Network Security (and related topics)

Similar documents
Next Week. Network Security (and related topics) Project 3 Q/A. Agenda. My definition of network security. Network Security.

CSE 565 Computer Security Fall 2018

Securing Internet Communication: TLS

Missing Pieces of the Puzzle

EE 122: Network Security

Our Narrow Focus Computer Networking Security Vulnerabilities. IP-level vulnerabilities

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Denial of Service, Traceback and Anonymity

Transport and TCP. EE122 Fall 2011 Scott Shenker

Distributed Denial of Service

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

Denial of Service. EJ Jung 11/08/10

CS244a: An Introduction to Computer Networks

Denial of Service and Distributed Denial of Service Attacks

Computer Science 461 Final Exam May 22, :30-3:30pm

Host Identity Indirection Infrastructure Hi 3. Jari Arkko, Pekka Nikander and Börje Ohlman Ericsson Research

AN INTRODUCTION TO ARP SPOOFING

Communication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner

Interdomain Routing. EE122 Fall 2011 Scott Shenker

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Networking Acronym Smorgasbord: , DVMRP, CBT, WFQ

On the Internet, nobody knows you re a dog.

Denial of Service. Serguei A. Mokhov SOEN321 - Fall 2004

NETWORK SECURITY. Ch. 3: Network Attacks

Announcements. Designing IP. Our Story So Far (Context) Goals of Today s Lecture. Our Story So Far (Context), Con t. The Internet Hourglass

Announcements. IP Forwarding & Transport Protocols. Goals of Today s Lecture. Are 32-bit Addresses Enough? Summary of IP Addressing.

DNS Security. Ch 1: The Importance of DNS Security. Updated

Flashback.. Internet design goals. Security Part One: Attacks and Countermeasures. Why did they leave it out? Security Vulnerabilities

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

CS System Security Mid-Semester Review

Thinking Architecturally (80 Minutes Inside Scott s Head)

Closed book. Closed notes. No electronic device.

ELEC5616 COMPUTER & NETWORK SECURITY

Rule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs

Basic NAT Example Security Recitation. Network Address Translation. NAT with Port Translation. Basic NAT. NAT with Port Translation

«On the Internet, nobody knows you are a dog» Twenty years later

CSE Computer Security (Fall 2006)

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

Interdomain Routing Reading: Sections K&R EE122: Intro to Communication Networks Fall 2007 (WF 4:00-5:30 in Cory 277)

Data Plane Protection. The googles they do nothing.

Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

Network Security. Thierry Sans

Fragmentation. Agenda for Today. IP Addressing and Forwarding (with some review of IP) Why do I care about fragmentation?

A SIMPLE INTRODUCTION TO TOR

Information Security CS 526

Foundations of Network and Computer Security

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

CS 425 / ECE 428 Distributed Systems Fall 2017

Interdomain Routing Reading: Sections P&D 4.3.{3,4}

Advanced Topics in Routing

Interdomain Routing. EE122 Fall 2012 Scott Shenker

Chapter 7. Denial of Service Attacks

Threat Pragmatics. Target 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

Network Attacks. CS Computer Security Profs. Vern Paxson & David Wagner

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

EE 122: IP Forwarding and Transport Protocols

The big picture. Security. Some consequences. Three types of threat. LAN Eavesdropping. Network-based access control

Denial of Service (DoS)

The big picture. Security. Some consequences. Three types of threat. Warm up: phishing. Danger: malicious servers

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Security. - All kinds of bad things attackers can do over the network. Next lecture: defense building blocks

IP Addressing and Forwarding (with some review of IP)

RAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with

REMINDER course evaluations are online

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Security. - All kinds of bad things attackers can do over the network. - Techniques for protecting against these and other attacks

Network Security - ISA 656 Review

Question. Reliable Transport: The Prequel. Don t parse my words too carefully. Don t be intimidated. Decisions and Their Principles.

Security in inter-domain routing

A Look Back at Security Problems in the TCP/IP Protocol Suite Review

Network Security Issues and New Challenges

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Understanding the Internet

Agenda. Forwarding (after a little more addressing) Follow-up from last time. Dealing with Address Scarcity. Sharing a Block of Addresses

Internet Infrastructure

Internet Protocol and Transmission Control Protocol

6.033 Spring 2015! Lecture #24. Combating network adversaries! DDoS attacks! Intrusion Detection

Network Security. The Art of War in The LAN Land. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018

Anonymous Communication and Internet Freedom

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview

DENIAL OF SERVICE ATTACKS

Computer Security: Principles and Practice

20-CS Cyber Defense Overview Fall, Network Basics

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Topic 3 part 2 Traffic analysis; Routing Attacks &Traffic Redirection Fourth Stage

Chapter 10: Denial-of-Services

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Last time. Trusted Operating System Design. Security in Networks. Security Features Trusted Computing Base Least Privilege in Popular OSs Assurance

Security. - All kinds of bad things attackers can do over the network. - Techniques for protecting against these and other attacks

