Tag: Cyber Security

Blockchain and Digital Identity

Technological advancements in the digital space has revolutionized every aspect of our lives, from shopping to collaborating with colleagues to keeping in touch with friends to entertainment to managing our finances. Since the dawn of the Internet, identity management has been a key concern, with billions of dollars being spent on usability, security and privacy.

The identity and access management market is expected to grow from $8.09 billion in 2016 to $14.82 billion by 2021, representing a 12.9% CAGR. Despite this huge investment, managing digital identities continues to be plagued by three Cs – Cumbersome, Costly and Challenging.

With data driving the world today, digital identity is critical to most business and social transactions. This governs the interaction of users in the digital world. But traditional identity systems continue to be highly vulnerable, with single points of failure, attracting continuous attempts to gain access to the complete repository of high value data.

And, with companies prioritizing cybersecurity, identity protection and compliance management, while customer experience is significantly compromised. As individuals, we shoulder the burden of managing multiple online IDs and passwords, while also handling a host of documents, including passports, driver’s licenses, Social Security cards and medical insurance cards.

Blockchain has evolved significantly from the distributed ledger technology created to track bitcoin ownership. This technology can replace traditional systems with a highly trusted mechanism of managing identities. Blockchain can empower users to have greater control over their own identity. Organizations can use the information only with customers’ consent and no central entity would be able to compromise a consumer’s identity.

Blockchain has facilitated the so-called self-sovereign identity, which is inherently unalterable and more secure than traditional identity systems.

This has the potential to completely change the way we use identities to connect to different online services. Individuals would use their self-sovereign ID to verify their identity, removing the need for passwords. As with every lifechanging innovation, there’s been an extended period of evolution, with experts exchanging ideas and little consensus on what self-sovereign ID means!

It’s a concept that stems from the belief that an individual must have control over the administration of his identity. The ID cannot be locked into one site and there needs to be interoperability of the ID across multiple platforms, with user consent. Experts have been contemplating the summation of various identifying information like demographic and employment related data and even information about the individual revealed by other people.

MAN IN THE MIDDLE (MITM) ATTACK

A man-in-the-middle attack is a category of cyberattack where a malevolent actor inserts him/herself into a tête-à-tête between two parties, impersonates both parties and receives access to data that the two parties were trying to send to each other. A man-in-the-middle attack allows a malevolent actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways, including MITM, MitM, MiM or MIM.

Key Concepts of a Man In The Middle Attack

  1. Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.
  2. A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
  3. Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.

Interactions that are susceptible to MITM Attack

  • Financial sites – between login and authentication
  • Connections meant to be secured by public or private keys
  • Other sites that require logins – where there is something to be gained by having access

Other Forms of Session Hijacking

Man-in-the-middle is a form of session hijacking. Other forms of session hijacking similar to man-in-the-middle are:

  1. Sidejacking – This attack involves sniffing data packets to steal session cookies and hijack a user’s session. These cookies can contain unencrypted login information, even if the site was secure.
  2. Evil Twin – This is a rogue Wi-Fi network that appears to be a legitimate network. When users unknowingly join the rogue network, the attacker can launch a man-in-the-middle attack, intercepting all data between you and the network.
  3. Sniffing – This involves a malicious actor using readily available software to intercept data being sent from, or to, your device.

DoS Attack: An Introduction

Denial-of-Service (DoS) attack is an attack intended to shut down a mechanism or network, making it unreachable to its envisioned users. DoS attacks achieve this by flooding the target with traffic, or transfer the data that prompts a crash. In both instances, the DoS attack divests legitimate users of the facility or resource they expected.

Victims of DoS attacks frequent target web servers of high-profile organizations such as banking, commerce, and media companies, or government and trade organizations. Though DoS attacks do not characteristically result in the theft or loss of important data or other assets, they can cost the victim a great deal of time and money to holder.

There are two over-all methods of DoS attacks: overflowing services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:

Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the scheme to handle. It consists of the attacks listed below, in addition to others that are intended to exploit bugs specific to certain applications or networks

ICMP flood – influences misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.

SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until all open ports are saturated with requests and none are available for legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.

An additional type of DoS attack is the Distributed Denial of Service (DDoS) attack. A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to a single target. The essential difference is that instead of being attacked from one location, the target is attacked from many locations at once. The distribution of hosts that defines a DDoS provide the attacker multiple advantages:

  • He can leverage the greater volume of machine to execute a seriously disruptive attack
  • The location of the attack is difficult to detect due to the random distribution of attacking systems (often worldwide)
  • It is more difficult to shut down multiple machines than one
  • The true attacking party is very difficult to identify, as they are disguised behind many (mostly compromised) systems

Modern safety technologies have advanced mechanisms to guard against most forms of DoS attacks, but due to the exclusive characteristics of DDoS, it is still observed as an raised threat and is of higher concern to administrations that fear being beleaguered by such an attack.