Csce 790 computer network security
Download
1 / 41

Networking Security - PowerPoint PPT Presentation


  • 155 Views
  • Uploaded on

CSCE 790: Computer Network Security. Chin-Tser Huang [email protected] University of South Carolina. A Security Problem in Network. An adversary that has access to a network can insert new messages, modify current messages, or replay old messages in the network

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Networking Security' - richard_edik


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Csce 790 computer network security l.jpg

CSCE 790:Computer Network Security

Chin-Tser Huang

[email protected]

University of South Carolina


A security problem in network l.jpg
A Security Problem in Network

  • An adversary that has access to a network can insert new messages, modify current messages, or replay old messages in the network

  • These inserted, modified, and replayed messages can go undetected until they cause severe damage to network

  • The physical location of the adversary in network may never be determined

  • Example: denial-of-service attacks


Denial of service dos attacks l.jpg
Denial-of-Service (DoS) Attacks

  • Aimed to deny normal service provided by the target computer

  • Communication-stopping attacks

    • ARP spoofing attack

  • Resource-exhausting attacks

    • Smurf attack

    • SYN attack


Ping protocol l.jpg
Ping Protocol

  • Allow any computer to check whether any other computer in the Internet is up

  • Any computer x can send a “ping” message to any computer y which replies by sending back a “pong” message (thus x knows y is up)

    • In ping message: src = x and dst = y

    • In pong message: src = y and dst = x

ping(x, y)

x

y

pong(y, x)


Broadcast ping protocol l.jpg
Broadcast Ping Protocol

  • If in ping message dst = “all”, a copy of ping is broadcast to every computer

  • Each computer replies by sending back a pong, and x is flooded with pong messages

    • In ping message: src = x and dst = “all”

    • In pong message: src = y and dst = x

pong(y´,x)

ping(x,all)

x

y

pong(y, x)


Smurf attack l.jpg
Smurf Attack

  • An adversary pretends to be x and broadcasts a ping message where src = x and dst = “all”

  • Thus, x is flooded with pong messages that it has not requested: denial-of-service attack at x

a

ping(x,all)

pong(y´,x)

x

y

pong(y, x)


Countering smurf attack l.jpg

R3

R2

R1

Countering Smurf Attack

  • Make each router check the src of each received message and discard the message if the src is suspicious

src=x shouldn’t come to me

a

ping(x, all)

x

y


Clever smurf attack l.jpg

R3

R2

R1

Clever Smurf Attack

  • An adversary inserts a ping(x, all) message between routers R2 and R3

  • R3 thinks the message was forwarded by R2 and so accepts the message

a

ping(x, all)

x

y


Countering clever smurf attack l.jpg
Countering Clever Smurf Attack

  • When R3 receives a message, R3 needs to determine whether message was indeed sent by R2, or was modified or replayed by an adversary between R3 and R2

  • If use IPSec, will need to set up SA’s between each pair of adjacent routers: too expensive

  • Our solution:use hop integrityprotocol between each pair of adjacent routers


Hop integrity l.jpg
Hop Integrity

  • Let p, q be routers connected to same subnetwork

  • Detection of Message Modification:

    • when q receives a message m supposedly from p, q can check that m was not modified after sent

  • Detection of Message Replay:

    • when q receives a message m supposedly from p, q can check that m was not a replay of an old message


Adversary vs routers l.jpg
Adversary vs. Routers

  • The adversary can perform three types of actions to disrupt communication between two routers

    • Message loss

    • Message modification

    • Message replay

  • The routers are assumed to be secure and cannot be compromised by the adversary

  • The routers will execute hop integrity protocols that can detect and defeat the adversary actions


Hop integrity protocol l.jpg
Hop Integrity Protocol

  • Each pair of adjacent routers need to share a secret S, which is updated periodically by the two routers using a secret exchange protocol

  • To each IP message sent between two adjacent routers, add a sequence number sq, and an integrity check d

d := MD(S | hd | sq | txt)

d 16 bytes if MD5;

20 bytes if SHA-1

MD MD5 or SHA-1

sq 4 bytes

hd

txt

IP message

hd

sq

d

txt


Architecture of hop integrity protocols l.jpg
Architecture of Hop Integrity Protocols

router p

router q

Applications

s

Application

Transport

Transport

secret

qe

pe

exchange

secrets

secrets

layer

Network

Network

integrity

check

qw

or

qs

pw

or

ps

layer

Subnetwork

Subnetwork

.