Routing Protocol Framework Information Model. Operation Model Routing Information Exchange

Lecture 12. Application Layer. Application Layer 1

e-commerce Study Guide Test 2. Security Chapter 10

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard)

Securing Internet Communication

DNS: Useful tool or just a hammer? Paul DNS-OARC 06 Oct 2013, Phoenix

Transcription:

Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other colleagues at Princeton and UC Berkeley 1

Next Week No sections No lecture on Thursday On Tuesday we will talk about SDN 2

Agenda Project 3 Q/A (10) Network Security (20) Dealing with Persistent Route Failures (20) [Colin] More network security (15) Datacenter Congestion Control (15, if time) 3

Project 3 Q/A Last chance to grill Panda.. 4

Network Security narrowly defined. 5

My definition of network security network security security in a connected world For the latter, take CS 161 (spectacular course!) If network magically transfers data between known parties, there is no network security problem There are many other security problems Distributed system (if A lies to B, does system crash?) Operating system (Can A s system be compromised?) But these may not require network solutions 6

Examples: Non-network security issues Browser drive-by exploits Server vulnerabilities Spam Phishing Account theft. 7

Two Kinds of Network Security Goals Core concern: accomplishing communication Getting the data from A to B intact Knowing it was from intended party, to intended party Also: Keeping bystanders as ignorant as possible Making sure C, D, etc. don t know what A and B did 8

Core Security Requirements Availability: Will the network deliver data? Authentication: Who is sending me data? Integrity: Do messages arrive in original form? Provenance: Who is responsible for this data? Not who sent the data, but who created it Important because communication may not be directly between actors, but through intermediaries 9

Keeping Bystanders Ignorant Privacy: can others read data I send? Anonymity: can I avoid revealing my identity? Freedom from traffic analysis: can someone tell when I am sending and to whom? Today, will ignore latter two and focus on privacy But first, how would you achieve these two goals? Assume all the crypto you want. 10

Back to other goals Availability Authentication Integrity Provenance Privacy 11

Public Key Crypto Provides Way to authenticate yourself: signature Way to ensure privacy: encryption with rcvr s public key Way to verify integrity: hash function (or MAC) Way to verify provenance: signature In short, crypto provides all but availability! Will return to availability later, focus on crypto for now 12

On Cryptography and Identities 13

Crypto is about algorithms.. algorithms that enable or prevent certain actions Enable authentication and provenance Prevent eavesdropping and undetectable tampering But security also requires tying actions to identities Who is contacting me? And identities are not purely algorithmic 14

Three Aspects of Identities Real-world identities (RWI) This is who you are in the real world RWI established by social interactions Direct experience Referrals from friends. Names Used in network protocols (e.g., DNS, URLs) Keys Used by crypto 15

Security requires binding all three Protocols: to ensure that they are interacting with appropriate entity, name must be bound to key When accessing CNN.com, I need to know CNN s key in order to make sure that I m not being spoofed Humans: to ensure that they are interacting with appropriate entity, name must be bound to RWI I need to know that CNN.com is the news organization based in Atlanta, not the Canadian Numismatic Network Once names are bound to both keys and RWI Then keys and RWI are indirectly bound together 16

Current Approach Google, human interactions: bind RWI to names Works pretty well when you start with RWI and find name Works less well when presented with name and you are left to guess the RWI (phishing!) Certificate authorities bind names to keys Binding is done via digital certificates This does not work well 17

The evolution of a cynic. Commercial certificate authorities protect you from anyone from whom they are unwilling to take money. Matt Blaze 2001 A decade ago, I observed that commercial certificate authorities protect you from whom they are unwilling to take money. That turns out to be wrong; they don t even do that much. Matt Blaze 2010 18

Deeper problem with this approach Network: needs binding between names and key Fetches data based on name Authenticates based on keys Human: needs binding between RWI and name Human makes decisions based on RWI Humans must be involved in anything concerning RWI Current approach requires external authority to make the binding the network needs Ties network infrastructure to external authorities 19

An Alternative Approach Use self-certifying names Make your name the hash of your public key Then the binding between names and keys is inherent The network need not turn to external authorities Binding between RWI and names is flexible Requires human-level interactions and judgements How do I decide a name represents my brother? Does same mechanism give name representing Barack Obama? Already done reasonably well by Google, etc. But is independent of low-level network mechanisms So it can evolve! Different people can use different mechanisms 20

Trust vs Identity Knowing who you are dealing with is different than trusting them Trust is a completely different concept, that should lie outside the architecture We often refer to mechanisms that bind names to keys or RWIs as trust mechanisms Terrible terminology 21

Back to security goals Availability Authentication Integrity Provenance Privacy 22

Protecting Availability 23

How can availability be harmed? Problems in basic protocols Persistent outages due to natural events (Colin) External vulnerabilities in basic protocols Attackers can prevent protocols from functioning Internal vulnerabilities in basic protocols If attackers compromise routers, can prevent network from functioning Denial-of-service attacks Overwhelming the data plane with traffic 24

