Network Security I: Overview

Similar documents
Networking Overview. (as usual, thanks to Dave Wagner and Vern Paxson)

Networking Attacks: Link-, IP-, and TCP-layer attacks. CS 161: Computer Security Prof. David Wagner

Names & Addresses. Names & Addresses. Hop-by-Hop Packet Forwarding. Longest-Prefix-Match Forwarding. Longest-Prefix-Match Forwarding

Transport Layer Protocols

Networks: IP and TCP. Internet Protocol

Computer Networks. Chapter 5 Transport Protocols

Ethernet. Ethernet. Network Devices

ICOM : Computer Networks Chapter 6: The Transport Layer. By Dr Yi Qian Department of Electronic and Computer Engineering Fall 2006 UPRM

Transport and Network Layer

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview of TCP/IP. TCP/IP and Internet

CSCE 465 Computer & Network Security

Solution of Exercise Sheet 5

Final for ECE374 05/06/13 Solution!!

IP address format: Dotted decimal notation:

How do I get to

CSE 127: Computer Security. Network Security. Kirill Levchenko

Network Security TCP/IP Refresher

Protocols. Packets. What's in an IP packet

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

[Prof. Rupesh G Vaishnav] Page 1

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

What is a DoS attack?

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Life of a Packet CS 640,

Network layer: Overview. Network layer functions IP Routing and forwarding

Internetworking. Problem: There is more than one network (heterogeneity & scale)

IP addressing and forwarding Network layer

Objectives of Lecture. Network Architecture. Protocols. Contents

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

Access Control: Firewalls (1)

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

A S B

IP - The Internet Protocol

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

VLAN und MPLS, Firewall und NAT,

Host Fingerprinting and Firewalking With hping

Outline. TCP connection setup/data transfer Computer Networking. TCP Reliability. Congestion sources and collapse. Congestion control basics

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

This sequence diagram was generated with EventStudio System Designer (

Introduction to TCP/IP

The Transport Layer and Implica4ons for Network Monitoring. CS 410/510 Spring 2014

Content Distribution Networks (CDN)

Visualizations and Correlations in Troubleshooting

How To Design A Layered Network In A Computer Network

CS5008: Internet Computing

Based on Computer Networking, 4 th Edition by Kurose and Ross

>>> SOLUTIONS <<< c) The OSI Reference Model has two additional layers. Where are these layers in the stack and what services do they provide?

Exam 1 Review Questions

CS268 Exam Solutions. 1) End-to-End (20 pts)

Chapter 9. IP Secure

Attack Lab: Attacks on TCP/IP Protocols

ACHILLES CERTIFICATION. SIS Module SLS 1508

Chapter 3. TCP/IP Networks. 3.1 Internet Protocol version 4 (IPv4)

CSIS CSIS 3230 Spring Networking, its all about the apps! Apps on the Edge. Application Architectures. Pure P2P Architecture

Architecture and Performance of the Internet

Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

CS155: Computer and Network Security

IP Address Classes (Some are Obsolete) Computer Networking. Important Concepts. Subnetting Lecture 8 IP Addressing & Packets

CSE331: Introduction to Networks and Security. Lecture 9 Fall 2006

Protocol Data Units and Encapsulation

Network layer" 1DT066! Distributed Information Systems!! Chapter 4" Network Layer!! goals: "

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Network Security in Practice

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

A Transport Protocol for Multimedia Wireless Sensor Networks

TCP/IP Security Problems. History that still teaches

Network Security. Internet Firewalls. Chapter 13. Network Security (WS 2002): 13 Internet Firewalls 1 Dr.-Ing G. Schäfer

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Route Discovery Protocols

MASTER'S THESIS. Testing as a Service for Machine to Machine Communications. Jorge Vizcaíno 2014

Internet Protocols. Background CHAPTER

Network Traffic Evolution. Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig

Internet Control Protocols Reading: Chapter 3

RARP: Reverse Address Resolution Protocol

Chapter 5. Transport layer protocols

CSE 473 Introduction to Computer Networks. Exam 2 Solutions. Your name: 10/31/2013

