Week8 Lecture reflection

This week, the lecture covers Human error, mistakes and incident response.

If something goes wrong what is the root cause:

1.user error

2.culture

3.?-> the actual cause

Human Weaknesses

Honesty - commander in cheat

Misdirection and limited focus and Chekhov  1

Magicians commonly use misdirection to perform magic, and is similar to social engineering

people are bad a picking the right features for focus

logically important vs psychologically salient

similarity matching

frequency gambling

what has worked in the past will work in the future

availability heuristic - Kahneman 3

developmental phases - goed and breaked 2

procedural

meta-procedural

conceptual

privacy

right to be free of surveillance

If we use VPN we should trust VPN provider. If VPN provider is bad, our loss will be greater than wothout using VPN 

Digital forensics

Consist of 3 Steps:

Acquisition or imaging

Analysis 

Reporting the evidence 

Types:

Computer Forensic

Mobile Device

Network Forensics

Database Forensics

Video/Audio Forensics

Tools

enCase

Autopsy

FTK Imager

The China syndrome will be the exam film.

Simple RSA code

HMAC code

SHA1 code

Week7 tutorial review

This week, we learn some computation details about RSA.

p=5, q=7

n=pq=35

z=(q-1)(p-1) = 24

e = 5(e is a coprime of z)

de mod z = 1 choose d=29

12^e mod n = c (cipher text)

c^d mod n = 12(decipher)

We also talked about CBC, EBC, CTR

CBC: use a random vector to start encryption, and use the encryption message as the vector of next encryption.

EBC: divide the message into chunks of 128bits and encrypt seperately.

CTR: Encrypt increasing counter value and a nonce, then Xor plaintext to output cipher text.

Thanks for broadening my horizon by sharing this blog. For now, Quantum Cryptography Communication is not easy to popularize due to the cost and also no urgent need of using this tech for citizens. However, in the future, with the development of computation capacity, Quantum Cryptography Communication would be considered to be used in daily communication.

Week7 security everywhere

Quantum Key Distribution System

The breaking progress in the Quantum Cryptography Communication field is a paper published in Nature Photonics named “Experimental quantum repeater without quantum memory”[1]. After deep research in this paper, although I don’t understand the math formula, I know what they are doing and which issue they need to solve. Quantum Communication is always implemented by Quantum Key Distribution System which is a subset of Quantum Cryptography Communication. It is a mechanism can help to exchange keys (such as symmetric keys) to be absolutely secure. Traditional cryptography algorithm is based on mathematical difficulties such as decomposition of quality factors. If this mathematical difficulty can be computed with little cost or improvement in computation capacity will lead to failure of this encryption algorithm. Quantum key distribution system, however, does not need to worry about the mathematical attack because the movement of quantum entanglement is truly random, the length of bits can be arbitrary depending on how long you operate the quantum entanglement and the quantum entanglement have no regular repeat. There are two medium implementing this key distribution system successfully which are optical fiber and satellite. For satellite, it can cover the entire earth easily but hard to achieve and extremely expensive. Just imagine the satellite send only one quantum to the earth and that quantum received accurately by the target receiver on the earth with an acceptable SIR. So far, only China can achieve Quantum key Distribution System by satellite[2]. For fiber, it is cheap but can only maintain a short distance between two repeaters. In this way, a lot of repeaters are essential to communicate between two cities with long distance. The hacker can intercept the optical fiber between the repeaters but cannot get the information from the quantum. The only way to break it is through a physical break, which is to break the repeaters and get the keys from the quantum memory because the keys are temporally received from the previous repeater and going to send towards to the next repeater. This is a critical vulnerability for this kind of secure communication. This paper is going to overcome this issue by setting the quantum repeater without memory, which means that any repeaters can receive the quantum but they have no idea what the message(key) is and only the sender and receiver can read the keys by quantum pair. This technology had been verified by experiments. If this technology can be implemented successfully, the two sides can make sure that the shared key is only known by themselves, no one can break it in between. The physical attack can stop them from exchange keys, but cannot break both the key or encrypted packets using that key except brute-force attack. This technology is quite useful but in a short period of time, it is mainly for military use. I hope citizens could use this kind of technology in the further to make internet communication more secure.