Colin will present recent research 25

How can availability be harmed? Problems in basic protocols Persistent outages due to natural failures (Colin) External vulnerabilities in basic protocols Attackers can prevent protocols from functioning Internal vulnerabilities in basic protocols If attackers compromise routers, can prevent network from functioning Denial-of-service attacks Overwhelming the data plane with traffic 26

Examples of external vulnerabilities TCP: Spoofing RST: requires knowing port/seq. no Spoofing data: requires knowing port/seq. no Cheating CC: reducing available bandwidth DHCP: Spoof DHCP: can set host s DNS server and gateway See all a host s traffic Redirect connections to site s of your choosing DNS: Cache poisoning 27

Note: semantics can be guarded If crypto is used everywhere (which it isn t), then you can always prevent hosts from being fooled But you can t prevent them from wasting time with incorrect accesses, etc., and thereby not getting the data they want in a timely fashion. 28

How can availability be harmed? Problems in basic protocols Persistent outages due to natural failures (Colin) External vulnerabilities in basic protocols Attackers can prevent protocols from functioning Internal vulnerabilities in basic protocols If attackers compromise routers, can prevent network from functioning Denial-of-service attacks Overwhelming the data plane with traffic 29

Example of internal vulnerability: BGP Why Google Went Offline Today and a Bit about How the Internet Works (November 6, 2012) Someone at Moratel likely "fat fingered" an Internet route. PCCW, who was Moratel's upstream provider, trusted the routes Moratel was sending to them. And, quickly, the bad routes spread. It is unlikely this was malicious, but rather a misconfiguaration or an error evidencing some of the failings in the BGP Trust model. 30

BGP: Naïve Trust Model BGP assumes routes are valid Even when they are clearly not! How could we fix this? Based on what we have discussed today 31

Solution to BGP Problem Bind prefixes to ASes Registry of some kind Bind keys to ASes Using certificate authorities Each route announcement must have signatures for each step (including originating prefix) 32

Easier solution Have BGP route on AS names Have AS names be self-certifying No external binding needed! 33

How can availability be harmed? Problems in basic protocols Persistent outages due to natural failures (Colin) External vulnerabilities in basic protocols Attackers can prevent protocols from functioning Internal vulnerabilities in basic protocols If attackers compromise routers, can prevent network from functioning Denial-of-service attacks Overwhelming the data plane with traffic 34

Denial of Service (DoS) Attacker prevents legitimate users from using something (network, server) Motives? Retaliation Extortion (e.g., betting sites just before big matches) Commercial advantage (disable your competitor) Cripple defenses (e.g., firewall) to enable broader attack Often done via some form of flooding Can be done at different semantic levels Network: clog a link or router with a huge rate of packets Transport: overwhelm victim s ability to handle connections Application: overwhelm victim s ability to handle requests 35

DoS: Network Flooding Goal is to clog network link(s) leading to victim Either fill the link, or overwhelm their routers Users can t access victim server due to congestion Attacker sends traffic to victim as fast as possible It will often use (many) spoofed source addresses Using multiple hosts (slaves, or zombies) yields a Distributed Denial-of-Service attack, aka DDoS Traffic is varied (sources, destinations, ports, length) so no simple filter matches it If attacker has enough slaves, often doesn t need to spoof - victim can t shut them down anyway! :-( 36

Distributed Denial-of-Service (DDoS) Slave 1 src = random dst = victim Slave 2 Master Slave 3 Victim Control traffic directs slaves at victim Slave 4 Slaves send streams of traffic (perhaps spoofed) to victim 37

Very Nasty DoS Attack: Reflectors Reflection Cause one non-compromised host to help flood another E.g., host A sends DNS request or TCP SYN with source V to server R. Attacker (A) V R Reflector (R) Internet Victim (V) 38

Very Nasty DoS Attack: Reflectors Reflection Cause one non-compromised host to attack another E.g., host A sends DNS request or TCP SYN with source V to server R. R sends reply to V Attacker (A) Reflector (R) Internet V R Victim (V) 39

Diffuse DDoS: Reflector Attack Request: src = victim dst = reflector Slave 1 Slave 2 Reflector 1 Reflector 2 Reply: src = reflector dst = victim Reflector 3 Reflector 4 Reflector 5 Master Slave 3 Reflector 6 Reflector 7 Victim Reflector 8 Reflector 9 Reflector 11 Slave 4 Control traffic directs slaves at victim & reflectors Reflector 10 Reflectors send streams of non-spoofed but unsolicited traffic to victim 40

Defending Against Network Flooding How do we defend against such floods? Answer: basically, we don t! Big problem today! Techniques exist to trace spoofed traffic back to origins, but this isn t useful in face of a large attack Techniques exist to filter traffic, but a well-designed flooding stream defies stateless filtering Best solutions to date: Overprovision - have enough raw capacity that it s hard to flood your links Largest confirmed botnet to date: 1.5 million hosts (old!) Floods seen to date: 40+ Gbps (old!) Distribute your services - force attacker to flood many points E.g., the root name servers 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback