security – Technology

Real Threats	Security Techniques
Messages can be read by anyone on the internet.	Various symmetric encryption techniques to make sure only sender and receivers can understand the message. Examples: – Advanced Encryption Standard(AES) – Data Encryption Standard(DES)
Unencrypted or encrypted messages can be altered by anyone on the internet.	Various Integrity protection techniques like Hash based solutions to detect alteration in messages. Examples: – SHA256 MAC
Stealing encryption key on the internet and calculating fixed key	Public private key infrastructure based techniques make sure that keys used for encrypting the message are not fixed and random for each session. Along with it, it also makes sure that message encryption key cannot be steal by anyone by using asymmetric public and private key concepts. Examples: – Rivest, Shamir and Adleman (RSA) – Elliptic Curve Cryptography (ECC)
Unauthorized access and illegal control of network and system resources	Authentication and Authorization techniques to make sure only authenticated users with valid credentials are allowed to enter into networks. Along with it, an adequate permission mechanism to set various authorization levels like admin, super admin, user level access, group level access, role based access control (RBAC) and attributes based access control (ABAC). Example: – oAuth (Open Authorization)
Physical attacks of devices computing, memory and storage devices	In build security techniques to make sure you have a secure run time execution environment, secure RAM or ROM and Secure storage for any physical attacks.

Real Threats

Security Techniques

Messages can be read by anyone on the internet.

Various symmetric encryption techniques to make sure only sender and receivers can understand the message.

Examples:
– Advanced Encryption Standard(AES)
– Data Encryption Standard(DES)

Unencrypted or encrypted messages can be altered by anyone on the internet.

Various Integrity protection techniques like Hash based solutions to detect alteration in messages.

Examples:
– SHA256 MAC

Stealing encryption key on the internet and calculating fixed key

Public private key infrastructure based techniques make sure that keys used for encrypting the message are not fixed and random for each session. Along with it, it also makes sure that message encryption key cannot be steal by anyone by using asymmetric public and private key concepts.

Examples:
– Rivest, Shamir and Adleman (RSA)
– Elliptic Curve Cryptography (ECC)

Unauthorized access and illegal control of network and system resources

Authentication and Authorization techniques to make sure only authenticated users with valid credentials are allowed to enter into networks. Along with it, an adequate permission mechanism to set various authorization levels like admin, super admin, user level access, group level access, role based access control (RBAC) and attributes based access control (ABAC).

Example:
– oAuth (Open Authorization)

Physical attacks of devices computing, memory and storage devices

In build security techniques to make sure you have a secure run time execution environment, secure RAM or ROM and Secure storage for any physical attacks.

1. Perception Layer:

Eavesdropping: Stealing the information transmitted between sender & Receiver.
Node Capture: Getting full control of node like gateway node. That way all types of data including key used to build secure connection along with data in memory.
Fake Node & Malicious node: Adding not a valid or real node to occupy network bandwidth and hardware resources of real node. That causes destruction of whole network.
Replay attack: By eavesdropping between sender & receiver, an intruder capture the very basic identity of sender and start behaving like he is a real sender such that receiver gets impression that data is coming from real sender. That way intruder can send his or her desired command to receiver.
Timing attack: Intruder tries to observe the time consume between request and response that way tries to understand what types of queries are sent, what type of algorithms are used.

2. Network Layer:

Denial of Service (DoS) attack: Consume whole network bandwidth such that authentic user are not allowed to consume services.
Main-in-The-Middle (MiTM) attack: An attacker intercepts between sender & receiver and change the data of communication such that both sender & receiver believe that they are getting data from each other only.
Storage attack: Altering the information stored in storage devices or on cloud specially when multiple types of people are involved into replication of stored data.
Exploit attack: Taking advantages of security vulnerability, weak algorithm, poor hardware or bad programming helps attacker to retrieve precious information.

3. Application Layer:

Cross site scripting attack: Adding client side malicious script like java-script to change the actual code and execute the code what attacker wants to execute.
Malicious Code attack: A code inside the software itself causes damage of overall system. Such type of code is very hard to detect with even anti virus code.

4. Support Layer:

Denial of Service (DoS) attack: As describe above.
Malicious inside attack: Attack happens with the help of someone inside the network with valid authorization.

5. Processing Layer:

Exhaustion attack : To exhaust the system resources like battery & memory consumption.
Malwares attack : In the form of viruses, spyware, adware, Trojans horses and worms.

6. Business Layer:

Business Logic attack: Due to flaw in programming like poor coding, password recovery mechanism, poor validation & bad encryption techniques.
Zero-Day attack: Security issues in application and vendor is not aware about it.

Tag Archives: security

IoT – Implementation of various security techniques to address real threats

IoT Layered Architecture – Security Threats