Effect of Packet-Size over Network Performance

Recent advances in transport protocols

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX

Chapter 8 Security Pt 2

Module 1. Introduction. Version 2 CSE IIT, Kharagpur

Understanding Layer 2, 3, and 4 Protocols

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

Lecture 2-ter. 2. A communication example Managing a HTTP v1.0 connection. G.Bianchi, G.Neglia, V.Mancuso

CMPT 471 Networking II

B-2 Analyzing TCP/IP Networks with Wireshark. Ray Tompkins Founder of Gearbit

Lecture 15: Congestion Control. CSE 123: Computer Networks Stefan Savage

The OSI & Internet layering models

Chapter 7 Protecting Against Denial of Service Attacks

First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

Attacking the TCP Reassembly Plane of Network Forensics Tools

Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer)

A Very Incomplete Diagram of Network Attacks

TCP Performance Management for Dummies

Transcription:

Network Security I: Overview April 13, 2015 Lecture by: Kevin Chen Slides credit: Vern Paxson, Dawn Song 1

network security 2

Today s Lecture Networking overview + security issues Keep in mind, networking is: Complex topic with many facets We will omit concepts/details that are not very securityrelevant We ll mainly look at IP, TCP, DNS and DHCP Networking is full of abstractions Goal is for you to develop apt mental models / analogies ASK questions when things are unclear o (but we may skip if not ultimately relevant for security, or postpone if question itself is directly about security) 3

Networking Overview 4

Key Concept #1: Protocols A protocol is an agreement on how to communicate Includes syntax and semantics How a communication is specified & structured o Format, order messages are sent and received What a communication means o Actions taken when transmitting, receiving, or timer expires E.g.: asking a question in lecture? 1. Raise your hand. 2. Wait to be called on. 3. Or: wait for speaker to pause and vocalize 4. If unrecognized (after timeout): vocalize w/ excuse me 5

Example: IP Packet Header 4-bit 8-bit 4-bit Version Header Type of Service Length (TOS) 3-bit Flags 16-bit Identification 8-bit Time to Live (TTL) 16-bit Total Length (Bytes) 8-bit Protocol 13-bit Fragment Offset 16-bit Header Checksum 32-bit Source IP Address 32-bit Destination IP Address Payload IP = Internet Protocol Header is like a letter envelope: contains all info needed for delivery

Key Concept #2: Dumb Network Original Internet design: interior nodes ( routers ) have no knowledge* of ongoing connections going through them Not: how you picture the telephone system works Which internally tracks all of the active voice calls Instead: the postal system! * Each Internet message ( packet ) self-contained Interior routers look at destination address to forward If you want smarts, build it end-to-end Buys simplicity & robustness at the cost of shifting complexity into end systems Today s Internet is full of hacks that violate this 7

Key Concept #3: Layering Internet design is strongly partitioned into layers Each layer relies on services provided by next layer below and provides services to layer above it Analogy: Consider structure of an application you ve written and the services each layer relies on / provides Code You Write Run-Time Library System Calls Device Drivers Voltage Levels / Magnetic Domains } Fully isolated from user programs 9

Internet Layering ( Protocol Stack ) 7 Application 4 Transport 3 (Inter)Network 2 Link 1 Physical 10

Internet Layering ( Protocol Stack ) 7 Application 4 Transport 3 (Inter)Network 2 Link 1 Physical } Implemented only at hosts, not at interior routers ( dumb network ) 11

Internet Layering ( Protocol Stack ) 7 Application 4 Transport 3 (Inter)Network 2 Link 1 Physical } Implemented everywhere 12

Internet Layering ( Protocol Stack ) 7 Application 4 Transport 3 (Inter)Network 2 Link 1 Physical } ~Same for each Internet hop } Different for each Internet hop 13

Hop-By-Hop vs. End-to-End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 Router 3 Router 5 Host B Router 6 Router 7 Host E Router 4 14

Hop-By-Hop vs. End-to-End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 E.g., Ethernet Router 3 E.g., Wi-Fi Router 5 Host B Router 6 Router 7 Host E Router 4 Different Physical & Link Layers (Layers 1 & 2) 15

Hop-By-Hop vs. End-to-End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 Router 3 Router 5 E.g., HTTP over TCP over IP Host B Router 6 Router 7 Host E Router 4 Same Network / Transport / Application Layers (3/4/7) (Routers ignore Transport & Application layers) 16

Security Issues 17

Review: General Security Goals: CIA Confidentiality: No one can read our data / communication unless we want them to Integrity No one can manipulate our data / processing / communication unless we want them to Availability We can access our data / conduct our processing / use our communication capabilities when we want to Also: no additional traffic other than ours... 18

Layer 1,2 19

Layer 1: Physical Layer 7 Application 4 Transport 3 (Inter)Network 2 Link 1 Physical Encoding bits to send them over a single physical link e.g. patterns of voltage levels / photon intensities / RF modulation 20

Layer 2: Link Layer 7 Application 4 Transport 3 (Inter)Network 2 Link 1 Physical Framing and transmission of a collection of bits into individual messages sent across a single subnetwork (one physical technology) Might involve multiple physical links (e.g., modern Ethernet) Often technology supports broadcast transmission (every node connected to subnet receives) 21

Layer 1,2 Threats 22

Physical/Link-Layer Threats: Eavesdropping For subnets using broadcast technologies (e.g., WiFi, some types of Ethernet), get it for free Each attached system s NIC (= Network Interface Card) can capture any communication on the subnet Some handy tools for doing so o Wireshark (GUI for displaying 800+ protocols) o tcpdump / windump (low-level ASCII printout) For any technology, routers (and internal switches ) can look at / export traffic they forward You can also tap a link Insert a device to mirror physical signal Or: just steal it! 24

Stealing Photons 25

26

Physical/Link-Layer Threats: Disruption With physical access to a subnetwork, attacker can Overwhelm its signaling o E.g., jam WiFi s RF Send messages that violate the Layer-2 protocol s rules o E.g., send messages > maximum allowed size, sever timing synchronization, ignore fairness rules Routers & switches can simply drop traffic There s also the heavy-handed approach 27

28

Physical/Link-Layer Threats: Spoofing With physical access to a subnetwork, attacker can create any message they like Termed spoofing May require root/administrator access to have full freedom Particularly powerful when combined with eavesdropping Because attacker can understand exact state of victim s communication and craft their spoofed traffic to match it Spoofing w/o eavesdropping = blind spoofing 29

Layer 3: The Network Layer 30

Layer 3: (Inter)Network Layer Bridges multiple subnets to provide end-to-end internet connectivity between nodes 7 Application 4 Transport 3 (Inter)Network 2 Link 1 Physical Provides global addressing Works across different link technologies 31

IP Packet Structure 4-bit 8-bit 4-bit Version Header Type of Service Length (TOS) 3-bit Flags 16-bit Identification 8-bit Time to Live (TTL) 16-bit Total Length (Bytes) 8-bit Protocol 13-bit Fragment Offset 16-bit Header Checksum 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Payload

IP Packet Structure 4-bit 8-bit 4-bit Version Header Type of Service Length (TOS) 3-bit Flags 16-bit Identification 8-bit Time to Live (TTL) 16-bit Total Length (Bytes) 8-bit Protocol 13-bit Fragment Offset 16-bit Header Checksum 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Payload

IP Packet Header Fields Version number (4 bits) Indicates the version of the IP protocol Necessary to know what other fields to expect Typically 4 (for IPv4), and sometimes 6 (for IPv6) Header length (4 bits) Number of 32-bit words in the header Typically 5 (for a 20-byte IPv4 header) Can be more when IP options are used Type-of-Service (8 bits) Allow packets to be treated differently based on needs E.g., low delay for audio, high bandwidth for bulk transfer 34

IP Packet Structure 4-bit 8-bit 4-bit Version Header Type of Service Length (TOS) 3-bit Flags 16-bit Identification 8-bit Time to Live (TTL) 16-bit Total Length (Bytes) 8-bit Protocol 13-bit Fragment Offset 16-bit Header Checksum 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Payload

