SECURE ROUTER DISCOVERY MECHANISM TO OVERCOME MAN-IN THE MIDDLE ATTACK IN IPV6 NETWORK

Transcription

1 1 SECURE ROUTER DISCOVERY MECHANISM TO OVERCOME MAN-IN THE MIDDLE ATTACK IN IPV6 NETWORK Navaneethan C. Arjuman National Advanced IPv6 Centre, Universiti Sains Malaysia March 2018 Copyright Nava 2018

2 Man in the Middle Attacks 2 MITM some known techniques Man in the middle with spoofed ICMPv6 neighbor advertisement. Man in the middle with spoofed ICMPv6 router advertisement. Man in the middle using ICMPv6 redirect or ICMPv6 too big to implant route. Man in the middle to attack mobile IPv6 but requires ipsec to be disabled. Man in the middle with rogue DHCPv6 Server

3 MITM Mitigation Techniques Categories 3 Mitigation techniques Secure Mechanisms for Neighbour Discovery Secure Mechanisms for Router Discovery

4 MITM With Spoofed ICMPv6 Neighbor Advertisement 4

5 MITM With Spoofed ICMPv6 Neighbor Advertisement 5

6 Secure Mechanisms To Prevent 6 Neighbour Discovery Spoofing Internet Protocol Security (IPSec) Secure Neighbour Discovery (SeND) Simple Secure Addressing Scheme (SSDS) Trust Neighbour Discovery (Trust ND) Secure Duplicate Address Detection (Secure DAD) Copyright Nava

7 Internet Protocol Security (IPSec) 7

8 IPSec.. 8

9 IPSec 9

10 IPSec 10 IPSec (K Seo et al, RFC 4301, 2005) Updated by: RFC 6040, RFC 7619 IPSec is mandatory in IPv6 Protect against from all kinds of DoS attacks pertinent to the IPv6 Neighbour Discovery protocols such as Dos Attack, DDos Attack, TCP- Flood, UDP Flood, ICMP-Flood, Smurf, MITM Using two protocols - Authentication Header (AH) and Encapsulating Security Payloads (ESP) Using MD5 for hashing Advantage Provide secure data communication Copyright Nava

11 IPSec 11 Drawbacks RFC does not provide specific way and related explanations how to implement Do not know how to use IPSec to properly protect NDP messages Hardly used in practical way Overly complex IKE required a functional IP Stack to function so results bootstrapping problem SA only can configured manually tedious and impractical considering the volume Even SA are established it is not possible to verify the ownership MD5 in IPv6 got issues when dealing with high speed data transfer and also vulnerable to collision attacks

12 Secure Neighbour Discovery (SeND) 12 SEND (J. Kempf et al, RFC 3971, 2005) Updated by RFC 6494, RFC 6495, RFC 6980 Have four options Cryptographically Generated Address (CGA) Nonce Timestamp RSA Signature SEND can prevent NS/NA Spoofing, Neighbour Unreachability (NUID) Detection Failure, RS/RA Atatcks, Replay attacks, DoS Attacks basen on NS CGA secure generation of lower 64 bits of ip Address for SLAAC - prevent attacks such as DAD Nonce and Timestamp avoid replay attacks RSA protect against Neighbour and Router Discovery messages

13 SeND.. 13 Advantage Solved bootstrapping compare to IPSec Drawbacks Key management in the LAN is cumbersome and difficult Using CGA and RSA for higher security level increase the computing time compare to SSAS Increase NDP message by 368 byte for each message compare to IPSec CGA could not be used on static address configuration Higher bandwidth compare to SSAS

14 Simple Secure Addressing Scheme 14 (SSAS) Simple Secure Addressing Scheme (Rafiee et al, 2013) Use ECC (Elliptic Curve Cryptography) algorithm instead of RSA Signature Option Signature Time Stamp replay attack Copyright Nava

15 SSAS.. 15 Drawbacks Overly complex compare to Trust ND Larger NDP message compare to Trust ND Higher bandwidth compare to Trust ND Copyright Nava

16 Trust Neighbour Discovery (Trust BD) 16 Trust ND (Praptodiyono, 2015) Designed based on decentralised nature of SLACC Make use distributed trust management concept to secure SLACC Using SHA-I hashing technique Advantages Message size smaller (add 32bytes) compare SEND (add 368 bytes) and SSAS Uses less bandwidth compare to SEND and SSAS Able to handle better flooding attack (still process 100,000 messages compare to SEND (fail after 442 packets in 1.43 seconds) Copyright Nava

17 Trust BD. 17 Drawback The problem with this approach is the first sent packet itself might have issues because of the trust value calculation. SHA-1 no resistance against the hashing collision attacks Proposed the scheme for all five NDP message but implemented and compared the results only for NS/NA. Copyright Nava

