Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common...
Transcript of Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common...
![Page 1: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/1.jpg)
NetworkingSecurity (con’t)
GANG WANG
![Page 2: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/2.jpg)
Common Attacks & Countermeasures
2
§ Finding a way into the network§ Firewalls
§ Exploiting software bugs, buffer overflows§ Intrusion Detection Systems (IDS)
§ TCP hijacking§ IPSec
§ Denial of Service§ Ingress filtering, IDS
§ Packet sniffing§ Encryption (SSH, SSL, HTTPS)
§ Social problems§ Education
![Page 3: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/3.jpg)
Denial-of-service
3
§ DOS and DDOS
§ Access over Internet must be unimpeded§ Flooding attacks in which attackers try to overwhelm system resources
§ Denial of service (DoS) attacks disrupt availability§ Distributed DoS is a coordinated attack from multiple attackers
![Page 4: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/4.jpg)
Independent Availability Zones
4
§ Amazon Availability Zones: distinct physical locations of the same region
§ Each availability zone runs on its own infrastructure, independent power, cooling, network
![Page 5: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/5.jpg)
Availability disruption by malicious attacks
5
§ Example: SYN flood§ Problem: server cannot distinguish legitimate handshake from ones from attackers§ Flood can overwhelm communication medium
§ Can’t do anything about this (except buy a bigger pipe)
§ Flood can overwhelm resources on legitimate system
![Page 6: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/6.jpg)
Regular TCP handshake
6
![Page 7: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/7.jpg)
Too many half-opened TCP connections at server creates a DoS attack
7
§ Server is waiting client to finish the connection
§ Buffer space is full and legitimate connection cannot be completed
![Page 8: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/8.jpg)
Q: Can we just block the IP that sends to many SYN requests?
8
![Page 9: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/9.jpg)
Prevention of SYN flood: SYN Cookies
9
§ SYN cookie: server does not really keep the client’s state until the handshake is done
§ How it works§ Server embeds the state in the sequence number
§ When SYN received, server computes a sequence number to be function of source, destination, counter, and a secret
§ The function may be one-way hash function
§ The secret is known only by the server
§ Use as reply SYN sequence number
§ When reply ACK arrives, validate it
§ The sequence number must be hard to guess
![Page 10: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/10.jpg)
SYN Cookie
10
y = H (source, destination, secret, counter) - s is secret known only by server- H is a one-way hash function
Server no longer keeps client’s state, compute seq# using secret s
Server verifies sequence number with s
Client cannot forge a sequence number without actually engaging in handshake
![Page 11: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/11.jpg)
Alternative Prevention to SYN Flood: Adaptive Time-out
11
§ Change time-out time as space available for pending connections decreases
§ Example: § Time-out period shortened from 75 to 15 sec§ Formula for queueing pending connections changed:
§ Process allows up to b pending connections on port§ a number of completed connections but awaiting process§ p total number of pending connections§ c tunable parameter§ Whenever a + p > cb, drop current SYN message
![Page 12: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/12.jpg)
Ping of Death, Ping Flooding
12
§ Ping of death§ Attacker sends over-sized ping packets § 65,536 bytes as opposed to 56 bytes§ Cause buffer overflow § Fixed already
§ Ping flooding attack§ Attacker sends many ping
requests to victim§ E.g., Attacker on a fast 100MB/s
link, victim on a 10MB/s link§ A DoS attack
Maximum IP packet size
![Page 13: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/13.jpg)
Send your echo replies to me, I am 8.5.3.1
8.5.3.1
Smurf Attack:
13
§ attacker generates traffic to victim by broadcasting ping requests with spoofed source IP
![Page 14: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/14.jpg)
Flash crowd and DDoS
14
§ Flash crowd –users visiting a website due to certain events§ E.g., visited cnn.com after 911 tragedy§ How to distinguish flash crowd and DDoS (e.g., CAPTCHA)