Source:

[1]: https://www.nature.com/articles/s41566-019-0468-5

[2]: https://en.wikipedia.org/wiki/Quantum_Experiments_at_Space_Scale

I like your point of view. Your opinion is not radical and is quite logical. However, all the tech development is based on education.

Week 6 security everywhere

National security

The biggest news this week is Google Home secretly record the user audio when no wake-up word is used[1]. This news unsurprisingly raised people concern about the security issues, but as what I mentioned before, there is no way to solve the privacy issues thoroughly as a citizen unless you can live without any electronic devices and services from Google or Apple. I had discussed a lot about the topic of privacy, so I am not going to repeat what I was mentioned. Since the activity let us discuss whether Australia should buy devices from the Chinese company and the case study ask for advice to prevent the cyber-attack from attack. Those topics are all related to national security, so I would like to share my point of view. There is a big difference between national safety and security.

As for national safety, it is easy to achieve for Australia. We all know that America is one of the closest allies with Australia and there are even four the United States military bases located in AU[2]. If Australia fully trust America and the shared interest and the common ideology can maintain for a long period of time, the issue of national safety will become much simpler because America is the leader in the world with the top military power and investment. Why we need to develop our own chips, telecom technology and weapon if US promise to protect the AU and can provide the best quality products with reasonable price. The example could be Japan and South Korea, all weapon from the US but really have no ability to say no to the US.

However, if Australia hopes to protect its own national security, then no one could trust, the only way to achieve this is developing its own chip, weapon and telecom equipment. The Iraqi war shows us what the modern war looks like. The chip inside of a printer had a virus and when the war broke out, the US used that virus to misleading and disable the military control system including radar system[3]. One printer, one virus, one disabled Iraqi air defence. This war educated some nations such as China that nuclear weapons are not enough to ensure national security. Some important components , especially for military use, should be self-developed and self-made[4]. That is why China start to develop both the chip design and manufacture. After 20 years, all chips used by satellite, military, supercomputer and most chips of telecom system are self-designed and self-manufactured[5]. The performance of these chips may not as good as the chips from the US, however, it has to do so to prevent the same tragedy in Iraqi case. In this way, in a short period of time, the AU should still depend on equipment from a foreign country such as telecom equipment. I agree that Australia should avoid the equipment from Chinese company because of the huge difference in ideology and lack of trust, but other equipment from Nokia and Cisco should also be carefully checked in security aspect. The legislation is essential to rule all foreign company providing no backdoor equipment and Australia should also establish a dedicated department for risk assessment. However, in the long term, Australia should learn from the bought advanced equipment and allies such as America to imitate and finally develop its own technology and equipment. Australia is a big country and used to have a relatively complete modern industrial system, it should have the ability to develop its own hi-tech weapon and system, the only thing the Australian should do is made up the mind and the long term investment on R&D especially when the world is experiencing the process of De-globalization nowadays. After doing this, Australia will not only make money from equipment and weapon export but also improve the level of national security from installing a backdoor on the export device to monitor the intelligence from other countries. This learns and self-developed procedure may take a long time and huge investment and maybe under press from used allies, but it is the only way to ensure autonomy and national security.

