Top Special Offer! Check discount
Get 13% off your first order - useTopStart13discount code now!
Experts in this subject field are ready to write an original essay following your instructions to the dot!Hire a Writer
The threat of identity theft and ransomware will be comprehensible in recent years and targeted contents and websites like healthcare industry and financial sectors will be more vulnerable to these types of attacks (Ragan, 2016). It is understandable because with the proliferation of the computer network, use of Information technology will be on the rise, which will increase the reach of the Internet far beyond people could imagine in last decades. As a result, hackers will be more active than ever to exploit security loopholes in the Internet to take control of sensitive data and personal information. Ransomware will be one of the tools that hackers are likely to use deliberately to put victim in a unstable position to extort money from (Barker, 2017).
With increased footprint over the Internet, especially through social media exposure, hardly anyone’s information or privacy is secured. I think, my information is as exposed to the cyber-attacks as any other individual who uses the Internet and computer technology for day-to-day work. Despite all the preventive measures that I have taken to prevent cyber-attack, I am certain that I might be victim to cybersecurity damage anytime. My pessimistic view about cybersecurity comes from a past experience of being robbed by an attacker who took control of my computer by through ransomware; he encrypted all my important data and private contents and sent me a pop-up message demanding $500 to get my data back. He offered me a single file decryption for free to convince me to pay the sum. However, I could not afford the money and lost all my documents, photos and other important files. Among all frustrations, one thing that still amuses me is that I used his free offer to decrypt a spreadsheet full of details of my daily expenses for over five years.
Assignment 2: Not Such Lone Wolves
Lone wolf, as relating to the terrorism, represents an individual or group that performs terrorist attacks or act of terrorism by his own and does not belong to any group or team. However, a lone wolf can be influenced by a group ideology or act in support to others but they do not perform structured terrorisms and are not accountable to anybody for their actions (Kimmel, 2013). Individual shooter, mass killer are some examples of lone wolves. Lone wolves can hide their intentions and keep their operations secret more efficiently than organized terrorisms because they do not need to reveal their plans to anybody. Unlike organized crime, lone wolf terrorism dies with the person or group involved in a particular incident.
Exercise: 1.1: Attack tree for stealing a car
Steal the car
1.1 By driving the car away
1.1.1 Enter through door
18.104.22.168 using duplicate key
22.214.171.124 breaking the glass and unlocking the door
126.96.36.199 using drill or welding tools
188.8.131.52 by finding the door accidentally left opened by the owner
1.1.2 Enter through glass
184.108.40.206 breaking the glass
220.127.116.11 using glass cutting tools
18.104.22.168 discovering the owner left the car glass opened
1.2 By pushing the car from behind
1.2.1 by using another vehicle or truck from behind
1.2.2 owner did not pull the hand brake
1.3 By pulling the car from front
1.3.1 by using another vehicle or truck from front
1.4 By taking parts of the car apart
1.4.1 using tools to dismantle the car parts,
1.4.2 using force to break parts
Exercise: 1.4: Attack tree for learning username and password of someone's online bank account
Learning bank account credentials
1.1.1 Physically force the user to provide the information
22.214.171.124 held the customer captivated and push him for the information
126.96.36.199 keep a close person of the user hostage and threaten him to reveal the information
188.8.131.52 point a gun or arms to the user and ask for the credentials
1.1.2 Physically steal the credentials
184.108.40.206 follow customer’s keystroke from a secret place and note them 220.127.116.11 use a hidden camera to record customer’s keystroke to get the credentials
18.104.22.168 use keylogger device that can record each keystroke in its internal memory
1.2.1 Using phishing
22.214.171.124 Send trustworthy emails to user
126.96.36.199 ask customer to reply the email with credentials of the bank account
188.8.131.52 deceive the customer by redirecting to a pseudo website that resembles the online bank account and convince him to enter into the website using credentials
184.108.40.206 ask customer to provide sensitive account information, like birthdate, phone number, secret question with answer etc. which later can be used to exploit the account
1.2.2 Using virus
220.127.116.11 Use Trojan horse that will secretly hide inside customer’s workstation and
18.104.22.168 Use a key logger virus that can record each keystroke of the user and send it via email
22.214.171.124 by tapping into customer’s Internet line and extracting unencrypted information that might help in getting secret information
126.96.36.199 by pairing with one of the customer’s devices from where he or she frequently access the bank account
Exercise 1.6: Attack tree for preventing someone from being able to read his own email
Account holder cannot read his own emails
1.1 Block user’s access
1.1.1 hack into user’s account and change the password and reset recovery options
1.1.2 get control of the user account and delete it
1.1.3 block the user’s access into the email agent’s site
1.1.4 disconnect the user from the Internet
1.1.5 redirect all traffics from the user to the email agent to another address
1.2 Make the emails unreadable
1.2.1 encrypt the emails to render them unreadable to the user,
1.2.2 add pseudo-noise to the email content and make the unintelligible
1.3 Change the route emails intended for the user
1.3.1 redirect all emails to user account to another account
1.3.2 change the destination of all emails intended to be received by the user
Exercise 1.7: Changing sender of the email
Email recipient gets emails from wrong sender
1.1 Change the sender address
1.1.1 create a mailbox that will receive all the emails intended for a specific user and change; resend those emails to the user by changing sender’s name.