§ DDoS attacks by bots, even hacked IoT devices
§ Can attacker trick human users into launching DDoS?§ Makes use of major hubs on online social network§ E.g., post a victim�s URL in the comment of a popular facebook page
![Page 15: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/15.jpg)
TLS/SSL à HTTPSto prevent man-in-the-middleand packet sniffing
15
![Page 16: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/16.jpg)
Man in the Middle
§ C.I.A. when an adversary controls everything between the end points (i.e., client and server)
Internetserver clientsite Mallory site'
EveISP
Coffee Shop
WorkplaceHotel
![Page 17: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/17.jpg)
Challenges
§ Authentication§ The client must be able to verify that it is talking to the desired server
§ Confidentiality§ Data transmitted between the client and server must not be attacker visible
§ Integrity§ Data transmitted between client and server must not be attacker modifiable
![Page 18: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/18.jpg)
Authentication - Certificates
![Page 19: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/19.jpg)
Certificates
19
§ This public key with SHA-256 hash (XXX) belongs to the site (name, e.g., Amazon.com)§ Signed by a trusted authority (digital signature)
§ Called a Certificate Authority (CA)
§ Your browser (e.g., Chrome) trusts a set of CAs as root CAs§ Shipped with the public keys of the root CAs
![Page 20: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/20.jpg)
SSL/TLS
20
§ SSL (Secure Socket Layer) -- Netscape § Version 2.0 -- Broken, don't use (disabled by default in modern browsers)§ Version 3.0 (older but still in use, http://disablessl3.com/)
§ TLS (Transport Layer Security) -- IETF Standard§ Version 1.0, 1.1, 1.2 (commonly used), § Version 1.3 (newer version)
![Page 21: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/21.jpg)
SSL certificates
21
§ A trusted authority vouches that a certain public key belongs to a particular site
§ Browsers ship with CA public keys for large number of trusted CAs§ Important fields:
§ Common Name (CN) [e.g., *.google.com]Expiration Date [e.g. 2 years from now]Subject's Public KeyIssuer -- e.g., VerisignIssuer's signature
§ Common Name field§ Explicit name, e.g. cs.vt.edu§ Or wildcard, e.g. *.vt.edu
![Page 22: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/22.jpg)
Public-key cryptography
22
§ Bob generates: BPub, BPriv§ Alice can encrypt messages to Bob:
§ using BPub to encrypt messages, only Bob can decrypt
§ Bob can sign messages that Alice can verify:§ using BPriv Bob signs message, anyone can verify
![Page 23: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/23.jpg)
X509 Certificates
23
Subject: C=US/O=Google Inc/CN=www.google.comIssuer: C=US/O=Google Inc/CN=Google Internet AuthoritySerial Number: 01:b1:04:17:be:22:48:b4:8e:1e:8b:a0:73:c9:ac:83Expiration Period: Jul 12 2010 - Jul 19 2012Public Key Algorithm: rsaEncryptionPublic Key: 43:1d:53:2e:09:ef:dc:50:54:0a:fb:9a:f0:fa:14:58:ad:a0:81:b0:3d7c:be:b1:82:19:b9:7c3:8:04:e9:1e5d:b5:80:af:d4:a0:81:b0:b0:68:5b:a4:a4:ff:b5:8a:3a:a2:29:e2:6c:7c3:8:04:e9:1e5d:b5:7c3:8:04:e9:39:23:46
Signature Algorithm: sha1WithRSAEncryption
Signature: 39:10:83:2e:09:ef:ac:50:04:0a:fb:9a:f0:fa:14:58:ad:a0:81:b0:3d7c:be:b1:82:19:b9:7c3:8:04:e9:1e5d:b5:80:af:d4:a0:81:b0:b0:68:5b:a4:a4:ff:b5:8a:3a:a2:29:e2:6c:7c3:8:04:e9:1e5d:b5:7c3:8:04:e9:1e:5d:b5
![Page 24: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/24.jpg)
How does Alice (web browser) obtain BPub?Browser (Alice) Server (Bob) Certificate Authority (CA)(Knows CAPub) (Knows CAPriv)
1. Choose (BPub, BPriv)
--- BPub and proof he is "Bob" -->
2. Checks proof
<-- Signs certificate with CAPriv--"Bob's key is BPub-- Signed, CA"
3. Keeps cert on file
4. Goes to Bob.com
<-- Sends cert to Alice ----"Bob's key is BPub-- Signed, CA”
5. Verifies signature on cert using CAPub
![Page 25: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/25.jpg)
In Summary: Certificates
25
§ How a website prove itself? § Goes to Certificate Authority (CA)§ Obtain a Certificate signed by CA, certificate contains Bob’s public key
CA
PK andproof “I am Bob”
BrowserAlice
SKCA
checkproof
issue Cert with SKCA :
Bob’s key is PK
Bob’s key is PK
choose(SK,PK)
Server Bob
PKCA
verifyCert
PKCA
![Page 26: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/26.jpg)
Certificate validation
26
§ How is identity verification done?