Source:

[1] https://threatpost.com/google-home-recordings-domestic-violence/146424/

[2] https://en.wikipedia.org/wiki/List_of_United_States_military_bases

[3] https://www.theregister.co.uk/2003/03/10/one_printer_one_virus_one/  

[4] https://en.wikipedia.org/wiki/Science_and_technology_in_China

[5] https://en.wikipedia.org/wiki/Loongson

Tencent is a large company. I think such a company shouldn’t have this kind of flaw. It would be really dangerous if you did something bad at that time. I think they should not only set up gates and facial recognition tech at the front door of the building. Maybe they can install cameras with facial tech around all the corner inside the building to check who is not an employee of this building, but this is not easy to implement and may come across lots of troubles, like if a number of visitors visit this building, the staff should record their face in advance in the database. It is quite weird. Do you have some good suggestion about how to mitigate the impact of this flaw?

one of the most practical method for social engineering attack: Tailgating

The general way of tailgating and Cases happend on myself:

In layman’s terms, tailgating is when one is driving too close to the vehicle in front. In social engineering, tailgating is trying to be familiar with a person from the inside of the company in order to gain access. One common method of tailgating, which is often seen in movies, is when a person (a.k.a. the criminal) waits until an employee opens the door to the company building. The criminal then calls out for the employee to hold the door so he can go in. And that’s how the attacker gains access.

Large companies have sophisticated security systems or a front desk that often checks appointments. Small businesses, on the other hand, are more vulnerable. One well-mannered employee could easily provide access to a tailgater who could then gain access to sensitive information using company data.

What happened on me is that I used to walk around the headquarter of Tencent. At the beginning ,I just want to know where is that and what is the real environment of this company.

After I arrived the bus station near this Headquarter ,I found that  time  happens to be the lunch time  and lots of employee of Tencent come inside and outside this building 

Hence ,an idea came into my brain ,”Why not try to enter into their headquarter”.With this idea,I start to consider how can I cheat the gate security without carrying employee’s card . Quickly , I found that someone post that they used to visit this building for some event as a visitor. From this information ,I thought why not just enter into the building and pretend that I am an employee ,If caught by the security guard ,I can say that I am a visitor. So, I just walk arrogantly into the building.

However ,after I bypass the guard and in a good mood for the successful break in.Suddenly,I saw a row of facial recognition in front of me, I was really shocked and consider whether I should keep going into their working area . Finally ,I decided to enter , I thought that I have get through the security guards’ checking .If i stop ,I will be regretful in my next few years that I used to be really close to the mystery place but I didn’t enter into.Thus,I pretend that I was talking with my friend by mobile phone and follow the guy who is one step ahead of me. When his face match the system  and the gate opened ,I just follow him and I successfully break in this big technology company’s headquarter .

The content is quite surprised me, but I just wonder how a fitness app could find the military base?

Cases about the serious data security situation among apps

1,Fitness tracking app Strava gives away location of secret US army bases: 

This is the map that a solider drew while he was jogging in the military base of Afghanistan.It completely exposed the outline of this base and even detail of some secret facilities.In the past time ,all of these information may cost intelligence years of time and millions of money to collect.However, they can easily collect these details through mobile phone apps recently. 

2,UK air force in the Falkland Islands was exposed by heatmap

RAF Mount Pleasant in the Falkland Islands is lit up brightly on the heatmap, reflecting the exercise regimes of the thousand British personnel there – as are nearby Lake Macphee and Gull Island Pond, apparently popular swimming spots. 

3,The threat to global societies(American election)

Do you want candidate A to be elected into office? Find out which populations are most susceptible to political belief A, and then target them with mis- and disinformation that pushes them in the desired direction. Push the information  that is good for Candidate A to the first searched hashtags. In many cases, such targeted influence campaigns against specific populations can even make us think the ideas were our own.

This is what already happened with Cambridge Analytica and Russia interference in the 2016 U.S. presidential election, where cognitive flaws such as confirmation bias were exploited to encourage certain voting behavior.

4,How to counteract the social engineering attack among politics

The key to counteracting social engineering is awareness since social engineers are targeting our lack of cognition, our ignorance, and our fundamental biases. This awareness approach is twofold: first, we need to develop strategies and good practices to counter the social engineering itself; and second, we need to develop sustainable policies to mitigate its effects.

In a cybersecurity context, it’s not as easy to mitigate social engineering as it is to mitigate software and hardware threats. On the software side, we can purchase intrusion detection systems, firewalls, antivirus programs, and other solutions to maintain perimeter security. Attackers will certainly break through at one point or another, but strong cybersecurity products and techniques are readily available.

