In order to provide useful services or to allow people to perform tasks more conveniently, computer systems are attached to networks and get interconnected. This resulted in the world-wide collection of local and wide-area networks known as the Internet. Unfortunately, the extended access possibilities also entail increased security risks as it opens additional avenues for an attacker. For a closed, local system, the attacker was required to be physically present at the network in order to perform unauthorized actions. In the networked case, each host that can send packets to the victim can be potentially utilized.

As certain services (such as web or name servers) need to be publicly available, each machine on the Internet might be the originator of malicious activity. This fact makes attacks very likely to happen on a regularly basis.

The following text attempts to give a systematic overview of security requirements of Internet based systems and potential means to satisfy them. We define properties of a secure system and provide a classification of potential threats to them. We also introduce mechanisms to defend against attacks that attempt to violate desired properties. The most widely used means to secure application data against tampering and eavesdropping, the Secure Sockets Layer (SSL) and its successor, the Transport Layer Security (TLS) protocol are discussed. Finally, we briefly describe popular application programs that can act as building blocks for securing custom applications.

“By the end of 2010, 85% of enterprises will be infected with undetected, financially motivated,
targeted threats that evaded their traditional perimeter and host defenses”- By Gartner, Top Ten
Key Predictions, 2010

Before one can evaluate attacks against a system and decide on appropriate mechanisms against them, it is necessary to specify a security policy. A security policy defines the desired properties for each part of a secure computer system. It is a decision that has to take into account the value of the assets that should be protected, the expected threats and the cost of proper protection mechanisms. A security policy that is sufficient for the data of a normal user at home may not be sufficient for bank applications, as these systems are obviously a more likely target and have to protect more valuable resources. Although often neglected, the formulation of an adequate security policy is a prerequisite before one can identify threats and appropriate mechanisms to face them.

”The most pressing question for the future of the Internet is not how the technology will change,
but how the process of change and evolution itself will be managed.”


For the following discussion, we assume that the function of a system that is the target of an attack is to provide information. In general, there is a flow of data from a source (e.g. host, file, memory) to a destination (e.g. remote host, other file, and user) over a communication channel (e.g. wire, data bus).

The task of the security system is to restrict access to this information to only those parties (persons or processes) that are authorized to have access according to the security policy in use. In the case of an automation system which is remotely connected to the Internet, the information flow is from/to a control application that manages sensors and actuators via communication lines of the public Internet and the network of the automation system (e.g. a field-bus ).

The normal information flow and several categories of attacks that target it are shown in Figure and explained below:

1. Interruption: An asset of the system gets destroyed or becomes unavailable. This attack targets the source or the communication channel and prevents information from reaching its intended target (e.g. cut the wire, overload the link so that the information gets dropped because of congestion). Attacks in this category attempt to perform a kind of denial-of-service (DOS).

2. Interception: An unauthorized party gets access to the information by eavesdropping into the communication channel (e.g. wiretapping).

3. Modification: The information is not only intercepted, but modified by an unauthorized party while in transit from the source to the destination. By tampering with the information, it is actively altered (e.g. modifying message content).

4. Fabrication: An attacker inserts counterfeit objects into the system without having the sender doing anything. When a previously intercepted object is inserted, this processes is called replaying. When the attacker pretends to be the legitimate source and inserts his desired information, the attack is called masquerading (e.g. replay an authentication message,add records to a file).


Confidentiality: Ensuring that information is accessible only to those authorized to have access and is one of the cornerstones of Information Security. It requires information in a computer system only be accessible for reading by authorized parties. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern Cryptography. The data confidentiality act of British Parliament defines following key points in the relevant context: Personal data must be:

  • Processed fairly and lawfully.
  •  Obtained for specified and lawful purposes.
  •  Adequate, relevant and not excessive.
  •  Accurate and up to date.
  •  Not kept any longer than necessary.
  •  Processed in accordance with the ―data subject ̳s‖ (the individual ̳s) rights.
  •  Securely kept.
  •  Not transferred to any other country without adequate protection.

Integrity: Integrity is defined for the assets which can be modified by authorized parties only. In computer science and telecommunications, the term data integrity has the following meanings:

  • The condition in which data are identically maintained during any operation, such as transfer, storage, and retrieval.
  •  The preservation of data for their intended use.
  •  Relative to specified operations, the a priori expectation of data quality.

Specifically, data integrity in a relational database is concerned with three aspects of the data in a database:

  • Accuracy
  • Correctness
  •  Validity

Availability: It is defined as the Assets to be available to authorized parties whenever and however needed. It forms one of the major parts of comprehensive internet threats report due to the fact that without proper availability of the data at the right instance, its existence becomes miniscule.

 Authenticity: It requires that a computer system be able to verify the identity of a user. In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program. A blind credential, in contrast, does not establish identity at all, but only a narrow right or status of the user or program.

The problem of authorization is often thought to be identical to that of authentication; many widely adopted standard security protocols, obligatory regulations, and even statutes are based on this assumption. However, more precise usage describes authentication as the process of verifying a person’s identity, while authorization is the process of verifying that a known person has the authority to perform a certain operation. Authentication, therefore, must precede authorization. For example, when you show proper identification to a bank teller, the teller could authenticate you, and you would be authorized to access information about your bank accounts. You would not be authorized to access accounts that are not your own.

Non-Repudiation: This property describes the feature that prevents either sender or receiver from denying a transmitted message. When a message has been transferred, the sender can prove that it has been received. Similarly, the receiver can prove that the message has actually been sent.

“Internet Security Issues” All communication over the Internet uses the Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP allows information to be sent from one computer to another through a variety of intermediate computers and separate networks before it reaches its destination. The great flexibility of TCP/IP has led to its worldwide acceptance as the basic Internet and intranet communications protocol. At the same time, the fact that TCP/IP allows information to pass through intermediate computers makes it possible for a third party to interfere with communications in the following ways:

  • Eavesdropping: Information remains intact, but its privacy is compromised. For example, someone could learn your credit card number, record a sensitive conversation, or intercept classified information.
  • Tampering: Information in transit is changed or replaced and then sent on to the recipient. For example, someone could alter an order for goods or change a person ̳s resume.
  • Impersonation: Information passes to a person who poses as the intended recipient. Impersonation can take two forms:
  • Spoofing: A person can pretend to be someone else. For example, a person can pretend to have the E-mail address, or a computer can identify itself as a site called when it is not. This type of impersonation is known as Spoofing.
  • Misrepresentation: A person or organization can misrepresent itself. For example, suppose the site pretends to be a furniture store when it is really just a site that takes credit-card payments but never sends any goods.