§ Typically ’DV’ (domain validation) – just an email based challenge to the
address in the domain registration records (Or some default email
address); minimally secure.
§ Extended validation (EV) – requires verification that a legal entity
owns a particular domain name
§ Cert has expiration date (e.g., one year ahead)
§ Why expire?
![Page 27: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/27.jpg)
Avoiding Revoked Certificates
§ Common reasons for revocation§ Domain ownership change§ Private key compromise
§ Browsers periodically check for revoked certificates§ Online Certificate Status Protocol (OCSP)§ Certificate Revocation List (CRL).
§ Browsers get push updates of trusted CAs
![Page 28: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/28.jpg)
Certificate chains
28
§ CAs can delegate ability to generate certificates for certain names§ Intermediate CA§ Root CA signs "certificate issuing certificate" for delegated authority
§ Delegated authority signs cert for ”cs.vt.edu”§ Delegated CA certificate: "pubkey=.... is allowed to sign certs for *.vt.edu"
§ Browser peels off signatures until it gets to CA that it trusts§ "Chain of trust”
§ More than 1000 trusted parties today, can sign for any domain!
![Page 29: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/29.jpg)
Self-signed certificates
29
§ Issuer signs its own certificate§ A loop in the owner and signer
§ Avoid CA fees, useful for testing
§ Browsers display warnings that users have to override
![Page 30: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/30.jpg)
Certificate Summary
30
Certificates are digital signatures by trusted CAs
Each browser trusts a set of CAsCAs can sign certificates for new CAsCAs can sign certificates for any web site
If a single CA is compromised, then the entire system is compromised
We ultimately place our complete trust of the Internet in the weakest CA (and the browser)
![Page 31: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/31.jpg)
Confidentiality and Integrity – SSL/TLS tunnel
![Page 32: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/32.jpg)
HTTPS
§ HTTPS is HTTP through an SSL/TLS encrypted, MAC’d tunnel
Internetserver clienthttp Mallory http
EveISP
Coffee Shop
WorkplaceHotel
![Page 33: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/33.jpg)
Where does TLS live?
33
Application (HTTP)
Transport (TCP)
Network (IP)
Data-Link (1gigE)
Physical (copper)
![Page 34: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/34.jpg)
SSL/TLS: a general-purpose tunnel
34
§ Arguably the most important (and widely used) cryptographic protocol on the Internet
§ Almost all encrypted protocols (minus SSH) use SSL/TLS for transport encryption
§ HTTPS, POP3, IMAP, SMTP, FTP, NNTP, XMPP (Jabber), OpenVPN, SIP (VoIP), …
![Page 35: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/35.jpg)
TLS
35
Confidentiality (Symmetric Crypto)
Message Integrity (HMACs)
Authentication (Public Key Crypto)
![Page 36: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/36.jpg)
36
Cryptographic Primitives
RSA
Public Key
Diffie-Hellman
HMAC
ECDSADSA
Symmetric Encryption
Asymmetric Encryption
Certificate
PKI
RC4
Typical HTTPSConnection
![Page 37: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/37.jpg)
TLS: ciphers, key sharing, browsers
https://en.wikipedia.org/wiki/Transport_Layer_Security
![Page 38: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/38.jpg)
Client Server
“the handshake”
38
![Page 39: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/39.jpg)
Client ServerClient Hello: Here’s what I support and a random
39
![Page 40: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/40.jpg)
Client ServerClient Hello: Here’s what I support and a random
Server Hello: Chosen Cipher, server’s random
Certificate: Here is my “X509 Certificate”
Here’s your random encrypted and/or signed
40
![Page 41: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/41.jpg)
Client ServerClient Hello: Here’s what I support and a random
Server Hello: Chosen Cipher
Certificate: Here is my “X509 Certificate”
Here’s your random encrypted and/or signed
Client Key Exchange: encrypted (secret)Change Cipher Spec
41
![Page 42: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/42.jpg)
HTTPS key exchange
42
1. RSA key exchange§ Use RSA for encryption to achieve confidentiality
