csce 790 computer network security
Download
Skip this Video
Download Presentation
CSCE 790: Computer Network Security

Loading in 2 Seconds...

play fullscreen
1 / 41

Networking Security - PowerPoint PPT Presentation


  • 156 Views
  • Uploaded on

CSCE 790: Computer Network Security. Chin-Tser Huang [email protected] University of South Carolina. A Security Problem in Network. An adversary that has access to a network can insert new messages, modify current messages, or replay old messages in the network

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Networking Security' - richard_edik


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
csce 790 computer network security

CSCE 790:Computer Network Security

Chin-Tser Huang

[email protected]

University of South Carolina

a security problem in network
A Security Problem in Network
  • An adversary that has access to a network can insert new messages, modify current messages, or replay old messages in the network
  • These inserted, modified, and replayed messages can go undetected until they cause severe damage to network
  • The physical location of the adversary in network may never be determined
  • Example: denial-of-service attacks
denial of service dos attacks
Denial-of-Service (DoS) Attacks
  • Aimed to deny normal service provided by the target computer
  • Communication-stopping attacks
    • ARP spoofing attack
  • Resource-exhausting attacks
    • Smurf attack
    • SYN attack
ping protocol
Ping Protocol
  • Allow any computer to check whether any other computer in the Internet is up
  • Any computer x can send a “ping” message to any computer y which replies by sending back a “pong” message (thus x knows y is up)
    • In ping message: src = x and dst = y
    • In pong message: src = y and dst = x

ping(x, y)

x

y

pong(y, x)

broadcast ping protocol
Broadcast Ping Protocol
  • If in ping message dst = “all”, a copy of ping is broadcast to every computer
  • Each computer replies by sending back a pong, and x is flooded with pong messages
    • In ping message: src = x and dst = “all”
    • In pong message: src = y and dst = x

pong(y´,x)

ping(x,all)

x

y

pong(y, x)

smurf attack
Smurf Attack
  • An adversary pretends to be x and broadcasts a ping message where src = x and dst = “all”
  • Thus, x is flooded with pong messages that it has not requested: denial-of-service attack at x

a

ping(x,all)

pong(y´,x)

x

y

pong(y, x)

countering smurf attack

R3

R2

R1

Countering Smurf Attack
  • Make each router check the src of each received message and discard the message if the src is suspicious

src=x shouldn’t come to me

a

ping(x, all)

x

y

clever smurf attack

R3

R2

R1

Clever Smurf Attack
  • An adversary inserts a ping(x, all) message between routers R2 and R3
  • R3 thinks the message was forwarded by R2 and so accepts the message

a

ping(x, all)

x

y

countering clever smurf attack
Countering Clever Smurf Attack
  • When R3 receives a message, R3 needs to determine whether message was indeed sent by R2, or was modified or replayed by an adversary between R3 and R2
  • If use IPSec, will need to set up SA’s between each pair of adjacent routers: too expensive
  • Our solution:use hop integrityprotocol between each pair of adjacent routers
hop integrity
Hop Integrity
  • Let p, q be routers connected to same subnetwork
  • Detection of Message Modification:
    • when q receives a message m supposedly from p, q can check that m was not modified after sent
  • Detection of Message Replay:
    • when q receives a message m supposedly from p, q can check that m was not a replay of an old message
adversary vs routers
Adversary vs. Routers
  • The adversary can perform three types of actions to disrupt communication between two routers
    • Message loss
    • Message modification
    • Message replay
  • The routers are assumed to be secure and cannot be compromised by the adversary
  • The routers will execute hop integrity protocols that can detect and defeat the adversary actions
hop integrity protocol
Hop Integrity Protocol
  • Each pair of adjacent routers need to share a secret S, which is updated periodically by the two routers using a secret exchange protocol
  • To each IP message sent between two adjacent routers, add a sequence number sq, and an integrity check d

d := MD(S | hd | sq | txt)

d 16 bytes if MD5;

20 bytes if SHA-1

MD MD5 or SHA-1

sq 4 bytes

hd

txt

IP message

hd

sq

d

txt

architecture of hop integrity protocols
Architecture of Hop Integrity Protocols

router p

router q

Applications

s

Application

Transport

Transport

secret

qe

pe

exchange

secrets

secrets

layer

Network

Network

integrity

check

qw

or

qs

pw

or

ps

layer

Subnetwork

Subnetwork

.