1.2 Take the user to a wrong email site
1.2.1 use a phishing site to take the user to a wrong email box, where the received emails will be engineered to show wrong recipient
1.3 Sit in the middle
1.3.1 sit in the middle of the network between the sender and the receiver and inject malicious codes that will change the sender’s name.
1.3.2 create a key pair and impersonate like someone else; hand the keys over to the recipient such that the recipient can verify the digital signature attached with the email belongs to the impersonated person.
Exercise 1.8: Security Review of Tesla’s Announced Wireless Car Charging System
The electronic car manufacturing giant Tesla is planning to launch wireless car controlling system that will enable the user to take control of his car from remote places like from lobby of a hotel or from his room while the car is parked at the garage. The new technology will enable the user to check the condition of his car and drive the car up to a distance not longer than 1 km. The technology will be a help for people who are in a hurry or who forgets to park their cars or perform routine check because of busy schedule. The technology will provide a means of checking the car and take necessary actions during leisure periods. The remote technology will create a major hype in the electric car industry and will help the car user exploit every extra dollar they have paid for their car being electric. The unit also comes in the mobile app package, which enable the user control the car using his mobile device.
Assets and Security Goals:
Asset 1: The technology will be wireless. It will require no wire connection between the car and the user and it will let the user have command over the car from distance. The main security goal of this asset is to keep the car safe from wireless infiltration or intrusion.
Asset 2: The control system of the car that can help the user ignite and kill the engine and even drive the car a few meters in different directions. The main security goal for this asset is to keep the car safe from stealing or accident.
Threats and Adversaries:
Threat 1: The major threat of becoming wirelessly controllable is to be get hacked by stealers. Hacker can easily get control of the wireless system and control the car from distances without being caught or having any trouble to steal the car.
Threat 2: Threat to privacy. A hacker can access the car log wireless or put a malicious code into the car system that will help him know about the travelling history of the car as well as current position and direction. This adversary possesses serious threat to the privacy of the car owner.
Weakness 1: The wireless control is lost when the car is more than 1 kilometer away from the user. The user might loss the control immediately when the car is in remote-wireless driving mode and that might cause an accident.
Weakness 2: Frequent switching between wireless and physical mode, the car might get stuck and cannot follow the instructions properly, which may lead to an accident.
In order to address the first weakness, the car might use automatic alert system to make the user aware of that the car is moving out of the wireless range. The user should instantly halt the car and reposition it somewhere that is within the wireless zone of access. Again, the car can use autopilot feature, built-in to modern Tesla cars, to avoid accidents out of the wireless zone while being operated by remote controller. In order to deal with the second weakness, the car might use some sort of failsafe system that would take the control of the car and park it instantly if it senses any kind of unresponsive behavior.
From the above discussion, it is obvious that the weaknesses are not severe as far as possible defenses and awareness from the user are concerned but the threats are really worrisome and are subject to research and upgrade to eliminate the possibility of being security loopholes.
Despite having security problems, the new technology will create a revolution in car industry, which might be as well introduced into other vehicles. There is a good possibility that this technology will get widespread acceptance in the entire car industry.
1. Compromising Wireless Control of Tesla Car
1.1 Get the remote controller
1.1.1 Snatch the remote controller from the user
1.1.2 Steal the remote controller
1.1.3 Force the owner hand over the remote controller
1.2 Hack the wireless channel
1.2.1 Hack the wireless signal and get control of the car
1.2.2 Get credentials of the handshake key between the mobile app and the car and take control
1.2.3 Insert malicious codes into the car software and make it transmit information for pairing
Exercise 1.9 Comprise of Tesla Car’s Wireless System
Developers from the Keen Security Lab, a division of the Chinese internet giant Tencent have compromised Tesla S car model through air. The groups of developers have shown that how the car’s remote wireless system can be exploited to take control of the CAN bus that controls many vehicle system in the car. However, the vulnerability that was exploited by the developers was narrow because it requires the car to be connected to specific malicious Wi-Fi Hotspot. Obviously, this was not the weakest link of the wireless security chain of the car. The weakest link, from my point of view, should be the mobile app interface that sets a communication link with the car after initial handshaking because it is easier to hack user credentials and get control of the car. On the other hand, forcing the car to pair with the malicious hotspot is a bit tricky and does not guarantee success all the time.
