Security, Information Security, And Mirai Botnet Attack

The C.I.A Triad Characteristics

Information security is used to describe the tasks of protecting information in a digital form. To better understand the concepts of information security, you should be familiar with the key characteristics of information, which are expressed in the C.I.A triad characteristics, as shown in the follow figure:

• Explain these three key objectives of information security.
• Given examples of integrity, confidentiality and availability requirements associated with an automated cash deposit machine in which users provide a card or an account number to deposit cash.

• The three key objectives of information security are:

Integrity – This is one of the property of the guarding of information systems against the modification of information or destruction (Jouini, Rabai and Aissa 2014). This property also ensures the accuracy of information, non-repudiation and the authenticity of information. This property within the context of information systems should refer to the method of ensuring that the data is accurate, real and thus safeguard the systems from any form of modification of data from unauthorized users.

Confidentiality – This property defines the act of preservation against unauthorized form of access and disclosure of information. This property also defines the protection of proprietary information and personal privacy. The main aim of confidentiality would be meant for ensuring that the primary information should be hidden from the unauthorized people, the principle of confidentiality dictates the fact that the information should be solely viewed by those people who would have the right privileges (Von Solms  and Van Niekerk 2013). 

Availability – This property defines the reliable and timely access of information. This also defines the proper use of information. The property of availability also depicts the defending of various resources and information systems in order to ensure reliable and timely access to information. The aspect of availability of information within the information systems would refer to the ability of the user for accessing information or any form of resources within a specified location (Demchenko et al. 2013).

The availability of data within an information system should be ensured with the help of storage that might be set in a local format or they can even be gathered from an offline facility. Hence, the availability of information should be achieved at all times for the proper benefit of the users (Ren et al. 2015).

The automated cash deposit machine should be responsible for the confidentiality of personal identification numbers within the host systems and also during the transmission process of transaction (Narteh 2015). The system should also be able to secure the integrity of the records of account and individual based transactions. There is also another property known as availability. The property of availability within the host system is extremely important for the economic benefits of the individual. The three essential properties of confidentiality, integrity and availability are thus extremely crucial from the perspective of automated cash deposit machine. These properties would be necessary in order to deal with the security aspects of individuals.

Information Security and Automated Cash Deposit Machine

Security experts have discovered that many Internet of Things (IoT) devices including routers, DVRs and cameras could be potentially recruited into botnet because of a malicious software program Mirai, which emerged in 2016 and possibly becomes one of the biggest IoT-based malware threats. Hackers could use such malware to scan insecure Linux-based connected devices, enslave them into a botnet network, and used that to launch massive DDoS attacks to make internet outage, such as  an attack on 20 September 2016 on computer security journalist Brian Krebs’s website, an attack on French web host OVH and the October 2016 Dyn cyberattack.

• Explain what a DDoS attack is and give basic steps to launch such a DDoS attack in this case study;
• Research the Mirai malware to indicate possible issues of vulnerable devices and provide at least two strategies to prevent such botnet from spreading;
• Discuss types of hackers/attackers (such as white/black hat hackers) playing different roles in this case.

A distributed denial-of-service (DDoS) attack could be defined as an attack in which several compromised systems of computing would be able to attack a target that might include servers, network resource or certain websites. They would then be able to launch a denial of service for the specific target users (Wang et al.2015). 

1. The BOT would discover the new device in which the attack would be set.
2. Details of the information systems are being sent to Command and Control Center (CnC).
3. The CnC would transfer viruses into the new computing devices.
4. The CnC would then command the BOT systems for attacking the victim (Deshmukh and Devadkar 2015).

(“The Mirai Botnet: All About the Latest Malware DDoS Attack Type | Corero”, 2018)

The Mirai malware is a self-propagating virus. The source code was available publicly by the developer after a publicized attack on the website of Krebbs. The source code was used to launch attacks on various network infrastructure. The inbuilt code of Mirai Botnet infects the devices with the use of telnet (Kolias et al.2017). The Mirai malware is mainly responsible for turning the networked devices that are running on the Linux platform into a form of remotely controlled bots, which could be used within a part of the botnet as a part of a larger form of attacks on the network. This malware mainly targets online devices that are used by customers that would include home routers and IP cameras. The source code of the Mirai malware was mainly based on open-source and the techniques used within the malware have been majorly adopted within other forms of malware based projects.

