A Talk by Mr. Usama Tharwat Elhagari in Seminar In Info. Sec. Class (MCS 2070)

Assalamualaikum...This is the 4th talk and this time by Mr. Usama Tharwat Elhagari. He is from Egypt and he is doing his research in Trusted Computing. This talk was held on 2nd and 3rd March 2011. Mr. Usama shared his knowledge about Trusted Computing Background. According to him, today's systems are very vulnerable to a range of attacks. Protecting IT Systems through software-only mechanisms cannot solve alone all the security problems. Operating System (OS) and application software are very complex and removing all software vulnerabilities is almost an impossible task. The number of attacks on software, OS and applications are higher as compared with attacks on hardware. Users become more mobile, physical theft become more concern. He then stated that some security problems are unsolvable without a bootstrap to protected hardware. He then added, software-only security application cannot protect the hardware platform against attacks on its integrity or modification of the security software. Then he brief us some information about Trusted Computing Platform Alliance (TCPA). The TCPA was established in the year 1999, the promoters (main players) are Compaq, IBM, Intel, HP and Microsoft that consist of more than 200 members. He then talked about the TCG Mission Statement. The TCG is Trusted Computing Group. The TCG Mission Statement is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, industry standards for trusted computing building blocks and software interfaces across multiple platforms.

He then told us about the definition of TRUST. Trust means different things to different people. In trusted computing, we use it in the sense of behavioral reputation : something is trusted if it behaves in the expected manner for a particular purpose (Mitchell, 2005). He then added, trust with better definition is an entity can be trusted if it always behaves in the expected manner for the intended purpose. An entity is a platform or an applications or service running on a platform. An example of platform are PC, PDA, smart phone and etc. The trusted computing is of great significance for building secure computing systems based on new architecture in both hardware and software (Kallath, 2005). TC is an industry initiatives intended to protect data in computer platform from software attack and that includes protecting servers, desktops, laptops, PDAs, mobile phones and computer peripherals (Mitchell, 2005). He then explain about the Trusted Platform (TP). TP is a computing platform that has a trusted component, probably in the form of built in hardware, which it uses to create a foundation of trust for software processes (Pearson, 2002). Then he explain something about the Chain of Trust. The chain of trust expands from component to component. The chains of trust generic are receive control, measure next entity and pass control to entity. The Root of Trust is hardware or software mechanism that one implicitly trusts (Gunupudi, 2008, Siani Pearson, 2005, Stravvoulakis et. al. 2010). Root of trust misbehavior is not detectable and affects on all the chain of transitive trust. Then he explain in detail about the Fundamental Features of Trusted Platform. The fundamental consists of three criteria which are Protected Capabilities, Integrity Measurement and Storage and Integrity Reporting. He then added about the TCG's Specifications, issued different spec for enabling trust in different platforms such as desktops and laptops. He then explained about the roots of trust, secure storage, attestation, TPM key types, example of key usage and TPM components.

A Talk by Mr. Dahliyusmanto in Seminar In Info. Sec. Class (MCS 2070)

Assalamualaikum...This is the third talk and this time by Mr. Dahliyusmanto on 24th of February 2011. Here's a brief about him, he is from Indonesia and he is a PhD. student under supervised from Prof. Hanan. During his Master by Research study, he is focusing on research on Intrusion Detecting System (IDS) of Combination Anomaly Detecting Different Analysis. In this brief talk, he shared to us about the Intrusion Detecting System (IDS). Firstly he begin with the definition of intrusion. An intrusion is a set of action that attempt to compromise the Confidentiality, Integrity and Availability (CIA) of a resource. For example, a Denial of Service (DoS) attacks ; an attempt to starve a host of resources and Compromises ; obtain privilege access to a host by known vulnerabilities. An Intrusion Detection is a process of identifying & responding to intrusion activities. He then explain about the Elements of Intrusion Detection ; Primary Assumptions - system action are observable and normal & intrusive action have distinct evidence.

