Understanding the Chinese Financial System

Delve into the rural-urban divide in the Chinese financial system, examining social and political bases for differences in entitlements, historical land rights, struggles with property rights, TVEs, rural banking development, ABC's role in rural finance, and more.

• Chinese finance
• Rural-urban
• TVEs
• Property rights
• Rural banking

nmcad Follow

Uploaded on Mar 12, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Dr. Liang Zhao

2. Road Map Mobile Security Security Auditing & Risk Analysis WLAN Security Introduction Mobile Network Overview (optional) Evolution of Wireless Network WLAN Overview Evolution of Cloud Cellular Network Security (optional) Infor. Security Essentials WLAN Threats & Vulnerabilities Confidentiality and Inte grity of Cloud Mobile Security Threats WLAN Security Cloud Threats & Vulner abilities WLAN Security Tools Mobile Devices Security (optional) Cloud Security 2 2

3. Learning Outcomes After this module, a student will be able to: Describe different types of attackers Describe the vulnerabilities of WLAN in general Describe WEP, WPA and WPA2 and their vulnerabilities. Explain what s passive attack and what s active attack. Describe confidentiality, access control, availability, authentication and integrity attacks on WLAN. Discuss Bluetooth security features Describe Bluetooth vulnerabilities and threats Describe the threat models of the Ad Hoc wireless network 3

4. General Profiles of A Cyber Attacker Attacker Example Motive Script Kiddie/Skid partially engagedin understanding offensive tools Expert Attackers Kevin Mitnick, curiosity, money, patriotism, etc. Activist/Hack tivists Anonymous Nation States Disrupting Services Logic Bombs, support law enforcement & military Terrorists ISIS Defacement of US disabled Veteran websites, DDoS of power grids, Chemical Changes in Water Cybercrime Mafia Money Action People interested in or only Curious, Mischievous, Street Cred Since they don t know the tools they may be very noisy when attacking and perform a lot of attempts, may have the most harmful consequences Only limited by their imagination, can steal, spy, and sell exploits on the unethicalmarket @th3j35t3r, EdSkodus, Various motives, Manning,Snowden, Further a Cause Reveal Information, further a cause, deface websites, or disrupt progress of opposition Gain a greater understanding of allies andenemies Stuxnet Espionage: Stealing, Further a Cause Infiltrate, destroy data, cause political upheaval, death, manipulate data in order to promote a cause DOS against financial institutions, steal credentials, sell illegal goods, anything for money, Crime as a Service (CaaS), Ransomware variants, credit card theft, etc. Destruction of data, altering data, or stealing information Insider Attacker Current or Former Employee Revenge, could be clueless employees too Ex. Cyber-Physical System Research

5. WLAN Vulnerabilities WLAN-Flexibility, cost-effectiveness, & easy of installation Use of Radio Frequency Difficult to contain the signals Vulnerabilities in security standards Easy to setup often means more network not properly configured for secure access 5

6. Security Standards WEP (Wired Equivalent Privacy) Created in 1999 by IEEE 802.11b Provide same level of privacy as that of wired LAN 40/104 bit key are static & IV (initial vector) is short No effective key management (key generation, exchange, storage, use) Encryption algorithm (RC4) Known flaws Easy target for cryptanalysis Shouldn t be used in today s WLAN 6

7. Wi-Fi Protected Access (WPA) Developed in 2004 by 802.11i to address issues of WEP Use 48bits TKIP (Temporal Key Integrity Protocol). Add Integrity protection Enterprise and personal mode Enterprise mode use EAP and 802.1x for access control and authentication Backward compatible with old device employs WEP Still uses RC4 Vulnerable to dictionary, brute force, and DoS attacks 7

8. WPA2 Successor to WPA, ratified by IEEE 802.11 in 2004 Most secure security standard available Replace RC4 & TKIP with AES (Advanced Encryption Standard) and CCMP (CCM mode of AES) for encryption and authentication More seamless roaming Still have vulnerability 8

9. Enterprise Mode Vs. Personal Mode Exist in WPA & WPA2 Same encryption algorithms Different authentication method Enterprise mode 802.1x, designed for organizations Personal mode pre-shared keys, designed for home use Ex. KSU network vs Home network 9

10. http://searchnetworking.techtarget.com/feature/Wireless-encryption-basichttp://searchnetworking.techtarget.com/feature/Wireless-encryption-basic s-Understanding-WEP-WPA-and-WPA2 10

11. Attacks to WLAN Passive attack Traffic analysis Active attack Man-in-the-Middle attack Unauthorized access Rogue access point 11

12. Confidentiality Attacks Traffic analysis Eavesdropping Man-in-the-Middle attack Evil Twin AP (pretending to a legitimate AP) 12

13. Access Control Attacks Wardriving (locating and possibly exploiting connections to wireless local area networks while driving around.) Rogue access point (installed on a secure network without explicit authorization from a local network) MAC address spoofing (change MAC address) Unauthorized access 13

14. Integrity Attack Session hijacking (web browser, https to prevent) Replay attack (repeat the authenticated sessions to gain access) 802.11 frame injection attack (ex. inject a frame while a user is trying to logon into a banking website.) 802.11 data replay attack (capture and save data frames ; WEP) 802.11 data deletion (deleting thedata being transmitted) 14

15. Availability Attacks DoS/ Queensland DoS (physical layer DoS attack against Wifi, disrupt clear channel assessment) RF Jamming (disrupt communication by decreasing the signal-to-noise ratio) 802.11 (Wifi) beacon flood 802.11 association flood 802.11 de-authentication (attacker (claim as the client) send de-authentication frame to AP) Fake SSID EAPOL flood AP theft 15

16. Authentication Attack Dictionary & brute force Shared key guessing PSK cracking Application login theft 16

17. Bluetooth Security Features Three basic security services in the Bluetooth standard Authentication Confidentiality Authorization Various versions of Bluetooth specifications define four security modes Security mode 1: non-secure. Authentication and encryption bypassed, hacking Security mode 2, 3, and 4: different authentication and encryption processes specifications. 17

18. Bluetooth Threats & Vulnerabilities Vulnerabilities Encryption key length negotiate (agree on a weak key to use, brute force to break) No user authentication (only device authentication) End-to-end security is not provided and much more Threats Bluesnarfing (hacker pairs with your Bluetooth device without your knowledge and steals or compromises your personal data). Need to turn it off when not using it. Bluejacking (sending of unsolicited/anonymous messages to Bluetooth-enabled devices) Bluebugging (allowing hackers to access and take full control of a device.) 18

19. Ad Hoc Wireless Network Threats Internal threats (malicious impersonation to get the access to the network) External threats (cause congestion or disturb nodes from providing services, drain limited energy) Routing threats (propagate fake routing information) Ex. Sleep Deprivation Attack 19

20. Reference Praphul Chandra, Bulletproof Wireless Security: GSM, UMTS, 802.11, and Ad Hoc Security, ELSEVIER, 2005. Jim Doherty, Wireless and Mobile Device Security, Jones & Bartlett Learning, 2016. https://www.walshcollege.edu/upload/docs/CyberSpring/ Profile%20of%20a%20Cyber%20Attacker%20Presentation. pdf https://thesai.org/Downloads/Volume5No1/Paper_25- Wireless_LAN_Security_Threats_Vulnerabilities.pdf http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpu blication800-121r1.pdf https://www.tifr.res.in/~sanyal/papers/Tapalina_IJCA_Slee p_Deprivation.pdf 20