component of hop integrity protocols
Component of Hop Integrity Protocols
  • Three protocols between each pair of adjacent routers
    • secret exchange protocol
    • weak integrity protocol
    • strong integrity protocol
secret exchange protocol
Secret Exchange Protocol
  • Each router p has a secret S that it uses for computing the digest of every msg sent to an adjacent router q
  • Both p and q need to know S
  • S is updated by q every T hours
  • If q does not receive acknowledgment from p for t seconds, q retransmits the secret update message
secret exchange protocol16
Secret Exchange Protocol

S[0]

q

p

S

S[1]

S[0] = S[1] = S

S[0] old

S[1] new

BpS[0], S[1]

if S = S[0]  S = S[1]

then S :=S[1]

BqS

if S[1] = S

then S[0] :=S[1]

S[0] = S[1] = S

T hours

S[0] old

S[1] new

BpS[0], S[1]

if S = S[0]  S = S[1]

then S :=S[1]

BqS

if S[1] = S

then S[0] :=S[1]

S[0] = S[1] = S

recovery in secret exchange protocol
Recovery in Secret Exchange Protocol

S[0]

q

p

S

S[1]

S[0] = S[1] = S

S[0] old

S[1] new

BpS[0], S[1]

t seconds

S[0] = S  S[1]

BpS[0], S[1]

if S = S[0] S = S[1]

then S :=S[1]

t seconds

BqS

S[1] = S  S[0]

BpS[0], S[1]

if S = S[0] S = S[1]

then S :=S[1]

BqS

if S[1] = S

then S[0] :=S[1]

S[0] = S[1] = S

weak integrity protocol
Weak Integrity Protocol
  • To detect insertion and modification
  • Each sent msg from p to q is as follows

(hd | d | txt)

where p computes d as

d = MD(S | hd | txt)

  • On receiving a msg, q checks

if d = MD(S[0] | hd | txt) 

d = MD(S[1] | hd | txt)

then q forwards msg

else q discards msg

weak integrity protocol19
Weak Integrity Protocol

S[0]

q

p

S

S[1]

(hd | d | txt)

.

.

strong integrity
Strong Integrity
  • To detect replay, successive sequence numbers are attached to all sent msgs from p to q
  • Problem with reset
    • If p is reset, unbounded number of fresh messages are discarded by q
    • If q is reset, it can accept unbounded number of replayed messages
  • Two solutions to overcome reset
    • Soft sequence numbers
    • Hard sequence numbers
soft sequence numbers
Soft Sequence Numbers
  • Successive sequence numbers are attached to all sent msgs from p to q:

(hd | sq | txt)

  • q maintains two variables

exp sequence number of next msg

c #msgs received

  • On receiving a msg, q checks

if (exp  sq)  (c = random value cmax)

then q forwards msg

else q discards msg

fi; q updates exp, c, cmax

soft sequence numbers22
Soft Sequence Numbers

exp

q

p

sq

c

cmax

sq

(hd | sq | txt)

sq+1

.

.

strong integrity protocol using soft sequence numbers
Strong Integrity ProtocolUsing Soft Sequence Numbers
  • Each sent msg from p to q is as follows

(hd | sq | d | txt)

where p computes d as

d = MD(S | hd | sq | txt)

  • On receiving a msg, q checks

if (d = MD(S[0] | hd | sq | txt) 

d = MD(S[1] | hd | sq | txt) ) 

(exp  sq  c = random value cmax)

then q forwards msg

else q discards msg

fi; q updates exp, c, cmax

hard sequence numbers
Hard Sequence Numbers
  • To overcome reset, use two operations SAVE and FETCH
  • When SAVE is executed, the last sequence number will be stored in persistent memory
  • When FETCH is executed, the last stored sequence number will be loaded from persistent memory into memory
strong integrity protocol using hard sequence numbers
Strong Integrity ProtocolUsing Hard Sequence Numbers
  • Each sent msg from p to q is as follows

(hd | sq | d | txt)

where p computes d as

d = MD(S | hd | sq | txt)