IP Packet Header (Continued) Two IP addresses Source IP address (32 bits) Destination IP address (32 bits) Destination address Unique identifier/locator for the receiving host Allows each node to make forwarding decisions Source address Unique identifier/locator for the sending host Recipient can decide whether to accept packet Enables recipient to send a reply back to source 36

IP Packet Structure 4-bit 8-bit 4-bit Version Header Type of Service Length (TOS) 3-bit Flags 16-bit Identification 8-bit Time to Live (TTL) 16-bit Total Length (Bytes) 8-bit Protocol 13-bit Fragment Offset 16-bit Header Checksum 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Payload

IP Packet Header Fields (Continued) Total length (16 bits) Number of bytes in the packet Maximum size is 65,535 bytes (216-1) though underlying links may impose smaller limits Fragmentation: when forwarding a packet, an Internet router can split it into multiple pieces ( fragments ) if too big for next hop link End host reassembles to recover original packet Fragmentation information (32 bits) Packet identifier, flags, and fragment offset Supports dividing a large IP packet into fragments in case a link cannot handle a large IP packet 38

IP: Best Effort Packet Delivery Routers inspect destination address, locate next hop in forwarding table Address = ~unique identifier/locator for the receiving host Only provides a I ll give it a try delivery service: Packets may be lost Packets may be corrupted Packets may be delivered out of order source destination IP network 39

Layer 3 Threats 40

Network-Layer Threats (mainly IP) Major: Can set arbitrary source address o Spoofing - receiver has no idea who you are o Could be blind, or could be coupled w/ sniffing Can set arbitrary destination address o Enables scanning - brute force searching for hosts Lesser: (FYI; don t worry about unless later explicitly covered) Identification field leaks information Time To Live allows discovery of topology IP options can reroute traffic Other: ARP Poisoning Attacks 41

Layer 4: The Transport Layer 42

IP s Best Effort is Lame! What to do? It s the job of our Transport (layer 4) protocols to build services our apps need out of IP s modest layer-3 service #1 workhorse: TCP (Transmission Control Protocol) Service provided by TCP: Connection oriented (explicit set-up / tear-down) o End hosts (processes) can have multiple concurrent long-lived communication Reliable, in-order, byte-stream delivery o Robust detection & retransmission of lost data Congestion control o Dynamic adaptation to network path s capacity 44

TCP Header Source port Destination port Sequence number Acknowledgment HdrLen 0 Flags Advertised window Checksum Urgent pointer Options (variable) Data 45

TCP Header Ports are associated with OS processes Source port Destination port Sequence number Acknowledgment HdrLen 0 Flags Advertised window Checksum Urgent pointer Options (variable) Data 46

TCP Header Ports are associated with OS processes IP Header Source port Destination port Sequence number Acknowledgment IP source & destination addresses plus TCP source and destination ports uniquely identifies a TCP connection HdrLen 0 Flags Advertised window Checksum Urgent pointer Options (variable) Data 47

TCP Header Ports are associated with OS processes Source port Destination port Sequence number Acknowledgment IP source & destination addresses plus TCP source and destination ports uniquely identifies a TCP connection Some port numbers are well known / reserved e.g. port 80 = HTTP HdrLen 0 Flags Advertised window Checksum Urgent pointer Options (variable) Data 48

TCP Header Starting sequence number (byte offset) of data carried in this packet Source port Destination port Sequence number Acknowledgment HdrLen 0 Flags Advertised window Checksum Urgent pointer Options (variable) Data 49

TCP Header Starting sequence number (byte offset) of data carried in this packet Byte stream numbered independently in each direction Source port Destination port Sequence number Acknowledgment HdrLen 0 Flags Advertised window Checksum Urgent pointer Options (variable) Data 50

TCP Header Starting sequence number (byte offset) of data carried in this packet Byte stream numbered independently in each direction Source port Destination port Sequence number Acknowledgment HdrLen 0 Flags Advertised window Checksum Urgent pointer Options (variable) Data Sequence number assigned to start of byte stream is picked when connection begins; doesn t start at 0 51

TCP Header Source port Acknowledgment gives seq # just beyond highest seq. received in order. If sender sends N in-order bytes starting at seq S then ack for it will be S+N. Destination port Sequence number Acknowledgment HdrLen 0 Flags Advertised window Checksum Urgent pointer Options (variable) Data 52