Component of hop integrity protocols l.jpg
Component of Hop Integrity Protocols

  • Three protocols between each pair of adjacent routers

    • secret exchange protocol

    • weak integrity protocol

    • strong integrity protocol


Secret exchange protocol l.jpg
Secret Exchange Protocol

  • Each router p has a secret S that it uses for computing the digest of every msg sent to an adjacent router q

  • Both p and q need to know S

  • S is updated by q every T hours

  • If q does not receive acknowledgment from p for t seconds, q retransmits the secret update message


Secret exchange protocol16 l.jpg
Secret Exchange Protocol

S[0]

q

p

S

S[1]

S[0] = S[1] = S

S[0] old

S[1] new

BpS[0], S[1]

if S = S[0]  S = S[1]

then S :=S[1]

BqS

if S[1] = S

then S[0] :=S[1]

S[0] = S[1] = S

T hours

S[0] old

S[1] new

BpS[0], S[1]

if S = S[0]  S = S[1]

then S :=S[1]

BqS

if S[1] = S

then S[0] :=S[1]

S[0] = S[1] = S


Recovery in secret exchange protocol l.jpg
Recovery in Secret Exchange Protocol

S[0]

q

p

S

S[1]

S[0] = S[1] = S

S[0] old

S[1] new

BpS[0], S[1]

t seconds

S[0] = S  S[1]

BpS[0], S[1]

if S = S[0] S = S[1]

then S :=S[1]

t seconds

BqS

S[1] = S  S[0]

BpS[0], S[1]

if S = S[0] S = S[1]

then S :=S[1]

BqS

if S[1] = S

then S[0] :=S[1]

S[0] = S[1] = S


Weak integrity protocol l.jpg
Weak Integrity Protocol

  • To detect insertion and modification

  • Each sent msg from p to q is as follows

    (hd | d | txt)

    where p computes d as

    d = MD(S | hd | txt)

  • On receiving a msg, q checks

    if d = MD(S[0] | hd | txt) 

    d = MD(S[1] | hd | txt)

    then q forwards msg

    else q discards msg


Weak integrity protocol19 l.jpg
Weak Integrity Protocol

S[0]

q

p

S

S[1]

(hd | d | txt)

.

.


Strong integrity l.jpg
Strong Integrity

  • To detect replay, successive sequence numbers are attached to all sent msgs from p to q

  • Problem with reset

    • If p is reset, unbounded number of fresh messages are discarded by q

    • If q is reset, it can accept unbounded number of replayed messages

  • Two solutions to overcome reset

    • Soft sequence numbers

    • Hard sequence numbers


Soft sequence numbers l.jpg
Soft Sequence Numbers

  • Successive sequence numbers are attached to all sent msgs from p to q:

    (hd | sq | txt)

  • q maintains two variables

    exp sequence number of next msg

    c #msgs received

  • On receiving a msg, q checks

    if (exp  sq)  (c = random value cmax)

    then q forwards msg

    else q discards msg

    fi; q updates exp, c, cmax


Soft sequence numbers22 l.jpg
Soft Sequence Numbers

exp

q

p

sq

c

cmax

sq

(hd | sq | txt)

sq+1

.

.


Strong integrity protocol using soft sequence numbers l.jpg
Strong Integrity ProtocolUsing Soft Sequence Numbers

  • Each sent msg from p to q is as follows

    (hd | sq | d | txt)

    where p computes d as

    d = MD(S | hd | sq | txt)

  • On receiving a msg, q checks

    if (d = MD(S[0] | hd | sq | txt) 

    d = MD(S[1] | hd | sq | txt) ) 

    (exp  sq  c = random value cmax)

    then q forwards msg

    else q discards msg

    fi; q updates exp, c, cmax


Hard sequence numbers l.jpg
Hard Sequence Numbers

  • To overcome reset, use two operations SAVE and FETCH

  • When SAVE is executed, the last sequence number will be stored in persistent memory

  • When FETCH is executed, the last stored sequence number will be loaded from persistent memory into memory


Strong integrity protocol using hard sequence numbers l.jpg
Strong Integrity ProtocolUsing Hard Sequence Numbers

  • Each sent msg from p to q is as follows

    (hd | sq | d | txt)

    where p computes d as

    d = MD(S | hd | sq | txt)

