Network Security 5, Exams of Computer Networks

So for network-layer flooding, generally only works for UDP-based protocols (can't establish a TCP connection). • Note #2: victim doesn't see spoofed source ...

Typology: Exams

2022/2023

Uploaded on 05/11/2023

cristelle
cristelle 🇺🇸

4.5

(53)

374 documents

1 / 52

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Computer Science 161 Spring 2019 Popa & Weaver
Network!
Security
5
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34

Partial preview of the text

Download Network Security 5 and more Exams Computer Networks in PDF only on Docsity!

Computer Science 161 Spring 2019 Popa & Weaver

Network

Security

Computer Science 161 Spring 2019 Popa & Weaver

Reminder:

HTTPS Connection (SSL / TLS)

  • Browser (client) connects via TCP to Amazon’s HTTPS server
  • Client picks 256-bit random number RB, sends over list of crypto protocols it supports
  • Server picks 256-bit random number RS, selects protocols to use for this session
  • Server sends over its certificate
    • (all of this is in the clear)
  • (^) Client now validates cert 2 SYN SYN ACK ACK Browser Amazon Server Hello. My rnd # = R B. I support (TLS+RSA+AES128+SHA1) (^) or (SSL+RSA+3DES+MD5) (^) or … My rnd # = R S. Let ’s use TLS+RSA+AES128+SHA Here ’s my cert ~2- KB of^ data

Computer Science 161 Spring 2019 Popa & Weaver

Alternative: Ephemeral Key Exchange via

Diffie-Hellman

  • For Diffie-Hellman (DHE), server generates random a, sends public parameters and ga^ mod p
  • Signed with server’s private key
  • Browser verifies signature
  • Browser generates random b, computes PS = gab mod p, sends gb^ mod p to server
  • Server also computes PS = gab^ mod p
  • Remainder is as before: from PS, RB, and RS, browser & server derive symm. cipher keys (CB, CS) and MAC integrity keys (IB, IS), etc… 4 Browser Here’ s my cert ~2- KB of^ data gb (^) mod p PS PS {M 1 , MAC(M 1 ,IB)} CB MAC( dialog ,IS) MAC( dialog ,IB) {g, p, g a^ mod p} (^) K -1Amazon … Amazon Server

Computer Science 161 Spring 2019 Popa & Weaver

Cipher Suite

Negotiation

  • Chrome's cipher-suite information
    • Client sends to the server
    • Server then choses which one it wants
      • It should pick the common mode that both prefer based on order
  • First is a dummy to keep servers honest
  • Then its the bulk encryption only options
  • Then key exchanges w encryption mode
    • Description is key exchange, signature (if necessary), and then bulk cipher & hash

Computer Science 161 Spring 2019 Popa & Weaver

And Sabotaged pRNGs...

  • Let us assume the server is using DHE...
    • If an attacker can know^ a , they have all the information needed to decrypt the traffic:
      • Since PS = gab, and can see gb.
  • TLS spews a lot of "random" numbers publicly as well
    • Nonces in the crypto, Rs, etc...
  • If the server uses a bad pRNG which is both sabotaged and doesn't have rollback resistance ...
    • Dual_EC DRBG where you know the secret used to create the generator...
    • ANSI X9.31: An AES based one with a secret key...
  • (^) Attacker sees the handshake, sees subsequent PRNG calls, works backwards to get the secret
    • Attack of the week: DUHK
    • https://blog.cryptographyengineering.com/2017/10/23/attack-of-the-week-duhk/

Computer Science 161 Spring 2019 Popa & Weaver

Forward Secrecy Modes...

  • The real benefit from DHE/ECDHE "forward secret" modes
    • Reminder: Forward Secrecy: Even if the attacker later compromises the server's private key, the attacker can't compromise previous traffic
  • It makes it far more difficult to use even after an attacker compromises the server's private key
    • Attacker has to be a full MitM: Do the handshake to the client and a separate one for the server

Computer Science 161 Spring 2019 Popa & Weaver

The Easy DoS on a System:

Resource Consumption...

  • Bad Dude has an account on your computer...
    • And wants to disrupt your work on Project 2...
  • He runs this simple program:
    • while(1):
      • Write random junk to random files
        • (uses disk space, thrashes the disk)
      • Allocate a bunch of RAM and write to it
        • (uses memory)
      • fork()
        • (creates more processes to run)
  • Only defense is some form of quota or limits: The system itself must enforce some isolation

Computer Science 161 Spring 2019 Popa & Weaver

The Network DOS

Computer Science 161 Spring 2019 Popa & Weaver

DoS & Networks

  • How could you DoS a target’s Internet access?
    • Send a zillion packets at them
    • Internet lacks^ isolation^ between traffic of different users!
  • What resources does attacker need to pull this off?
    • At least as much sending capacity ( bandwidth ) as the bottleneck link of the target’s Internet connection
  • Attacker sends maximum-sized packets
    • Or: overwhelm the rate at which the bottleneck router can process packets
      • Attacker sends minimum-sized packets!
        • (in order to maximize the packet arrival rate)

Computer Science 161 Spring 2019 Popa & Weaver

Defending Against Network DoS

  • Suppose an attacker has access to a beefy system with high-speed Internet access (a “big pipe”).
  • They pump out packets towards the target at a very high rate.
  • What might the target do to defend against the onslaught?
    • Install a network filter to discard any packets that arrive with attacker’s IP address as their source
  • E.g., drop * 66.31.33.7: -> :*
  • Or it can leverage any other pattern in the flooding traffic that’s not in benign traffic
    • Attacker’s IP address = means of identifying misbehaving user^

Computer Science 161 Spring 2019 Popa & Weaver

It’s Not A “Level Playing Field”

  • When defending resources from exhaustion, need to beware of asymmetries, where attackers can consume victim resources with little comparable effort
  • Makes DoS easier to launch
  • Defense costs much more than attack
  • Particularly dangerous form of asymmetry: amplification
    • Attacker leverages system’s own structure to pump up the load they induce on a resource

Computer Science 161 Spring 2019 Popa & Weaver

Amplification

  • Example of amplification: DNS lookups
    • Reply is generally much bigger than request
      • Since it includes a copy of the reply, plus answers etc.
    • Attacker spoofs DNS request to a patsy DNS server, seemingly from the target
      • Small attacker packet yields large flooding packet
      • Doesn’t increase # of packets, but total volume
  • Note #1: these examples involve blind spoofing
    • So for network-layer flooding, generally only works for UDP-based protocols (can’t establish a TCP connection)
  • Note #2: victim doesn’t see spoofed source addresses
    • Addresses are those of actual intermediary systems^

Computer Science 161 Spring 2019 Popa & Weaver

Transport-Level Denial-of-Service

  • Recall TCP’s 3-way connection establishment handshake
    • Goal: agree on initial sequence numbers Client (initiator) SYN, SeqNum = x SYN + ACK, SeqNum = y, Ack = x + 1 ACK, Ack = y + 1 Server Server creates state associated with connection here (buffers, timers, counters) Attacker doesn’t even need to send this ack

Computer Science 161 Spring 2019 Popa & Weaver

Transport-Level Denial-of-Service

  • Recall TCP’s 3-way connection establishment handshake
    • Goal: agree on initial sequence numbers
  • So a single SYN from an attacker suffices to force the server to spend some memory Client (initiator) SYN, SeqNum = x SYN + ACK, SeqNum = y, Ack = x + 1 ACK, Ack = y + 1 Server Server creates state associated with connection here (buffers, timers, counters) Attacker doesn’t even need to send this ack