Module: Network Security - Introduction to Computer Security | CSE 543, Study notes of Computer Science

Material Type: Notes; Professor: McDaniel; Class: Computer Security; Subject: Computer Science and Engineering; University: Penn State - Main Campus; Term: Fall 2008;

Typology: Study notes

Pre 2010

Uploaded on 09/24/2009

koofers-user-daq
koofers-user-daq 🇺🇸

10 documents

1 / 70

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
3YSTEMSAND)NTERNET
)NFRASTRUCTURE3ECURITY
I
I
.ETWORKAND3ECURITY2ESEARCH#ENTER
$EPARTMENTOF#OMPUTER3CIENCEAND%NGINEERING
0ENNSYLVANIA3TATE5NIVERSITY5NIVERSITY0ARK0!
CSE543 - Introduction to Computer and Network Security Page
CSE543 - Introduction to
Computer and Network Security
Module:
Network Security
Professor Patrick McDaniel
Fall 2008
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46

Partial preview of the text

Download Module: Network Security - Introduction to Computer Security | CSE 543 and more Study notes Computer Science in PDF only on Docsity!

3YSTEMSAND)NTERNET

)NFRASTRUCTURE3ECURITY

I I .ETWORKAND3ECURITY2ESEARCH#ENTER $EPARTMENTOF#OMPUTER3CIENCEAND%NGINEERING 0ENNSYLVANIA3TATE5NIVERSITY 5NIVERSITY0ARK0! CSE543 - Introduction to Computer and Network Security Module: Network Security Professor Patrick McDaniel Fall 2008

Networking

  • (^) Fundamentally about transmitting information between two devices
  • (^) Direct communication is now possible between any two devices anywhere (just about) ‣ Lots of abstraction involved ‣ Lots of network components ‣ Standard protocols ‣ Wired and wireless ‣ Works in protection environment
  • (^) What about ensuring security?

Exploiting the network ...

  • (^) The Internet is extremely vulnerable to attack ‣ it is a huge open system ... ‣ which adheres to the end-to-end principle - (^) smart end-points, dumb network
  • (^) Can you think of any large-scale attacks that would be

E2E Argument

  • (^) Clark et. al discussed a property of good systems that says features should be placed as close to resources as possible ‣ In communication, this means that we want the middle of the network to be simple, and the end-points to be smart (e.g., do everything you can at the end-points - (^) “Dumb, minimal network” ‣ This is the guiding principle of IP (Internet) ‣ Q: Does this have an effect on security?
  • (^) Note: this is a departure from the early networks which smart network, dumb terminals
  • (^) TCP/IP uses a three-way handshake to establish a connection
  1. C -> S: QC
  2. S -> C: Q S, ack(Q C ) where sequence number Q S is nonce
  3. C -> S: ack(QS) … then send data
  4. However assume the bad guy does not hear msg 2, if he can guess QS, then he can get S to accept whatever data it wants (useful if doing IP authentication, e.g., “rsh”) Client Server Adversary Sequence number prediction
  • (^) The only way you really fix this problem to stop making the sequence numbers predictable: ‣ Randomize them -- you can use DES or some other mechanism to generate them randomly ‣ There is an entire sub-field devoted to the creation and management of randomness in OSes
  • (^) Also, you could look for inconsistencies in timing information ‣ Assumption: the adversary has different timing than ‣ OK, maybe helpful, but far from definitive Sequence Number Prediction (fixes)
  • (^) ICMP is used as a control plane for IP messages ‣ Ping (connectivity probe) ‣ Destination Unreachable (error notification) ‣ Time-to-live exceeded (error notification)
  • (^) These are used for good purposes, and are largely indispensable tools for network management and control ‣ Error notification codes can be used to reset connections without any
  • (^) Solution: verify/sanity check sources and content ‣ ICMP “returned packets” Internet Control Message Protocol
  • (^) In 1996, someone discovered that many operating systems, routers, etc. could be crash/rebooted by sending a single malformed packet ‣ It turns out that you can send a IP packet larger than 65, ( 16 ), it would crash the system ‣ The real reason lies in the way fragmentation works - It allows somebody to send a packet bigger than IP allows - (^) Which blows up most fixed buffer size implementations - (^) … and dumps core, blue screen of death, etc. ‣ Note: this is not really ICMP specific, but easy (try it) % ping -l 65510 your.host.ip.address
  • (^) This was a popular pastime of early hackers

The “ping of death” …

  • (^) Attack: replace good entries with your own
  • (^) Leads to ‣ Session hijacking ‣ Man-in-the-middle attacks ‣ Denial of service, etc.
  • (^) Lots of other ways to abuse ARP.
  • (^) Nobody has really come up with a good solution ‣ Except smart bridges, routers that keep track of MACs
  • (^) However, some not worried ‣ If adversary is in your perimeter, you are in big trouble ‣ You should never should validate the source of each pack

ARP poisoning

  • (^) Finger user identity (my advisor hated this) ‣ host gives up who is logged in, existence of identities PSU.local Presentations > finger megan Login: megan Name: Megan Smith Directory: /Users/megan Shell: /bin/bash Last login Mon 23 Aug 13:19 (EDT) on console No Mail. No Plan. PSU.local Presentations >
  • (^) This is horrible in a distributed environment ‣ Privacy, … ‣ Lots of information to start a compromise of the user. Other flawed protocols/services
  • (^) DNS maps between IP address (12.1.1.3) and domain and host names (ada.cse.psu.edu) ‣ How it works: the “root” servers redirect you to the top level domains (TLD) DNS servers, which redirect you to the appropriate sub-domain, and recursively …. ‣ Note: there are 13 “root” servers that contain the TLDs for .org, .edu, and country specific registries (.fr, .ch) Host (resolver) root .edu psu.edu cse.psu.edu ada.cse.psu.edu? 130.203.16. DNS - The domain name system
  • (^) Nothing is authenticated, so really the game is over ‣ You can not really trust what you hear … ‣ But, many applications are doing just that. ‣ Spoofing of DNS is really dangerous
  • (^) Moreover, DNS is a catalog of resources ‣ Zone-transfers allow bulk acquisition of DNS data ‣ … and hence provide a map for attacking the network
  • (^) Lots of opportunity to abuse the system ‣ Relies heavily on caching for efficiency -- cache pollution ‣ Once something is wrong, it can remain that way in caches for a long time (e.g., it takes a long time flush) ‣ (^) Data may be corrupted before it gets to authoritative server

DNS Vulnerabilities

  • (^) TSIG : transaction signatures protect DNS operations ‣ Zone loads, some server to server requests (master -> slave), etc. ‣ Time-stamped signed responses for dynamic requests ‣ A misnomer -- it currently uses shared secrets for TSIG (HMAC) or do real signatures using public key cryptography
  • (^) SIG0: a public key equivalent of TSIG ‣ Works similarly, but with public keys ‣ Not as popular as TSIG, being evaluated
  • (^) Note: these mechanisms assume clock sync. (NTP)

DNSsec Mechanisms

  • (^) Securing the DNS records ‣ Each domain signs their “zone” with a private key ‣ Public keys published via DNS ‣ Indirectly signed by parent zones ‣ Ideally, you only need a self-signed root, and follow keys down the hierarchy root .edu psu.edu cse.psu.edu Signs Signs Signs

DNSsec Mechanisms