Вы находитесь на странице: 1из 13

Cyber Security

Term Paper 2018-Odd

Presented By- Vinay Bharwani


Introduction
• Cyber security refers to the body of
technologies, processes, and practices
designed to protect networks, devices,
programs, and data from attack, damage,
or unauthorized access.

• In simple words, it is the practice of


protecting systems, networks, and
programs from digital attacks.
Objective
• Cyber security is important because government, military, corporate,
financial, and medical organizations collect, process, and store
unprecedented amounts of data on computers and other devices.

• A significant portion of that data can be sensitive information, whether


that be intellectual property, financial data, personal information, or
other types of data for which unauthorized access or exposure could
have negative consequences.

Digital attacks are usually aimed at accessing, changing, or destroying


sensitive information; extorting money from users; or interrupting normal
business processes.
CHALLENGES OF CYBER SECURITY
• Information wars- More than data thefts for economic needs, personal data is targeted more which leaves
people in a vulnerable position.
• New vulnerabilities-The innovative technologies are witnessing an exponential growth and this also opens a
new window for new vulnerabilities.
• Concerns for big data- As data comes in new types and formats, it would be less structured unlike conventional
data.
• Cloud storage security-There can be a serious threat to its privacy and mishandling if no proper governance is
provided.
• Internet of Things- Most of the modern Enterprises are not so aware of the hidden problems and uses the new
age technology without giving much emphasis to safety.
• Ransomware and Block chain security-Ransomware is a widespread cyber security threat in which particular
files within the infected systems would be encrypted. The users will be forced to pay big sums in order to
retrieve the decrypt key.
• Wars across borders-There is a huge chance for this insecurity to be a reason for wars across nations and can
cause a direct impact on the international political scenario.
• Cyber security predictions- The security breaches from biometric authentication tools introduced by mobile
giants are not a distant reality.
• Training for non-technical staff-As the situation is highly alarming, it is becoming important to give some
basic training to non technical staff also regarding the first aids to tackle possible cyber attacks.
• Artificial Intelligence- Quicker threat detection and faster troubleshooting is the key.
Recently Claimed Security Breach

• China snuck chips into CIA, U.S. Military, Commercial Servers leaving them
open to hacks.
• On Oct. 4, 2018, Bloomberg Businessweek published its story, alleging the Chinese
government directly interceded to insert small microchips into motherboards from
a company called Supermicro, that are in use in servers everywhere from the adult
film industry to U.S. military and U.S. Intelligence Community data centers, which
make them vulnerable open them up to remote hacks.
• These chips themselves don’t do much on their own. The small amount of
computer code they contain instructs the completed servers to be open to outside
modifications and to be ready to receive further code from other computers
remotely, creating a backdoor for hackers to access the information they contain.
The Microchips

• A microchip (sometimes just called a "chip") is a unit of


packaged computer circuitry (usually called an
integrated circuit) that is manufactured from a material
such as silicon at a very small scale.
• Microchips are made for program logic (logic or
microprocessor chips) and for computer memory
(memory or RAM chips).
• Microchips are also made that include both logic and
memory and for special purposes such as analog-to-
digital conversion, bit slicing, and gateways.
Literature Review
Mark M. Tehranipoor, director of the Florida Institute for Cybersecurity
Research(FICS)

An microchip is a miniature analyzer that has at least one


micrometer-sized component.

This type of device is made from various materials, including


silicon, glass, plastic, or combinations of glass and silicon, using
techniques adapted from the microelectronics industry (e.g.,
photolithography) and the plastic fabrication industry (e.g.,
embossing, electroforming, and molding).
Approaches for Threat Detection

• The institute’s semi automated system “could have identified this part in a
matter of seconds to minutes,” says Tehranipoor, an IEEE Fellow.
• The system uses optical scans, microscopy, X-ray tomography, and artificial
intelligence to compare a printed circuit board and its chips and
components with the intended design.
• It starts by taking high-resolution images of the front and back side of the
circuit board, he explains. Machine learning and AI algorithms go through
the images, tracing the interconnects and identifying the components.
• Then an X-ray tomography imager goes deeper, revealing interconnects
and components buried within the circuit board.
Continued…

• That process takes a series of 2D images and automatically stitches them


together to produce a layer-by-layer analysis that maps the interconnects
and the chips and components they connect. The systems in question in
the Bloomberg story probably had a dozen layers, Tehranipoor estimates.

• All this information is then compared to the original designs to determine if


something has been added, subtracted, or altered by the manufacturer.

• For example, an attacker could potentially alter the physical values of


capacitors and resistors on the board or subtly change the dimensions of
interconnects, making them susceptible to system-crippling electro
migration.
Description of Work
• A Chinese military unit designed and manufactured microchips as small as a
sharpened pencil tip.
• Some of the chips were built to look like signal conditioning couplers, and they
incorporated memory, networking capability, and sufficient processing power for an
attack.
• The microchips were inserted at Chinese factories that supplied Supermicro, one of
the world’s biggest sellers of server motherboards.
• The compromised motherboards were built into servers assembled by Supermicro.
• The sabotaged servers made their way inside data centers operated by dozens of
companies.
• When a server was installed and switched on, the microchip altered the operating
system’s core so it could accept modifications. The chip could also contact computers
controlled by the attackers in search of further instructions and code.
Continued..

• The clones certainly looked like the genuine product, but in fact they
contained circuit boards that had likely been built in China.

• Network routers and parts for routers are also popular targets for cloners.

• Hackers who has control of a cloned router can then intercept or redirect
communications on the network.

• Cloners simply want to rip off someone else's intellectual property and
market development
Conclusion

• Hardware attacks are about access.


• This is different from most of the hacking stories you hear about.
• Hardware-level hacks, like the one reported in Bloomberg, allow much greater
access to the system or network and in this case would have allowed
unparalleled access to the data passing through the server.
• Deviously small changes could create disastrous effects.
• The chips that were used, were not spotted anywhere and the alleged
companies claimed that such kind of security breach never happened.
References

[1] T. R. Andel and J. T. McDonald, ‘‘A systems approach to cyber assurance


education,’’ in Proc. Inf. Secur. Curriculum Develop. Conf., 2013, p. 13, doi:
13.10.1145/2528908.2528920.
[2] A. Aviad, K. Wecel, and W. Abramowicz, ‘‘The semantic approach to cyber
security towards ontology based body of knowledge,’’ in Proc. Eur. Conf. E-
Learn., 2015, pp. 328–336.
[3] A. N. Ayofe and B. Irwin, ‘‘Cyber security: Challenges and the way forward,’’
Comput. Sci. Telecommun., vol. 29, no. 6, pp. 56–69, 2010.
[4] I. Bernik, G. Mesko, and V. Lysenko, ‘‘Study of the perception of cyber thre
https://spectrum.ieee.org
[5] Mark M. Tehranipoor, Ujjwal Guin and Swarup Bhunia