5,Principles of influence

Social engineering relies heavily on the six principles of influence established in Robert Cialdini’s Influence:The Psychology of Persuasion:

Reciprocity – People tend to return a favor, hence the pervasiveness of free samples in marketing.

Commitment and consistency – If people commit to an idea or goal (orally or in writing), they are more likely to honor that commitment because it’s now congruent with their self-image. Even if the original incentive or motivation is removed after they have already committed, people will continue to honor the agreement.

Social proof – People will do things that they see others doing.

Authority – People will tend to obey authority figures, even if they’re asked by those figures to perform objectionable acts.

Liking – People are easily persuaded by others that they like.

Scarcity – Perceived scarcity will generate demand. For example, by saying offers are available for a “limited time only,” retailers encourage sales.

AES code

AES code is quite similar to DES, but it encrypt message in block of 16 bytes(128bits). In addition, AES is slower than DES, but it is safer than DES.

DES code

In order to understand the DES I wrote a python code before.

Now in order to prove I have done this work, I choose to blog my code.

Python has some practical packages that we can directly import them. Then we should manually input IV and CBC key.

For encryption, the tricky part of DES code is that when we use CBC mode, then algorithm only encrypt the text whose length is the multiple of 8 bytes(64 bits), so we have to add paddings at the end of texts whose length is not enough. In my code, I just add a number of ‘\x00’ (each \x00 is one byte). I use the seak function to read the file in order to know where the file pointer is.

For decryption, we just do a reverse algorithm.

DES is faster than AES because the algorithm is easier, but it is easier to be hacked also.

Understand CA

 In order to understand the whole procedure of basic encryption method and some related concepts, I do a lot of research and write down my thoughts.

Why do we need to encrypt?

Because the content of http is transmitted in plaintext, the plaintext data will pass through multiple physical nodes such as intermediate proxy servers, routers, wifi hotspots, and communication service operators. If the information is intercepted during transmission, the transmitted content is completely exposed. Evil in the middle is also possible to tamper the transmitted information without being noticed by both parties. This is a man-in-the-middle attack. Hence, we need to encrypt the information. The simplest and easy to understand is symmetric encryption.

What is symmetric encryption? Use the same key to encrypt and decrypt the message.

Is symmetric encryption feasible?

No, if A wants to communicate B, A should first send a shared key to B. After they both have keys, they can use this pair of shared keys to communicate. However, if Evil in the middle intercept they key, all the following messages will be exposed.

What is asymmetric encryption?

There are two keys in asymmetric encryption. A public key and a private key. Each side of communication has its own private key. If the sender wants to start a connection, he should first send public key to receiver. The receiver receives public key and encrypts his message use public key. The sender receives the encrypted message and decrypts it using private key. Also, public key and decrypt messages encrypted by private key.

Asymmetric key + symmetric key, a seemingly feasible method

We can use two pairs of asymmetric key to encrypt and decrypt message. However asymmetric key is slower than symmetric key. Therefore, in practice, we use asymmetric key to encrypt symmetric key. After one side decrypt the message and get symmetric key, they use symmetric key to do encryption.

Is the above method secure?

No. If A wants to start a conversation and send his public key to B, Evil in the middle can intercept the public key that A send to B. Then Evil send his own public key to B. B thinks that is A’s public key and encrypts a shared key using Evil’s public key then send to A. Evil intercept the encrypted message and decrypt by his private key, then the Evil get the shared key that will be used to communicate in the future. Evil encrypts the shared key shared by B using A’s public key he gained in the previous session. A decrypts the message by his own private key and get the shared key. At this point, both B and A will not realize there is someone in the middle eavesdropping their conversation.