18 18 Secure Duplicate Address Detection (Secure DAD) Secure DAD (S. U Rehman, 2015) Based Node Controller Model that used rule based system Secure NS/NA messages using message authentication model Append Secure Tag to maintain the integrity between sender and receiver during DAD proses Use UMAC Designed based on decentralised nature of SLACC Make use distributed trust management concept to secure SLACC

19 Secure DAD.. 19 Advantages UMAC handle collision better then SHA-I UMAC (5.6 Gbit/sec 0.51 cycles/byte) is faster compare to HMAC-SHAI-1 (12.6 cycles/byte) Uses less bandwidth compare to ND-Trust Drawback The proposed the scheme for only for NS/NA. Copyright Nava

20 MITM With Spoofed ICMPv6 Router Advertisement 20

21 MITM With Spoofed ICMPv6 Router Advertisement 21

22 Secure Mechanisms To Prevent Router 22 Discovery Spoofing SeND s Authorization Delegation Discovery (ADD) Trust Router Discovery Protocol (TRDP) Router Advertisement Guard (RA-Guard) Dynamic IPv6 Activation based Defense for IPv6 Router Advertisement Flooding (DoS) Attack Copyright Nava

23 23 SeND s Authorization Delegation Discovery (ADD) AlSa deh, A. and C. Meinel, Secure neighbor discovery: Review, challenges, perspectives, and recommendations, Security & Privacy, Copyright Nava IEEE, 2012, 10(4): pp

24 ADD 24 Authorization Delegation Discovery (ADD) (J. Arkko et al, 2005) Protect against all type Dos Attacks initiated by router Protect against RS/RA flood attacks. MITM, Replay attacks, IPv6 NDP Message Fragmentation Attacks Based on SeND implementation Nonce avoid replay attacks Timestamp RSA Signature secure RD and data communication Use RSA Signature for secure RS/RA Using Certification Path Solicitation (CPS) and Certificate Path Advertisement (CPA) Advantage Provide security using trusted third party as authorized body

25 ADD.. 25 Drawbacks Required third party as certificate authority and can be spoofed by fake certificate authority Many operations needed to get valid RA message Host has to verify a lengthy certificate Difficult to implement on dynamic address configuration Copyright Nava

26 Trust Router Discovery Protocol (TRDP) 26

27 TRDP.. 27 Trust Router Discovery Protocol (TRDP) (Z. Jun et al, 2007) Protect against all type Dos Attacks initiated by router Protect against RS/RA flood attacks. MITM, Replay attacks Implement based on Router Authorization Passport (RAP) Using Trust Router Passport Solicitation (TRPS) and Trust Router Passport Advertisement (TRPA) Using Trust Router-to-Router Passport Solicitation (TR 2 PS) and Trust Router-to-Router Passport Advertisement (TR 2 PA) Advantage Reduced calculation compare to ADD

28 TRDP. 28 Drawbacks Required third party as certificate authority which can be spoofed fake certificate authority Required intermediate routers Lengthy certifications process Increase network bandwidth consumption Increase implementation cost Copyright Nava

29 RA-Guard 29 Stateless RA Implementation (Source : Copyright Nava

30 RA Guard. 30 RA-Guard (Eric Levy-Abegnoli et al, 2011) Installed on Layer 2 networking devices such as switch with the concept of router authorization proxy Divide IPv6 traffic as RA allowed and RA disallowed Advantage No long certifications process requirement Copyright Nava

31 RA Guard. 31 Drawbacks It is not supported on trunks ports with merge mode It cannot protect on directly communications devices It cannot be used on tunnelling mode IPv6 traffic Protect ingress filtering only It cannot be configured on network that uses ACL ICMPv6 optimization Copyright Nava

32 Dynamic IPv6 Activation based Defense for IPv6 Router Advertisement Flooding (DoS) Attack 32 Dynamic IPv6 Activation based Defense for IPv6 Router Advertisement Flooding (DoS) Attack (Goel, J. N., & Mehtre, B., 2014) The technique focus on turning off IPv6 connectivity when there is RA flooding attacks and turn on IPv6 connectivity if attack subside Advantage No long certifications process requirement Drawbacks This technique would not be effective when there is real time IPv6 applications running on the network. Copyright Nava

33 Proposed Improved Secure Router Discovery Mechanisms 33 Improved Secure Router Discovery Mechanism to prevent router spoofing Can be implemented for all the five addressing scheme - Manual, Random, SLAAC, DHCPv6 and CGA (double protection) But the research implementations focused on SLAAC. Modified MACSec Smaller and efficient algorithm Removing server authentication Secure IP Addressing and data communication over Layer 2 networking Using UMAC hashing trust based computing attacks internal attacks

34 34 Thank You