TCP Header Source port Sequence number Uses include: acknowledging data ( A C K ) setting up ( S Y N ) and closing connections ( FIN and R S T ) Destination port Acknowledgment HdrLen 0 Flags Advertised window Checksum Urgent pointer Options (variable) Data 53

Timing Diagram: 3-Way Handshaking Passive Open Different starting sequence numbers in each direction Active Open Server listen() Client (initiator) connect() SYN, Seq Num = x =x+ k c A, y =, SeqNum K C A + N SY ACK, Ack 1 =y+1 accept() 54

Establishing a TCP Connection A SY N CK SYN+A AC K Data Data B Each host tells its Initial Sequence Number (ISN) to the other host. (Spec says to pick based on local clock) Three-way handshake to establish connection Host A sends a S Y N (open; synchronize sequence numbers ) to host B Host B returns a SYN acknowledgment (S Y N +A C K ) 55 Host A sends an A C K to acknowledge the SYN +ACK

TCP Bytestream Service Process A on host H1 Byte 80 Byte 3 Byte 2 Byte 1 Byte 0 Hosts don t ever see packet boundaries, lost or corrupted packets, retransmissions, etc. Byte 80 Byte 3 Byte 2 Byte 1 Byte 0 Process B on host H2 56

Issues with TCP 60

TCP Threat: Disruption Normally, TCP finishes ( closes ) a connection by each side sending a FIN control message Reliably delivered, since other side must ack But: if a TCP endpoint finds unable to continue (process dies; info from other peer is inconsistent), it abruptly terminates by sending a R S T control message Unilateral Takes effect immediately (no ack needed) Only accepted by peer if has correct* sequence number 61

Source port Destination port Sequence number Acknowledgment HdrLen 0 Flags Advertised window Checksum Urgent pointer Options (variable) Data 62

Source port Destination port Sequence number Acknowledgment RST HdrLen 0 Advertised window Checksum Urgent pointer Options (variable) Data 63

Abrupt Termination RST Data ACK ACK CK A SY N A SY N B time A sends a TCP packet with RESET (RST) flag to B E.g., because app. process on A crashed Assuming that the sequence numbers in the RST fit with what B expects, That s It: B s user-level process receives: ECONNRESET No further communication on connection is possible 64

TCP Threat: Disruption Normally, TCP finishes ( closes ) a connection by each side sending a FIN control message Reliably delivered, since other side must ack But: if a TCP endpoint finds unable to continue (process dies; info from other peer is inconsistent), it abruptly terminates by sending a RST control message Unilateral Takes effect immediately (no ack needed) Only accepted by peer if has correct* sequence number So: if attacker knows ports & sequence numbers, 65 can disrupt any TCP connection

N as t y Da Data Nast y Data ACK ACK CK A SY N A SY N B ta2 TCP Threat: Injection time What about inserting data rather than disrupting a connection? Again, all that s required is attacker knows correct ports, seq. numbers Receiver B is none the wiser! Termed TCP connection hijacking (or session hijacking ) General means to take over an already-established connection! We are toast if an attacker can see our TCP traffic! Because then they immediately know the port & sequence numbers 66

TCP Threat: Blind Spoofing Is it possible for an attacker to inject into a TCP connection even if they can t see our traffic? YES: if somehow they can guess the port and sequence numbers Let s look at a related attack where the goal of the attacker is to create a fake connection, rather than inject into a real one Why? Perhaps to leverage a server s trust of a given client as identified by its IP address Perhaps to frame a given client so the attacker s actions during the connections can t be traced back to the attacker 67

TCP Threat: Blind Spoofing TCP connection establishment: Server (5.6.7.8) Client (1.2.3.4) SYN, Seq Nu m = x =x+1 k c A, y =, SeqNum K C A + N SY ACK, Ack Each host tells its Initial Sequence Number (ISN) to the other host. (Spec says to pick based on local clock) =y+1 How can an attacker create an apparent but fake connection from 1.2.3.4 to 5.6.7.8? 68