To solve the above problem, what can we do?

digital certificate and CA

Before using HTTPS, the digital certificate website needs to apply for a digital certificate to the “CA”. The digital certificate contains information such as the certificate holder and the public key of the certificate holder. The server transmits the certificate to the browser and the browser get the public key from the certificate. The certificate is like an ID card, which can prove that "the public key corresponds to the website." However, there is another obvious problem here. How to prevent tampering during the transmission of the certificate itself? How to prove the authenticity of the certificate itself? The ID card has some anti-counterfeiting technology, how to protect digital certificates? To solve this problem, we are basically close to victory.

How to prevent digital certificates from being tampered?

Digital signature

The digital signature is also named signed message digest. 

Sender: Digital certificate->Hash(Digital certificate)->CA’s private key(Hash)

Receiver:CA’s private key(Hash) || Digital certificate->

->CA’s public key(private key(Hash))->Hash value(1)

-> Hash(Digital certificate)(2)

if (1) == (2) yes -> not tampered

                             no -> tampered

Is it possible for the middleman to tamper with the digital certificate?

Assume that the man in the middle has falsified the original text of the certificate. Since he does not have the private key of the CA organization, the encrypted signature cannot be obtained at this time, and the signature cannot be falsified accordingly. After receiving the certificate, the browser will find that two hash values are inconsistent, indicating that the certificate has tampered and the certificate is not trusted, thereby terminating the transmission of information to the server to prevent the information from being leaked to the evil. We have known it is impossible to tamper certificate, what about evil changing the entire certificate to his certificate?

The answer is no. The certificate has (server’s)sender’s identifying information and public key. Even if Evil has CA’s certificate, the browser(receiver) will check if the domain received is what he requested.

Why do we need to hash the certificate when making a digital signature?

It seems that the hash is kind of redundant in the above process, and removing the hash process can also ensure that the certificate has not been tampered.  The most obvious is the performance problem. We have already said that asymmetric encryption is inefficient, and certificate information is generally long and time-consuming. The hash is obtained with fixed-length information (for example, a fixed 128-bit value can be obtained by hashing with the md5 algorithm), so that encryption and decryption will be much faster. Of course, there are security reasons, but this knowledge is relatively deeper.

How to prove that the public key of the CA institution is believable?

The operating system and the browser itself pre-install some root certificates that they trust. If there is a root certificate for the CA, you can get the corresponding trusted public key. In fact, the authentication between certificates can be more than one layer. A can trust B, B trusts C, and so on. We call it a chain of trust or a digital certificate chain. That is a series of digital certificates, starting from the root certificate. Through layer-by-layer trust, the last holder of the certificate can get trust.

Reverse TCP

What is a reverse connection?

When your browser initiates a connection to google.com, we call it a forward connection. The connection goes from the client(browser) to server(google.com).

When a server wants to initiate the connection to a client (it is very rare though!), we call it a reverse connection.

Most of the forward connection to servers are firewalled. So you just cannot initiate a connection, even if you compromise the server.

But most of the firewalls allow connection initiated by the server to the external world.

So compromise the remote server and ask it to initiate the connection with your system. Then you issue commands to the remote server.

That’s a reverse connection.

Chernobyl research

Why I choose to research this topic is because I just finished watching this TV series at the start of this term. I am quite interested in this topic, so I have a great passion to do this homework.

The Chernobyl disaster was a nuclear accident that occurred in 1986 at No.4 reactor in the Chernobyl Nuclear Power Plant, near the city of Pripyat in the north of Ukrainian SSR. It is considered the worst nuclear disaster in history.

I think there were two main reasons causing this famous worldwide devastating disaster. One was the human factor, the other was design flaws.

Design Flaws:

The accident started during the safety test on a reactor because operators and designers have found there might be a potential safety problem that could lead to the nuclear reactor core to overheat. They have done three tests since 1982, but all failed to provide a feasible solution.

According to the INSAG-7 Report, the chief reasons for the accident lie in the peculiarities of physics and in the construction of the reactor. There are two such reasons:

The reactor had a dangerously large positive void coefficient of reactivity.