The strategies for the prevention of botnets are being set by the Corero SmartWall Threat Defense System (TDS). The Security Operations Team has a deep experience for dealing with the attacks and thus be able to mitigate the attacks (Ullah, Khan and Aboalsamh 2013).

Hackers could use such malware to scan insecure Linux-based connected devices, enslave them into a botnet network, and used that to launch massive DDoS attacks to make internet outage, such as  an attack on 20 September 2016 on computer security journalist Brian Krebs’s website, an attack on French web host OVH and the October 2016 Dyn cyberattack (Zheng, Sun and Lui 2013).

The Mirai Botnet Attack

The hackers who were responsible for the attack made use of malware for scanning connected computing devices that were operated on Linux platform. These hackers were mainly categorized as black and white hackers.

Integrity protection is used to guard against improper information modification or destruction, including ensuring information nonrepudiation and authenticity.

• Calculate message-digest fingerprints (checksum) for the provided files shattered-1&2.pdf:

	MD5	SHA1	SHA256
shattered-1.pdf
shattered-2.pdf

• Explain why the Hash algorithm SHA256 is more secure than MD5 and SHA1;
• Based on the derived results in (1), explain why the Google Company announced that they achieved successful SHA-1 collision attack in the early of last year (2017).

• For shattered-1.pdf:

MD5: ee4aa52b139d925f8d8884402b0a750c

SHA1: 38762CF7F55934B34D179AE6A4C80CADCCBB7F0A

SHA256: 2bb787a73e37352f92383abe7e2902936d1059ad9f1ba6daaa9c1e58ee6970d0

For shatterd-2.pdf:

MD5: 5bd9d8cabc46041579a311230539b8d1

SHA1: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a

SHA256: d4488775d29bdef7993367d541064dbdda50d383f89f0aa13a6ff2e0894ba5ff

SHA256 is secure than MD5 and SHA1 as it does not possess any such known attacks against any form of hash collision. The hash algorithm MD5 is comprised in the regards of attacks as there are several ways to detect alterations to put an end or start at a payload in order to make it valid (Roshdy, Fouad and Aboul-Dahab 2013). SHA1 also has some form of minor compromises within the regards as this form of algorithm has been recently discovered. However, the issues found in SHA1 are comparatively less severe than the issues found in MD5.

Google had announced that they had performed the successful form of collision attack based on popular SHA1 cryptographic hash function for the initial time. The attack of collision demonstrated a form of algorithm for the purpose of making two unique maps of input for the same form of hash output. The usage of SHA1 would be put at risk for the purpose of verification of the integrity of data.

An attacker might be able to implement a malicious file within the system in order to penetrate or gain access to the backup systems that would mainly rely on SHA1 hash algorithm for the purpose of checking of the integrity of the data and deliver a form of malicious update to their clients that would use the SHA1 in order to verify the file that is meant to be updated. They are also meant to attack and thus decrypt the encrypted form of connection within a particular website where the browser of the user would be making use of the SHA1 algorithm. 

In order to demonstrate the success of the algorithm, Google had published two unique forms of Portable Document Format (PDF) files that would have identical form of SHA1 hash function. Google would recommend every user who would make use of SHA1 for switching to the SHA256 or SHA3 that possess strong form of cryptographic hash functions. The software and operating systems mostly depend on SHA1 for the purpose of verification of the integrity of files while distributing updates to their users within ISO checksums.

Prevention of Botnets

RSA is an algorithm to encrypt and decrypt messages. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described RSA in 1978. A user of RSA creates and then publishes the product of two large prime numbers along with an auxiliary value as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message. However, with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message.

• Explain how RSA can be used to achieve the cryptography (encryption and decryption) and digital signatures;
• If two prime numbers, p = 3 and q = 11, are given, use RSA algorithm to generate a public key and a private key;
• Explain the main weakness of digital signatures and how this weakness can be compensated for.