Exercise 1.10 Impact of Addressing One Security Issue on Others
One of the major example of the situation where improving security of a system against one type of attack welcomes others is the Two Factor Authorization (TFA) techniques in email or other accounts. Due to frequent account hacking problems, security developers have introduced TFA, where the user have to authorize the access via a code sent to their mobile. The incorporation of mobile-based authentication has increased the mobile hacking problems. On the other side, if the mobile of the user is stolen, there is a great chance of his accounts being comprised easily.
Exercise 2.1 Kerckhoffs' Principle
Two arguments in favor of Kerckhoffs' Principle:
It is not easy or cheap to build an algorithm, which is why it must be used many times,
Using algorithm universally helps in identification of bugs, security loopholes and improvement
Two arguments against Kerckhoffs' Principle:
Keeping an algorithm open to all eases the work of the attacker who might acquire greater control over it or discover its weaknesses
All systems require expensive algorithm upgrade once it is compromised anywhere.
Validity of Kerckhoffs' Principle:
It is obvious that the view of validity of Kerckhoffs' principle is important from security point of view. There is no way anyone can develop individual algorithm for each user or each system because it is complex and expensive. On top of that designing individual algorithm will require modification of system hardware and software and as such no standardization can be done. A non-standardized unique algorithm will require all participants must shift to same hardware and software to perform a communication, which is not a feasible model of communication.
Exercise 2.2 Using Open Wi-Fi
Parties that might be able to attack the system:
The network administrator or employees of the coffee shop who have access to the network,
Other customers of the coffee shop who access the same network
An intruder from outside who can penetrate the wireless interface
What They Can Do:
Can read the email
Can change contents as well as sender info of the email
Can cause interruption in email transmission
Bob and Alice can use VPN to secure their communication
Can hide their IP address
Can use 128-bit encryption
Can use secret codes to encode the email content
Can share authentication information to make sure that the email came from the other
Exercise 2.3 Number of Symmetric Keys
(30 × 29) / 2 = 435.
Exercise 2.4 Digital Signature Verification
Yes, it does prove that Alice saw the message in question and chose to sign it.
Exercise 2.5 Public Key Authentication
Alice can ask Bob to verify his key over phone.
Alice can ask Charlie to certify the key she has belongs to Bob
Alice can communicate Charlie via email through encrypted channel and ask him to certify P as Bob’s key.
Exercise 2.6 Security of Encryption Scheme in a Chosen-Cyphertext model
Yes. Unless the attacker can break the decryption key there is no luck with the Chosen-Cypher attack.
Exercise 2.7 Security Against Birthday Attack
To avoid a birthday attack or collision, we need n-values,
Where the birthday bound, 2n/2 = 128
n/2 = 7
n = 14.
Barker, I. (2017, January 04). Ransomware set to increase in 2017. Retrieved from Beta News : http://betanews.com/2017/01/04/ransomware-increase-2017/
Francis, R. (2016, December 19). What 2017 has in store for cybersecurity . Retrieved from CSO Online: http://www.csoonline.com/article/3150997/security/what-2017-has-in-store-for-cybersecurity.html?page=2
Kimmel, M. (2013). Angry White Men: American Masculinity at the End of an Era. Avalon.
Lohrmann, D. (2016, November 13). Will President-Elect Trump Surprise on Cybersecurity? Retrieved from Government Technology: http://www.govtech.com/blogs/lohrmann-on-cybersecurity/will-president-elect-trump-surprise-on-cybersecurity.html
Ragan, S. (2016, November 28). SF MUNI hacker lashes out, threatens to release 30GBs of compromised data. Retrieved from CSO: http://www.csoonline.com/article/3145425/security/sf-muni-hacker-lashes-out-threatens-to-release-30gbs-of-compromised-data.html
Smith, L. J. (2016, February 17). Donald Trump on Apple encryption battle: 'Who do they think they are? Retrieved from The Verge : http://www.theverge.com/2016/2/17/11031910/donald-trump-apple-encryption-backdoor-statement
Stearns, J., & Tirone, J. (2016, October 04). Europe's refugee crisis. Retrieved from Bloomberg: https://www.bloomberg.com/quicktake/europe-refugees
Strohm, C. (2016, September 23). Lone Wolf Terrorism . Retrieved from Bloomberg: https://www.bloomberg.com/quicktake/lone-wolf-terrorism
Worth, K. (2016, July 14). Lone Wolf Attacks Are Becoming More Common — And More Deadly. Retrieved from pbs: http://www.pbs.org/wgbh/frontline/article/lone-wolf-attacks-are-becoming-more-common-and-more-deadly/
This sample could have been used by your fellow student... Get your own unique essay on any topic and submit it by the deadline.
Hire one of our experts to create a completely original paper even in 3 hours!