2. Ephemeral Diffie Hellman (EPH)§ Use RSA for signature to achieve authentication
Which one to use?§ RSA is simpler, EPH is more work
§ At the end of the exchange, a secret is used to generate 4 keys
![Page 43: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/43.jpg)
Client ServerClient Hello: Here’s what I support and a random
Server Hello: Chosen Cipher
Certificate: Here is my “X509 Certificate”
Here’s your random encrypted and/or signed
Client Key Exchange: encrypted(secret)Change Cipher Spec
Change Cipher Spec43
![Page 44: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/44.jpg)
Brief overview of HTTPS
44
browser server
SK
client-hello
server-hello + server-cert (PK)
key exchange (several options)
Finished
cert
client-key-exchange: E(PK, k)rand. k
k
HTTP data encrypted with k
Most common: server authentication only
![Page 45: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/45.jpg)
HTTPS provides
45
§ Authentication § Client verifies the server’s domain & public key based on certificate
§ Thus, no man-in-the-middle attack
§ Data confidentiality § Communication is encrypted and can only be decrypted by server
§ Data integrity§ The use of unique nonce
§ Thus, no replay attacks§ Message authentication code
§ Thus, no tampering
![Page 46: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/46.jpg)
Attacking HTTPS
§ Attack the weakest Certificate Authority
§ Attack browser implementations
§ Magically notice a bug in a key generation library that leads you to discovering all the private keys on the Internet
§ Attack the cryptographic primitives
![Page 47: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/47.jpg)
DNS poisoningSlides credit to Ninghui Li
47
![Page 48: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/48.jpg)
48
§ DNS responses are cached § Quick response for repeated translations§ Useful for finding servers as well as addresses
§ NS records for domains
§ Negative results are cached§ Save time for nonexistent sites, e.g. misspelling
§ Cached data periodically times out§ Each record has a TTL field
DNS Caching
![Page 49: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/49.jpg)
49
§ Attacker wants his IP address returned for a DNS query
§ When the resolver asks ns1.google.com for www.google.com, the attacker could reply first, with his own IP
§ What is supposed to prevent this?
§ Transaction ID§ 16-bit random number§ The real server knows the number, because it was contained in the query§ The attacker has to guess
DNS Cache Poisoning
![Page 50: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/50.jpg)
50
§ An attacker can guess when a DNS cache entry times out and a query has been sent, and provide a fake response.
§ Successful fake response: the transaction ID need to match the query§ CERT 1997: sequential transaction ID and is easily predicted§ Fixed by using random transaction IDs
Responding Before the Real Nameserver
![Page 51: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/51.jpg)
51
§ Improve the chance of responding before the real nameserver§ Have hundreds of clients send the same DNS request to the name server
§ Each generates a query
§ Send hundreds of reply with random transaction IDs at the same time§ Due to the Birthday Paradox, the success probability can be close to 1
§ Using a large number of queries and responses à high chance at least one pair matches
DNS cache poisoning (Vulnerability)
• For a group of 23 people, the chance that at least two people have the same birthday P > 0.5
• For any two people have different birthday Px = 365*364*… *343/36523
• P = 1- Px = 0.51
![Page 52: Networking Security (con’t)people.cs.vt.edu/~gangwang/class/cs4264/10-networks-2.pdf · Common Attacks & Countermeasures 2 §Finding a way into the network §Firewalls ... §Education.](https://reader036.fdocuments.us/reader036/viewer/2022071218/60532ce556764c73e47a9e49/html5/thumbnails/52.jpg)
52
• Difficulty to change the protocol§ Protocol stability (embedded devices)§ Backward compatible
• Long-term§ Cryptographic protections
§ E.g., DNSSEC, DNSCurve
§ Require changes to both recursive and authority servers
• Source port randomization• Add 16-bits entropy• resource intensive (select on a potentially large pool of ports)
DNS Poisoning Defenses