Blind Spoofing: Attacker s Viewpoint A ttacke r Attacker can spoof this Client? (1.2.3.4) SYN, Seq But can t see this Server (5.6.7.8) Num = x =x+1 k c A, y = eqnum S, K C A + SYN ACK, Ack Each host tells its Initial Sequence Number (ISN) to the other host. (Spec says to pick based on local clock) =y+1 So how do they know what to put here? How Do We Fix This? Use A Random ISN Hmm, any way for the attacker to know this? Sure - make a non-spoofed connection first, and see what server used for ISN y then! 69

TCP s Rate Management Unless there s loss, TCP doubles data in flight every round-trip. All TCPs expected to obey ( fairness ). Mechanism: for each arriving ack for new data, increase allowed data by 1 maximum-sized packet Src 1 D0-99 Dest 2 A100 D200-299 D100-199 3 4 A200A300 D D 8 D A D A A A Time E.g., suppose maximum-sized packet = 100 bytes 70

Protocol Cheating How can the destination (receiver) get data to come to them faster than normally allowed? ACK-Splitting: each ack, even though partial, increases allowed data by one maximum-sized packet Src 2 3 4 5 1 D100-199 D0-99 Dest A25 A50 A75 D500-599 D200-299 D400-499 D300-399 A100 Time How do we defend against this? Change rule to require full ack for all data sent in a packet 71

Protocol Cheating How can the destination (receiver) still get data to come to them faster than normally allowed? Opportunistic ack ing: acknowledge data not yet seen! Src 2 3 4 5 1 D100-199 D0-99 Dest A100 A200 A300 D500-599 D200-299 D400-499 D300-399 A400 Time How do we defend against this? 72

Keeping Receivers Honest Approach #1: if you receive an ack for data you haven t sent, kill the connection Works only if receiver acks too far ahead Approach #2: follow the round trip time (RTT) and if ack arrives too quickly, kill the connection Flaky: RTT can vary a lot, so you might kill innocent connections Approach #3: make the receiver prove they Note: a protocol change received the data Add a nonce ( random marker) & require receiver to include it in ack. Kill connections w/ incorrect nonces o (nonce could be function computed over payload, so sender doesn t explicitly transmit, only implicitly) 73

Summary of TCP Security Issues An attacker who can observe your TCP connection can manipulate it: Forcefully terminate by forging a RST packet Inject (spoof) data into either direction by forging data packets Works because they can include in their spoofed traffic the correct sequence numbers (both directions) and TCP ports Remains a major threat today 74

Summary of TCP Security Issues An attacker who can observe your TCP connection can manipulate it: Forcefully terminate by forging a RST packet Inject (spoof) data into either direction by forging data packets Works because they can include in their spoofed traffic the correct sequence numbers (both directions) and TCP ports Remains a major threat today An attacker who can predict the ISN chosen by a server can blind spoof a connection to the server Makes it appear that host ABC has connected, and has sent data of the attacker s choosing, when in fact it hasn t Undermines any security based on trusting ABC s IP address Allows attacker to frame ABC or otherwise avoid detection Fixed today by choosing random ISNs 75

TCP Security Issues, con t TCP limits the rate at which senders transmit: TCP relies on endpoints behaving properly to achieve fairness in how network capacity is used Protocol lacks a mechanism to prevent cheating Senders can cheat by just not abiding by the limits o Remains a significant vulnerability: essentially nothing today prevents Receivers can manipulate honest senders into sending too fast because senders trust that receivers are honest To a degree, sender can validate (e.g., partial acks) A nonce can force receiver to only act on data they ve seen Such rate manipulation remains a vulnerability today General observation: tension between ease/power of protocols that assume everyone follows vs. violating Security problems persist due to difficulties of retrofitting coupled with investment in installed base 76

Layer 7: Application Layer Communication of whatever you wish 7 Application 4 Transport 3 (Inter)Network 2 Link 1 Physical Can use whatever transport(s) is convenient Freely structured E.g.: DNS, DHCP (Next Lecture) Skype, SMTP (email), HTTP (Web), Halo, BitTorrent 77

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information