Network Security - Lecture Slides | ECE 453, Study notes of Computer Systems Networking and Telecommunications

Material Type: Notes; Class: Introduction to Computer Networks; Subject: Electrical And Computer Engr; University: University of Tennessee - Knoxville; Term: Unknown 2008;

Typology: Study notes

Pre 2010

Uploaded on 08/30/2009

koofers-user-wjc
koofers-user-wjc 🇺🇸

10 documents

1 / 25

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ECE453 – Introduction to
Computer Networks
Lecture 32 – Network Security
(IV)
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19

Partial preview of the text

Download Network Security - Lecture Slides | ECE 453 and more Study notes Computer Systems Networking and Telecommunications in PDF only on Docsity!

ECE453 – Introduction toComputer Networks Lecture 32 – Network Security(IV)

Final Exam

12:30pm—2:30pm, Dec. 10, 2008 Review Session: Dec. 21, (This Friday) Will send sample exam problems (usedWill send sample exam problems (used

in 2007) to the class

Classes after Dec. 21 will be left to

self-study and project. No morelectures.

Threats and Attacks

Two types of attacks: Passive attacks: eavesdropping on the data Active attacks: specific actions performed by

adversaries.adversaries. Possible attacks:

Denial of service (DOS) Impersonation Disclosure Attacks against routing Node hijacking

Denial of Service (DOS)

SYN flooding: the attacker sends a larger number of SYN packets to a victim node, spoofing the returnaddress of the SYN packets. The victim sends backACK to nodes whose address have been specified in received SYN and waits for ACK, which never arrives.received SYN and waits for ACK, which never arrives.

Jamming: a malicious node determines the frequency of communication used by the receiver andthen send jamming signal over the same frequency.

Distributed DOS: a group of compromised nodes.

Examples of Sybil Attack

Data aggregation: if a small number of malicious nodes reporting erroneous sensor readings, they may not be able toaffect the aggregated reading much; but they can use Sybilattack to incur substantial impact on the aggregated statistics.

Voting: use replicated identities to get majorityVoting: use replicated identities to get majority Misbehavior detection: an attacker with many Sybil nodes could spread the blame by not having one Sybil identity misbehaveenough for a system to take action.

Fair resource allocation: a selfish node can use multiple identities to get more resource.

Impersonation: Trust Attack

There are applications having multiple

security levels: unclassified (U),confidential (C), secret (S) and top secret (TS).secret (TS).

An attacker can impersonate anybody

else and obtain the privilege associatedwith higher trust levels.

Attacks Against Network Layer

Internal: An attacker can broadcast wrong

routing information to other nodes.

External: Passive: the attacker eavesdrops the routingPassive: the attacker eavesdrops the routing

information and figures out information like whichnodes are close to a certain node;

Active: attack from outside source to degrade or prevent message flow between nodes.

Examples of Active Attack

Black hole: a malicious node uses the routing

protocol to advertise itself as having theshortest path to the node whose packets itwants to intercept.

Examples of Active Attack

Wormhole: an attacker receives packets at one location and tunnels (called wormhole) them toanother location (another attacker), from which thepackets are resent into the network.

Hijacking

Node hijacking: An attacker can hijack a node byNode hijacking: An attacker can hijack a node by transmitting over the channel of that node.

An

attacker can hijack a base station by posing as abase station and encourages mobiles to communicatewith it.

Route hijacking: abuse routing protocol to detour messages.

Physical Attack

De-package: remove the package of

chip.

Layout reconstruction: the internalLayout reconstruction: the internal

structure of the chip is altered.

Physical attack at chip level is usually

difficult

Power analysis attack

Power consumption is dependent on

the data transmitted.

The key used in cryptography can beThe key used in cryptography can be

inferred from the power consumptionstatistics, given sufficient period oftime.

Shown to be very effective to break in

embedded systems.

EM Analysis Attack

In timing and power analysis, we need

to break into the chip

Electromagnetic (EM) radiation

emitted

Electromagnetic (EM) radiation

emitted

from a video display unit can be used toreconstruct its screen contents.

The attacker can measure the

electromagnetic radiation.

Trust Management

Resurrecting ducking Key management AuthenticationAuthentication