  • On receiving a msg, q checks

if (d = MD(S[0] | hd | sq | txt) 

d = MD(S[1] | hd | sq | txt) )  (exp  sq)

then q forwards msg

else q discards msg

fi; q updates exp

  • p and q executes SAVE periodically
  • When waking up from a reset, p (or q) executes FETCH to fetch last stored seq#, executes SAVE to store next seq#, and continues after SAVE finishes
other applications of hop integrity
Other Applications of Hop Integrity
  • Mobile IP
  • Secure multicast
  • Security of routing protocols
mobile ip
Mobile IP
  • A mobile computer c can visit a foreign network F other than its home network H
  • Msgs destined for c will be received by its home agent (HA) and forwarded to its foreign agent (FA)

m

m

home agent (HA)

c

Internet

m

F

H

foreign agent (FA)

problem with mobile ip
Problem with Mobile IP
  • Mobile computer c can send a msg thru FA
  • However, this msg may be filtered out by next router q because its source address is “strange”

?

m

q

home agent (HA)

c

Internet

m

F

H

foreign agent (FA)

mobile ip with hop integrity
Mobile IP with Hop Integrity
  • With integrity check d added to msg m, q can check that m was indeed forwarded by FA
  • Thus, q ignores strange source of msg m and forwards m toward its ultimate destination

m

d

m

d

q

home agent (HA)

c

Internet

m

d

F

H

foreign agent (FA)

multicast
Multicast
  • Multicast msgs are forwarded through a spanning tree from root to every multicast destination
  • If a destination receives a multicast msg, then each destination receives a copy of same msg with high probability
multicast31
Multicast
  • Multicast msgs are forwarded through a spanning tree from root to every multicast destination
  • If a destination receives a multicast msg, then each destination receives a copy of same msg with high probability
multicast32
Multicast
  • Multicast msgs are forwarded through a spanning tree from root to every multicast destination
  • If a destination receives a multicast msg, then each destination receives a copy of same msg with high probability
multicast33
Multicast
  • Multicast msgs are forwarded through a spanning tree from root to every multicast destination
  • If a destination receives a multicast msg, then each destination receives a copy of same msg with high probability
security problem with multicast
Security Problem with Multicast
  • If adversary inserts or modifies a multicast msg between two routers in middle of tree, then only a small fraction of multicast destinations receive the inserted or modified msg
multicast with hop integrity
Multicast with Hop Integrity
  • With hop integrity, an inserted or modified multicast message will be detected and discarded at its first hop in the spanning tree
routing information protocol rip
Routing Information Protocol (RIP)
  • Every 30 seconds, RIP process in router R’ sends its routing table in a response msg to RIP process in each adjacent R
  • R updates its routing table when it receives a response msg from any adjacent R’
  • Security problem

R

R

RIP

RIP

UDP

IP

IP

rip with hop integrity
RIP with Hop Integrity
  • With hop integrity, the response msgs are protected against message modification, insertion, and replay

R

R

RIP

RIP

UDP

Secret Update

Secret Update

IP

IP

Integrity Check

Integrity Check

security of routing protocols
Security of Routing Protocols
  • Hop integrity can also provide uniform protection (against message modification, insertion, and replay) for other routing protocols
    • OSPF protocols (Hello, Exchange, Flood)
    • RSVP
  • Better than custom security mechanisms that have been proposed for some protocols
implementation of hop integrity
Implementation of Hop Integrity
  • Implementation of hop integrity protocols in Linux kernel
  • Add integrity check digest and soft sequence number to IP options in IP header
  • Compatible with legacy routers
  • Flexibility of deployment
related works
Related Works
  • Ingress filtering [RFC2827]:
    • Completes hop integrity
  • Secure routing [Che97, MB96, SMG97]:
    • Not needed if hop integrity is installed
  • Traceback [BLT01, SWK+01, SPS+01]:
    • Cannot prevent denial-of-service attacks, but can detect some of them
  • IPsec [KA98a]:
    • Has goals other than dealing with denial-of-service attacks
next class
Next Class
  • Security in transport layer
  • SSL and TLS
  • Application of SSL/TLS in Web security
  • Read Chapter 17
ad