The components of IDS from algorithmic perspective are the features and models. The features capture intrusion evidence while the models is a piece of evidences together. From a system architecture perspective, various components : audit data processor, knowledge base, decision engine, alarm generation and responses. The components of IDS are, (1) Information Collection, (2) Detection and, (3) Responses. Meanwhile, the parameters of IDS are (1) Accuracy, (2) Performance and, (3) Completeness. Sources are (1) Host-Based, (2) Network-based, (3) Application-Based and, (4) Hybrid. Furthermore, he stated that there are two responses of IDS such as Active and passive. For IDS placement, it could be place anytime, anywhere whether inner or outer firewall. The IDS approaches Modeling are, (1) features : evidences extracted from audit date and analysis approach. There are two type of detection. First one is Misuse Detection and the other one is Anomaly Detection. Misuse Detection looks for attack signatures in the user's behavior. The weakness of this kind of detection is always need to update virus signature and can't detect new virus threats. The Anomaly Detection is statistically analysis user's current action, compares profiles describing user's normal behavior & report significant deviation to security officer. The advantage of anomaly detection is it can detect new virus threats. He then explains about Host-Based VS Network Based IDS. The Host-Based IDS is using operating system (OS) to auditing mechanisms. For example, BSM on Solaris : logs all direct or indirect events generated by a user. The Host-Based IDS then monitoring executions of system programs, e.g : analyze system calls made by "sendmail". Detect & examine malicious activity. Then optimize for monitoring individual hosts and monitor system network activity, file system, log files and user actions. The Network-Based IDS is deploying sensors at strategic locations, eg. : packet sniffing via tapdump at routers. Inspecting network traffic, watch for violations of protocols & unusual connection patterns. Monitoring user activities and may be easily defeated. He then stated that the next generation of IDS is adaptive - detect new intrusion, the scenario-based, correlate (multiple sources of) audit data and attack information. The challenges of IDS are (1) Runtime limitations, (2) Specification of detection signatures, (3) Dependency on environment- high rate false alarms -  the limitation factor for the performance of IDS. The potential solutions are : (1) Data mining, (2) Machine Learning technique, Supervised Learning, Unsupervised Learning, (3) Co-Simulation Mechanism, integrating the misuse & anomaly detection techniques, applying a co-stimulation mechanism. Lastly, he stated that in the future may be he could talk about Intrusion Prevention System and then the class dismissed.

A Talk by Mr. Satria Mandala in Seminar In Info. Sec. Class (MCS 2070)

Assalamualaikum...This is my second assignment and i'm about to write a brief summary about a talk but this time by another PhD student under Prof. Dr. Abdul Hanan. This talk was held this morning (17th February 2011). This brief was presented by Mr Satria Mandala. He is from Indonesia. He had talked about the intrusion detection together with critical nodes detection for securing MANET. MANET is the short form for Mobile Ad Hoc Networks. He then briefing about Route Requests in AODV (Ad Hoc in Demand Vector), Reverse Path Setup in AODV, Forward Path Setup in AODV and Security Issues.

There are two classification of intrusion detecting system. One of them is External Attack Vs Internal Attack and the other one is Passive Attack Vs Active Attack. He stated that the external attack is more easy to be detected while the internal attack is legitimate mode and very dangerous kind of attack. While the passive attack is more dangerous and the attack is planned very well by the attacker. Somehow, there are many types of active attack. This includes black hole, selfish and fabric. He then told us where is the attack start. The attack is actually start from an early stage of communication building. For example, routing attacks, modification, wormhole attack (tunneling), blackhole, denial of service (DoS) attack, invisible node attack, the sybil attack, rushing attack and non-cooperation. For wormhole attack, the colluding attackers uses "tunnels" between them to forward packets. This will place the attacker in a very powerful position. The attackers take control of the route by claiming a shorter path. At last but least, Mr Satria then concluded the session with some security solutions with monitoring using intrusion detection and encrypt message routing. The talk is then dismissed.

A Talk by Mr. Khalid in Seminar In Info. Sec. Class (MCS 2070)

Howdy! This is my first assignment and i'm about to write a brief summary of what Mr. Khalid had talked in a short seminar in class last weekend (Thursday,10th February 2011). Firstly this is a Prof. Dr. Abdul Hanan's Seminar in Information Security subject class (MCS 2070)  assignment. Okay let's begin. The talk is presented by Mr. Khalid who is a PhD. student under Prof. Dr. Abdul Hanan. Network Security is his field of expertise and he is from Pakistan. He is the one who has Certified Ethical Hacker (CEH) and a vice-president of Computer Emergency Research Team (CERT) R&D team. He starting by saying that briefing about what are the basic needs of information security and what we want to be and who we are in information security field. After that he stated that he needs a volunteer in his project. He needs a good programmer to help him in his project. Then he continue the talk with giving a lecture about the meaning of cyber crimes. Then he told us about the scenario in which the Pakistan Airlines server was down for more than 3 times because of someone had hacked the server. Then they responded to FIA. The FIA is a government organization supervised by the government of Pakistan. Then Mr. Khalid has asked his CERT team to investigate and bring their expert to rectify the problem. All of his CERT team member is a CEH certified personnel.

After that he continue the talk about some lecture about Hacking and the definition of it. And the meaning of hacker, according to Mr. Khalid, is a person who is unauthorized try to enter a system using backdoor. Then he said that an Ethical Hacking means a positive thing we do. Then he continue with lecture about MyCERT that is in Malaysia and he said that maybe someday there could be a FSKM CERT would be established in UTM. Then he shared with us some of his experience about PANDA anti-virus software and he stated that PANDA is the world's number 3 anti-virus software and he has a friend who has working at PANDA company. He then give us some advise about using pirate software. He noted that using a pirate software is risk to a virus intrusion. And then he shared about read first the License Agreement (LA) before proceed to install some software. Before he concludes his seminar, he said something about Virtual Private Network (VPN) Security. The VPN Security is his project which are to encrypt.decrypt and modified hardware and also his field of expertise. And last but not least, he said that everyone who wants to ask him for some help regarding his field of expertise, he is willing to help and give some advise or whatsoever. Then the class concluded with some Question & Answer (Q&A) session before dismissed.