• The rapid use of digital signatures are gaining a high level of importance. In the recent times, there are a high level of dependency on the digital signatures. These are mainly included as a main part of digital certificates that are presented by a server for the purpose of identification of a client. The digital certificate is able to bind a public key with the added form of identity. This would thus enable the receiver for the verification of the digital signature of the sender (Rewagad and Pawar 2013).

The use of digital signatures are meant to validate the integrity and availability of any form of electronic data. In order to create a digital signature, the software meant for signing would create a one way hash of the data that would be meant for signing. The private key would then be used in order to encrypt the hash. The encrypted form of hash with the additional form of other information such as the hashing algorithm is known as the digital signature. 

The cryptosystem based on RSA public key and the scheme of digital signature are widely being deployed in the recent times. Hence, these have become as the essential form of building blocks in order to create the emerging form of infrastructure based on the public key (Singh 2013). There are various form of electronic transactions that have also embraced this form of technology for the purpose of associating documents, perform different form of internet based transactions, with the help of the true originator in order to ensure the property of integrity.  

• p = 3, q = 11, e = 7, m = 5

n = p * q = 3  * 11 = 33

f (n) = (p-1) * (q-1) = 2 * 10 = 20

Hence, we would need to compute d = e^-1 mod f (n) with the help of the backward substitution of GCD algorithm:

According to GCD:

20 = 7 * 2 + 6

7 = 6 * 1 + 1

6 = 1 * 6 + 0

Therefore, we have:

         1 = 7 – 6

= 7 – (20 – 7 * 2)

= 7 – 20 + 7 * 2

= -20 + 7 * 3

Thus we obtain d = e^-1 mod f (n) = e^-1 mod 20 = 3 mod 30 = 3

Hence, the public key is {7, 33} and the private key is {3, 33}.

1. The private key should be kept securely. Loss of the private key could be the reason of causing severe form of damage since anyone could make use of it.
2. The entire process of generation and the verification of digital signatures would require a considerable amount of time.
3. When the digital signature is not verified by the help of the public key, then the receiver of the message would mark the message as invalid without the knowledge that the message was corrupted.

The weaknesses of the digital signatures could be compensated with the proper use of the private key that should be kept in a secured manner. Digital signatures should provide a higher level of authenticity as it does not ensure the confidentiality of data. Hence, there should be other proper methods of encryption and decryption that should be needed to be implemented (Tsai, Lo and Wu 2014). 

Hash Algorithms and Vulnerabilities

Moving toward a more secure web from HTTP to HTTPS is a well-known Google initiative. Early 2018, a proposal was posted by Emily Schechter (product manager of Chrome Security) to mark all HTTP pages as definitively “not secure” and remove secure indicators for HTTPS pages.

HTTPS usage on the web has taken off as Chrome security indicators have been evolved. Later this year (2018), several more steps will be taken along this path.

Previously, HTTP usage was too high to mark all HTTP pages with a strong red warning, but in October 2018 (Chrome 70), Chrome will starts showing the red “not secure” warning when users enter data on HTTP pages.

These changes continue to pave the way for a web that’s easy to use safely, by default.

• Differentiate between HTTP and HTTPS;
• Discuss advantages and disadvantages of migration form HTTP to HTTPS;
• Explain how to enable HTTPS on servers.

• The differences between HTTP and HTTPS are as:

HTTP (Hyper Text Transfer Protocol) is a form of protocol that would permit the users of World Wide Web in order to transfer information such as text, images, video, music and other form of files that are kept on the web pages. The HTTP is mainly used for accessing HTML pages and various other form of resources that could be easily accessible with the use of HTTP. It is also a form of request-response protocol within the model of client-server computing.

HTTPS (Hyper Text Transfer Protocol Secure) is a form of protocol that makes use of an encrypted form of HTTP connection within the transport layer security. When the clients would exchange some form of private information with a server, it would be needed to be secured for the purpose of prevention against any form of issue based on hacking. Hence, the HTTPS protocol was introduced for the purpose of allowance of authorization and secured form of transactions (Naylor et al. 2014).

• The advantages of migration from HTTP to HTTPS are:

1. Security is one of the major concern for a website that would ensure the protection of websites and devices against any forms of hacking or security breaches.
2. With the use of HTTPS, users would be able to track the traffic of websites and thus measure the performance
3. HTTPS helps within the Search Engine Optimization (SEO) with the improvement within the ranking of the sites within the results of search engine (Korol, Slesarev and Nechai 2014).

