAIST, and SNU.
CSIRT Training Program
APISC Security Training Course
• Since 2005 KISA has been implementing the Asia-Pacific Information Security Training Course (APISC)
• Program
• 1-day on Information Security in Korea • 1-day for economy update by participants
HRD Programs in Information Security(1/2)
• Undergraduate and graduate course for information security
– Information security departments in undergraduate course are established in 2002 from KCC of IT resources development project
– Graduate course
• 21 courses in general graduate school • 11 courses in special graduate school
Universities Students Graduate (2014) Undergraduate degree program 36 5,701 545 Graduate degree program 32 1,241 281 http://isis.kisa.or.kr/ebook/swfViewPage.jsp?type=2015
• Selection of information security specialized university in Korea, June 2015
– Curriculum operation: incident response, digital forensics, cyber security – Collaborative projects with enterprises
Korea university Seoul women’s university Ajou university
HRD Programs in Information Security(2/2)