A more significant flaw was in the design of the control rods that are inserted into the reactor to slow down the reaction.

Other contributing factors include:

The plant was not designed to safety standards in effect and incorporated unsafe features

"Inadequate safety analysis" was performed.

There was "insufficient attention to independent safety review".

"Operating procedures not founded satisfactorily in safety analysis".

Safety information not adequately and effectively communicated. between operators, and between operators and designers.

The operators did not adequately understand the safety aspects of the plant.

Operators did not sufficiently respect formal requirements of operational and test procedures.

The regulatory regime was insufficient to effectively counter pressures for production.

There was a "general lack of safety culture in nuclear matters at the national level as well as locally".

There was no exact reason that causing the disaster. However, I tend to believe what I say in my blog.

One reason there were such contradictory viewpoints and so much debate about the causes of the Chernobyl accident was that the primary data covering the disaster, as registered by the instruments and sensors, were not completely published in the official sources.

Human factors:

The human factor had to be considered as a major element in causing the accident.

The test was prepared to be conducted ten hours earlier than the time it was actually started. Because of this, the original operators shifted off. The test supervisor on that day failed to follow the procedure, creating unstable operating conditions combined with inherent reactor design flaws. He could choose to stop testing at that time, but he didn’t. Failing the test will lead to the loss of his opportunity of promotion to a higher office and also the related officer will get blames of the higher officer. Therefore, the test supervisor intentionally disabled several nuclear reactor safety systems, resulting in an uncontrolled nuclear chain reaction.

In addition, the impact of the disaster could have been less, but the related leaders of the reconstruction after the disaster chose to lie to the higher officer. They were afraid that if the world knew the serious impact of the disaster, the Soviet government will become a joke. After all, the Soviet was leading the world at that time, and they would lose their influence in the world if they told the truth. Even when they had to request for help to German at the end, they told the wrong and fake radiation level to German, which led to the robot that was designed to clean the radioactive contamination broke down immediately after the robot was turned on.

As in the previously released report INSAG-1, close attention is paid in report INSAG-7 to the inadequate (at the moment of the accident) "culture of safety" at all levels. Deficiency in the safety culture was inherent not only at the operational stage but also, and to no lesser extent, during activities at other stages in the lifetime of nuclear power plants (including design, engineering, construction, manufacture, and regulation). The poor quality of operating procedures and instructions and their conflicting character put a heavy burden on the operating crew, including the chief engineer. "The accident can be said to have flowed from a deficient safety culture, not only at the Chernobyl plant but throughout the Soviet design, operating and regulatory organizations for nuclear power that existed at that time."

Reference:https://en.wikipedia.org/wiki/Chernobyl_disaster#INSAG-1_report,_1986

Week8 Google Yourself

I downloaded my location JSON file and uploaded it to https://locationhistoryvisualizer.com/heatmap/ . Then the website resolved the JSON file and generated a heatmap for me. I was quite surprised that my location can be so specific. If these data are obtained by a bad guy, he may know all the places I usually go and he may also know when I am at or not at home or other things. It is really dangerous for me.

Week8 Authentication S/KEY

For S/KEY, gaining any password used for a successful authentication is useless for an attacker, because each password can be used only once. If the attacker can find out the previous one password, it would be useful, because the previous one password is used for the next authentication.

However, using ith password to calculate i-1th password is difficult, because it needs inverting the hash function.

S/KEY is vulnerable to a man in the middle attack if used by itself. 

If an attacker's software sniffs the network of Barbara to learn the first N − 1 characters in the password (where N equals the password length), establishes its own TCP session to the server, and in rapid succession tries all valid characters in the N-th position until one succeeds. 

Trump Phishing

Hi Donald Trump,

We have found that someone has logged on your Twitter account on a usual device, in order to protect your account, we choose to temporally suspend your account.

Device: HUAWEI P9

Location: China

IP address:xxx.xxx.xxx.xxx

Please click the button at the button to change your password or click the button at right bottom to contact Twitter team.

Twitter team