  • On receiving a msg, q checks

    if (d = MD(S[0] | hd | sq | txt) 

    d = MD(S[1] | hd | sq | txt) )  (exp  sq)

    then q forwards msg

    else q discards msg

    fi; q updates exp

  • p and q executes SAVE periodically

  • When waking up from a reset, p (or q) executes FETCH to fetch last stored seq#, executes SAVE to store next seq#, and continues after SAVE finishes


Other applications of hop integrity l.jpg
Other Applications of Hop Integrity

  • Mobile IP

  • Secure multicast

  • Security of routing protocols


Mobile ip l.jpg
Mobile IP

  • A mobile computer c can visit a foreign network F other than its home network H

  • Msgs destined for c will be received by its home agent (HA) and forwarded to its foreign agent (FA)

m

m

home agent (HA)

c

Internet

m

F

H

foreign agent (FA)


Problem with mobile ip l.jpg
Problem with Mobile IP

  • Mobile computer c can send a msg thru FA

  • However, this msg may be filtered out by next router q because its source address is “strange”

?

m

q

home agent (HA)

c

Internet

m

F

H

foreign agent (FA)


Mobile ip with hop integrity l.jpg
Mobile IP with Hop Integrity

  • With integrity check d added to msg m, q can check that m was indeed forwarded by FA

  • Thus, q ignores strange source of msg m and forwards m toward its ultimate destination

m

d

m

d

q

home agent (HA)

c

Internet

m

d

F

H

foreign agent (FA)


Multicast l.jpg
Multicast

  • Multicast msgs are forwarded through a spanning tree from root to every multicast destination

  • If a destination receives a multicast msg, then each destination receives a copy of same msg with high probability


Multicast31 l.jpg
Multicast

  • Multicast msgs are forwarded through a spanning tree from root to every multicast destination

  • If a destination receives a multicast msg, then each destination receives a copy of same msg with high probability


Multicast32 l.jpg
Multicast

  • Multicast msgs are forwarded through a spanning tree from root to every multicast destination

  • If a destination receives a multicast msg, then each destination receives a copy of same msg with high probability


Multicast33 l.jpg
Multicast

  • Multicast msgs are forwarded through a spanning tree from root to every multicast destination

  • If a destination receives a multicast msg, then each destination receives a copy of same msg with high probability


Security problem with multicast l.jpg
Security Problem with Multicast

  • If adversary inserts or modifies a multicast msg between two routers in middle of tree, then only a small fraction of multicast destinations receive the inserted or modified msg


Multicast with hop integrity l.jpg
Multicast with Hop Integrity

  • With hop integrity, an inserted or modified multicast message will be detected and discarded at its first hop in the spanning tree


Routing information protocol rip l.jpg
Routing Information Protocol (RIP)

  • Every 30 seconds, RIP process in router R’ sends its routing table in a response msg to RIP process in each adjacent R

  • R updates its routing table when it receives a response msg from any adjacent R’

  • Security problem

R

R

RIP

RIP

UDP

IP

IP


Rip with hop integrity l.jpg
RIP with Hop Integrity

  • With hop integrity, the response msgs are protected against message modification, insertion, and replay

R

R

RIP

RIP

UDP

Secret Update

Secret Update

IP

IP

Integrity Check

Integrity Check


Security of routing protocols l.jpg
Security of Routing Protocols

  • Hop integrity can also provide uniform protection (against message modification, insertion, and replay) for other routing protocols

    • OSPF protocols (Hello, Exchange, Flood)

    • RSVP

  • Better than custom security mechanisms that have been proposed for some protocols


Implementation of hop integrity l.jpg
Implementation of Hop Integrity

  • Implementation of hop integrity protocols in Linux kernel

  • Add integrity check digest and soft sequence number to IP options in IP header

  • Compatible with legacy routers

  • Flexibility of deployment


Related works l.jpg
Related Works

  • Ingress filtering [RFC2827]:

    • Completes hop integrity

  • Secure routing [Che97, MB96, SMG97]:

    • Not needed if hop integrity is installed

  • Traceback [BLT01, SWK+01, SPS+01]:

    • Cannot prevent denial-of-service attacks, but can detect some of them

  • IPsec [KA98a]:

    • Has goals other than dealing with denial-of-service attacks


Next class l.jpg
Next Class

  • Security in transport layer

  • SSL and TLS

  • Application of SSL/TLS in Web security

  • Read Chapter 17


ad