Presentation

on
Operating
system security

Presented By:
Group 1
 Index
Introduction
Malware
Cryptography
Authentication
 INTRODUCTION
Operating system: collection of programs that
allows user to operate computer hardware

Security refers to providing a protection system to

computer system resources such as: – CPU,
memory, disk – software programs and – most
importantly data/information stored in the
computer system.
What is Malware ??
Malware (short for malicious software) refers
to any software designed to harm or exploit
computer systems,networks,or users
Malware Features & Types
Infectious:
 Viruses, worms

Concealment:
 Trojan horses, logic bombs, rootkits

Malware for stealing information:

 Spyware, keyloggers, screen scrapers

Malware for profit:

 Dialers, scarewares, ransomware

Malware as platform for other attacks

 Botnets, backdoors (trapdoors)

Many malwares have characteristics of multiple types

Trojan Horse
Software that appears to perform a desirable function for the
user prior to run or install, but (perhaps in addition to the
expected function) steals information or harms the system.
User tricked into executing Trojan horse
 Expects (and sees) overt and expected behavior
 Covertly perform malicious acts with user’s
authorization
Logic Bomb
Embedded in legitimate programs
Activated when specified conditions met
E.g., presence/absence of some file; Particular
date/time or particular user
When triggered, typically damages system
Modify/delete files/disks
Virus
Attach itself to a host (often a program) and
replicate itself

Self-replicating code
 Self-replicating Trojan horses
 Alters normal code with “infected” version

Operates when infected code executed

If spread condition then
For target files
if not infected then alter to include virus
Perform malicious action
Execute normal program
Worm
• Self-replicating malware that does not require a host program
 Propagates a fully working version of itself to other machines
 Carries a payload performing hidden tasks
 Backdoors, spam relays, DDoS agents; …
 Phases
 Probing  Exploitation  Replication  Payload
 What is Cryptography?
Cryptography derived its name from a Greek word called
“krypto’s” which means “Hidden Secrets”.
Cryptography is the practice and study of hiding information. It
is the Art or Science of converting a plain intelligible data into an
unintelligible data and again retransforming that message into its
original form.
It provides Confidentiality, Integrity, and Accuracy.
 PURPOSE OF CRYPTOGRAPHY
 Authentication: The process of proving one's identity. (The
primary forms of host-to-host authentication on the Internet
today are name-based or address-based, both of which are
notoriously weak.)
 Privacy/confidentiality: Ensuring that no one can read the
message except the intended receiver.
 Integrity: Assuring the receiver that the received message has
not been altered in any way from the original.
 Non-repudiation: A mechanism to prove that the sender
really sent this message.
Architecture of cryptography
 Using Keys
 Private keys are used for decrypting.
 Public keys are used for encrypting.
Process of cryptography
TYPES OF CRYPTOGRAPHIC
ALGORITHMS
Attacks of
cryptography
Cipher text only attack
 The only data available is a target cipher text
Known plaintext attack
 A target cipher text
 Pairs of other cipher text and plaintext (say, previously
broken or guessing)
Attacks of cryptography…
Chosen plaintext attacks
 A target cipher text
 Can feed encryption algorithm with plaintexts and

obtain the matching cipher texts

Chosen cipher text attack
 A target cipher text
 Can feed decryption algorithm with cipher texts and obtain
the matching plaintext matching cipher texts
Authentication
Authentication is the act of establishing
or confirming something (or someone) as
authentic, that is, that claims made by or
about the subject are true. This might
involve confirming the identity of a
person, tracing the origins of an artifact,
ensuring that a product is what its
packaging and labeling claims to be, or
assuring that a computer program is a
trusted one.
User Authentication
Using a method to validate users who
attempt to access a computer system or
resources, to ensure they are authorized
Types of user authentication
Something you know
 E.g., user account names and passwords
Something you have
 Smart cards or other security tokens
Something you are
 Biometrics
Scenarios Requiring User
Authentication Client
Scenarios
Logging into a local computer
Logging into a computer remotely

Password
Logging into a network
Access web sites

Vulnerabilities can exist at client side, server

side, or communications channel.
Server
Reasons Authentication is
Important
 1. Protection Against Unauthorised Access
 It is crucial in protecting against unauthorised access by ensuring that only authorised
individuals or systems can access the data.
 Without authentication, anyone could access the data, putting it at risk of being stolen,
tampered with, or compromised.
 2. Convenience
 Authentication can make it easier for users to access resources. Different types of
authentication methods, such as single sign-on, multi-factor authentication, and biometric
authentication, can ensure that only authorised individuals can access sensitive information.
 3. Trust and Reputation
 Authentication helps to build trust and reputation. It ensures that only authorised individuals or
systems can access sensitive information and helps protect an organisation's reputation.
Customers, partners, and other stakeholders are more likely to trust an organisation that
implements robust authentication methods.
How Does Authentication
Work?
Basic authentication involves proving a
user is who they say they are through
authentication methods such as a
username and password, biometric
information such as facial recognition or
fingerprint scans, and phone or text
confirmations (which are most often used
as part of two-factor authentication
methods).
Authentication Factors
 Something you know (aka knowledge factors): This is the most
common authentication factor. It verifies identity by confirming
users through confidential information they have, such as a login
and password.
 Something you have (aka possession factors): Users verify their
identity with a unique object such as an access card or key fob. This
authentication removes the risk of forgetting passwords; however, it
means the user must have the object with them whenever they need
to access a system, and they run the risk of losing it by accident or
theft.
 Something you are (aka inherence factors): An inherence factor
verifies identity through inherent biometric characteristics of the
user—like a fingerprint, voice, or iris pattern. The advantage of
biometric authentication is that they’re harder to lose or replicate.
But they can be expensive and less accurate than traditional
authentication factors.
Types of Authentication
 1.Single-Factor Authentication:
 Single-factor authentication (SFA) or one-factor authentication involves matching one credential
to gain access to a system (i.e., a username and a password). Although this is the most common
and well-known form of authentication, it is considered low-security and the Cybersecurity and
Infrastructure Security Agency (CISA) recently added it to its list of Bad Practices.
 The main weakness is that single-factor authentication provides just one barrier. Hackers only
need to steal the credentials to gain access to the system. And practices such as password reuse,
admin password sharing, and relying on default or otherwise weak passwords make it that much
easier for hackers to guess or obtain them.
 2.Two-Factor Authentication:
 Two-factor authentication (2FA) adds a second layer of protection to your access points. Instead
of just one authentication factor, 2FA requires two factors of authentication.
 Keep in mind that although a username and password are two pieces of information, they are
both knowledge factors, so they are considered one factor. In order to qualify as two-factor
authentication, the other authentication method must come from one of the other two categories.
 3.Biometrics:
 Biometric authentication relies on biometrics like fingerprints, retinal scans, and facial scans to
confirm a user’s identity. To do this, the system must first capture and store the biometric data.
And then when the user goes to log in, they present their biometric credentials and the system
compares them to the biometric data in their database. If they match, they’re in.
CONCLUSION
 We use different types of algorithms to establish security
services in different service mechanisms.
We use either private key cryptography or public key
cryptography according to requirement.
 If we want to send message quickly we use private key
algorithm and if we want to send messages secretly we use
public key algorithm.