Crossroads The ACM Magazine for Students

Sign In

Association for Computing Machinery

Magazine: September 2004 | Volume 11, No. 1

Computer security and intrusion detection

Computer attacks are now commonplace. By connecting your computer to the Internet, you increase the risk of having someone break in, install malicious programs and tools on it, and possibly use it to attack other machines on the Internet by controlling it remotely.Several major banks have been subject to attacks, in which attackers gained access into customers' accounts and viewed detailed information about the activities on these accounts. In some instances the attackers stole credit card information to blackmail e-commerce companies by threatening to sell this information to unauthorized entities. Several online trading companies and e-commerce sites were shut down temporarily due to major packet flood attacks, also known as Denial-of-Service (DoS) attacks, causing these companies to lose revenue, customer satisfaction, and trust [10]. A major software development company discovered that attackers had broken into its network and stolen the source code for future releases of its popular products. Just recently, the source code of the future flagship product belonging to a major software development company was stolen and made publicly available on the Internet.In order to combat this growing trend of computer attacks, both academic and industry groups have been developing systems to monitor networks and systems and raise alarms of suspicious activities. These systems are called Intrusion Detection Systems (IDS).

By Khaled Labib

HTML | In the Digital Library
Tags: Access control, Algorithms, Computer crime, Cryptanalysis and other attacks, Intrusion/anomaly detection and malware mitigation, Operating systems security, Security

WiFi exposed

Over the past few years, IEEE 802.11 wireless networks have become increasingly widely deployed. Wireless LANs can be found in coffee shops, airports, hospitals, and all major institutes. However, as for conventional wired networks, the spread of such networks may have been faster than the diffusion of security knowledge about them. As a consequence, 802.11 is the new playground for many hackers, who are attracted to the environment by virtue of its anonymity. Attacks may be traced back to the wireless network, but the intruder could have been anyone driving by within the radius of the network, making it hard, if not impossible, for him/her to be traced. Securing wireless networks is a hard task, because the standard solutions do not work effectively in guaranteeing privacy and authentication, as this article shows; as a consequence, many wireless networks are left open.This article is structured as follows: initially, an overview of the 802.11 protocol is presented. This is followed by an analysis of the steps involved in connection to and use of such a network, first in the absence of encryption and then taking into account WEP. Attacks for these different scenarios are presented and analyzed, leading to the conclusion that WEP is unsuitable as the sole security measure for such links. Finally, attacks on wired networks that are connected to a wireless LAN are analyzed.The article concludes that existing standards for wireless security as applied to the most widely used wireless standard, 802.11, are inadequate in several ways, can be attacked using publicly available tools, and lead to a false sense of security. Some advice about mitigation of threats is offered throughout the article, but the most effective solution is awareness of potential attacks and the maximization of the amount of time and effort needed to break into the network by using defence in depth.

By Andrea Bittau

HTML | In the Digital Library
Tags: Algorithms, Cellular architectures, Mobile networks, Security, Wireless access networks

DNA smart card for financial transactions

In this paper, a secure environment for electronic commerce is introduced. The environment is formed via a synthesis of biometrics consumer authentication with a security token. Such a token is a smart card containing cryptographic keys and a cryptographic microprocessor for data encryption. The keys are used to further authenticate the possessor of the card as the actual owner and also to facilitate secure electronic financial transactions. New technologies like these bring benefits to society by enhancing the standard of living, however, numerous challenges are introduced [1].Biometrics is a Greek composite word stemming from the synthesis of bio and metric, meaning life measurement. In this context, the science of biometrics is concerned with the accurate measurement of unique biological characteristics of an individual in order to securely identify them to a computer or other electronic system. Biological characteristics measured usually include fingerprints, voice patterns, retinal and iris scans, face patterns, and even the chemical composition of an individual's DNA [9].

By Sofia Gleni, Panagiotis Petratos

HTML | In the Digital Library
Tags: Algorithms, Application specific integrated circuits, Domain-specific security and privacy architectures, E-commerce infrastructure, Embedded hardware, Human and societal aspects of security and privacy, Secure online transactions, Security

A distributed security scheme for ad hoc networks

In an ad hoc wireless network where wired infrastructures are not feasible, energy and bandwidth conservation are the two key elements presenting challenges to researchers. Limited bandwidth makes a network easily congested by the control signals of the routing protocol. Routing schemes developed for wired networks seldom consider restrictions of this type. Instead, they assume that the network is mostly stable and that the overhead for routing messages is negligible. Considering these differences between wired and wireless network, it is necessary to develop a wireless routing protocol that limits congestion in the network [1, 5, 8, 9, 10, 11].This paper proposes minor modifications to the existing Ad hoc On Demand Vector (AODV) routing protocol (RFC 3561) in order to restrict congestion in networks during a particular type of Denial of Service (DoS) attack. In addition to this, it incurs absolutely no additional overhead [4]. We describe the DoS attack caused due to Route Request (RREQ) flooding and its implications on existing AODV-driven Mobile Ad hoc Networks (MANET) [2, 14]. To combat this DoS attack, a proactive scheme [12] is proposed. We present an illustration to describe the implications of RREQ flooding on pure AODV and the modified AODV protocols. To quantify the effectiveness of the proposed scheme, we simulated a DoS [6] attack in a mobile environment and study the performance results.

By Dhaval Gada, Rajat Gogri, Punit Rathod, Zalak Dedhia, Nirali Mody, Sugata Sanyal, Ajith Abraham

HTML | In the Digital Library
Tags: Algorithms, Communication hardware, interfaces and storage, Networks, Organizing principles for web applications, Reconfigurable computing, Security, Self-organizing autonomic computing