The disadvantages of the migration from HTTP to HTTPS are:

1. The speed of accessing a particular website is one of the factors of ranking. The improper form of implementation of HTTPS would lead to lagging form of communications between servers.
2. The costs of migration from HTTP to HTTPS would affect most of the businesses. The costs might reach to tremendous amounts based on the type of businesses and jjthe websites that they would use.

1. The SSL certificates should possess their own dedicated IP address. With the help of a dedicated IP address, the traffic should reach to the designated IP address.
2. A SSL certificate should be created and purchased.
3. After the certificate should is purchased, the certificate should be activated.
4. On proper form of activation, the certificate should be installed on the basis of SSL/TLS menu.
5. After the successful form of installation, the website should be updated in order to make proper use of HTTPS protocol (Durumeric et al. 2017).

Reference

Demchenko, Y., Grosso, P., De Laat, C. and Membrey, P., 2013, May. Addressing big data issues in scientific data infrastructure. In Collaboration Technologies and Systems (CTS), 2013 International Conference on (pp. 48-55). IEEE.

Deshmukh, R.V. and Devadkar, K.K., 2015. Understanding DDoS attack & its effect in cloud environment. Procedia Computer Science, 49, pp.202-210.

Durumeric, Z., Ma, Z., Springall, D., Barnes, R., Sullivan, N., Bursztein, E., Bailey, M., Halderman, J.A. and Paxson, V., 2017, February. The security impact of HTTPS interception. In Proc. Network and Distributed System Security Symposium (NDSS).

Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.

Kolias, C., Kambourakis, G., Stavrou, A. and Voas, J., 2017. DDoS in the IoT: Mirai and other botnets. Computer, 50(7), pp.80-84.

Korol, M., Slesarev, V.V. and Nechai, N.M., 2014. Search Engine optimization.

Narteh, B., 2015. Perceived service quality and satisfaction of self-service technology: The case of automated teller machines. International Journal of Quality & Reliability Management, 32(4), pp.361-380.

Naylor, D., Finamore, A., Leontiadis, I., Grunenberger, Y., Mellia, M., Munafò, M., Papagiannaki, K. and Steenkiste, P., 2014, December. The cost of the S in HTTPS. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies (pp. 133-140). ACM.

Ren, Y.J., Shen, J., Wang, J., Han, J. and Lee, S.Y., 2015. Mutual verifiable provable data auditing in public cloud storage. ????????, 16(2), pp.317-323.

Rewagad, P. and Pawar, Y., 2013, April. Use of digital signature with diffie hellman key exchange and AES encryption algorithm to enhance data security in cloud computing. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on (pp. 437-439). IEEE.

Roshdy, R., Fouad, M. and Aboul-Dahab, M., 2013. Design and Implementation a New Security Hash Algorithm Based on MD5 and SHA-256. International Journal of Engineering Sciences & Emerging Technologies, 6(1), pp.29-36.

Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).

The Mirai Botnet: All About the Latest Malware DDoS Attack Type | Corero. (2018). Retrieved from https://www.corero.com/resources/ddos-attack-types/mirai-botnet-ddos-attack.html

Tsai, J.L., Lo, N.W. and Wu, T.C., 2014. Weaknesses and improvements of an efficient certificateless signature scheme without using bilinear pairings. International Journal of Communication Systems, 27(7), pp.1083-1090.

Ullah, I., Khan, N. and Aboalsamh, H.A., 2013, April. Survey on botnet: Its architecture, detection, prevention and mitigation. In Networking, Sensing and Control (ICNSC), 2013 10th IEEE International Conference on (pp. 660-665). IEEE.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Wang, B., Zheng, Y., Lou, W. and Hou, Y.T., 2015. DDoS attack protection in the era of cloud computing and software-defined networking. Computer Networks, 81, pp.308-319.

Zheng, M., Sun, M. and Lui, J., 2013. Droidanalytics: a signature based analytic system to collect, extract, analyze and associate android malware. arXiv preprint arXiv:1302.7212.