CSCE 715: Network Systems Security - PowerPoint PPT Presentation

About This Presentation
Title:

CSCE 715: Network Systems Security

Description:

CSCE 715: Network Systems Security Chin-Tser Huang huangct_at_cse.sc.edu University of South Carolina – PowerPoint PPT presentation

Number of Views:117
Avg rating:3.0/5.0
Slides: 44
Provided by: Chin137
Learn more at: https://cse.sc.edu
Category:

less

Transcript and Presenter's Notes

Title: CSCE 715: Network Systems Security


1
CSCE 715Network Systems Security
  • Chin-Tser Huang
  • huangct_at_cse.sc.edu
  • University of South Carolina

2
A Security Problem in Network
  • An adversary that has access to a network can
    insert new messages, modify current messages, or
    replay old messages in the network
  • These inserted, modified, and replayed messages
    can go undetected until they cause severe damage
    to network
  • The physical location of the adversary in network
    may never be determined
  • Example denial-of-service attacks

3
Denial-of-Service (DoS) Attacks
  • Aimed to deny normal service provided by the
    target computer
  • Communication-stopping attacks
  • ARP spoofing attack
  • Resource-exhausting attacks
  • Smurf attack
  • SYN attack

4
Ping Protocol
  • Allow any computer to check whether any other
    computer in the Internet is up
  • Any computer x can send a ping message to any
    computer y which replies by sending back a pong
    message (thus x knows y is up)
  • In ping message src x and dst y
  • In pong message src y and dst x

ping(x, y)
x
y
pong(y, x)
5
Broadcast Ping Protocol
  • If in ping message dst all, a copy of ping is
    broadcast to every computer
  • Each computer replies by sending back a pong, and
    x is flooded with pong messages
  • In ping message src x and dst all
  • In pong messages src y, y and dst x

y
pong(y,x)
ping(x,all)
x
y
pong(y, x)
6
Smurf Attack
  • An adversary pretends to be x and broadcasts a
    ping message where src x and dst all
  • Thus, x is flooded with pong messages that it has
    not requested denial-of-service attack at x

y
a
ping(x,all)
pong(y,x)
x
y
pong(y, x)
7
Countering Smurf Attack
  • Make each router check the src of each received
    message and discard the message if the src is
    suspicious

srcx shouldnt come to me
y
a
ping(x, all)
x
y
8
Clever Smurf Attack
  • An adversary inserts a ping(x, all) message
    between routers R2 and R3
  • R3 thinks the message was forwarded by R2 and so
    accepts the message

a
y
ping(x, all)
x
y
9
Countering Clever Smurf Attack
  • When R3 receives a message, R3 needs to determine
    whether message was indeed sent by R2, or was
    modified or replayed by an adversary between R3
    and R2
  • If use IPSec, will need to set up SAs between
    each pair of adjacent routers too expensive
  • Our solution use hop integrity protocol between
    each pair of adjacent routers

10
Hop Integrity
  • Let p, q be routers connected to same subnetwork
  • Detection of Message Modification
  • when q receives a message m supposedly from p, q
    can check that m was not modified after sent
  • Detection of Message Replay
  • when q receives a message m supposedly from p, q
    can check that m was not a replay of an old
    message

11
Adversary vs. Routers
  • The adversary can perform three types of actions
    to disrupt communication between two routers
  • Message loss
  • Message modification
  • Message replay
  • The routers are assumed to be secure and cannot
    be compromised by the adversary
  • The routers will execute hop integrity protocols
    that can detect and defeat the adversary actions

12
Hop Integrity Protocol
  • Each pair of adjacent routers need to share a
    secret S, which is updated periodically by the
    two routers using a secret exchange protocol
  • To each IP message sent between two adjacent
    routers, add a sequence number sq, and an
    integrity check d

d MD(S hd sq txt) d 16 bytes if MD5 20
bytes if SHA-1 MD MD5 or SHA-1 sq 4 bytes
hd
txt
IP message
hd
txt
sq
d
13
Architecture of Hop Integrity Protocols

router p

router q

Applications

Application
s





Transport

Transport






secret




qe



pe
exchange



secrets
secrets
layer

Network

Network







integrity

check

qw

or



qs

pw

or


ps





layer

Subnetwork

Subnetwork






.

14
Component of Hop Integrity Protocols
  • Three protocols between each pair of adjacent
    routers
  • secret exchange protocol
  • weak integrity protocol
  • strong integrity protocol

15
How to Exchange Secret
  • Each router p has a secret S that it uses for
    computing the digest of every msg sent to an
    adjacent router q
  • Both p and q need to know S
  • What if p sends secret update message to q
    periodically?
  • Problem due to message loss
  • What if p sends secret update message to q
    periodically and q sends an ack to p?
  • Problem due to bundling of secret exchange layer
    and integrity check layer

16
Secret Exchange Protocol
  • q updates secret S used by p by sending a secret
    update message to p every T hours
  • When p receives secret update message from q, p
    updates secret and sends an ack to q
  • If q does not receive ack from p for t seconds, q
    retransmits the secret update message

17
Secret Exchange Protocol
S0
q
p
S
S1
S0 S1 S
S0 old S1 new
Bp?S0, S1?
if S S0 ? S S1 then S S1
Bq?S?
if S1 S then S0 S1
S0 S1 S
T hours
S0 old S1 new
Bp?S0, S1?
if S S0 ? S S1 then S S1
Bq?S?
if S1 S then S0 S1
S0 S1 S
18
Recovery in Secret Exchange Protocol
S0
q
p
S
S1
S0 S1 S
S0 old S1 new
Bp?S0, S1?
t seconds
S0 S ? S1
Bp?S0, S1?
if S S0? S S1 then S S1
Bq?S?
t seconds
S1 S ? S0
Bp?S0, S1?
if S S0? S S1 then S S1
Bq?S?
if S1 S then S0 S1
S0 S1 S
19
Weak Integrity Protocol
  • To detect insertion and modification
  • Each sent msg from p to q is as follows
  • (hd d txt)
  • where p computes d as
  • d MD(S hd txt)
  • On receiving a msg, q checks
  • if d MD(S0 hd txt) ?
  • d MD(S1 hd txt)
  • then q forwards msg
  • else q discards msg

20
Weak Integrity Protocol
S0
q
p
S
S1
(hd d txt)
. .
21
Strong Integrity
  • To detect replay, successive sequence numbers are
    attached to all sent msgs from p to q
  • Problem with reset
  • If p is reset, unbounded number of fresh messages
    are discarded by q
  • If q is reset, it can accept unbounded number of
    replayed messages
  • Two solutions to overcome reset
  • Soft sequence numbers
  • Hard sequence numbers

22
Soft Sequence Numbers
  • Successive sequence numbers are attached to all
    sent msgs from p to q
  • (hd sq txt)
  • q maintains three variables
  • exp sequence number of next msg
  • c msgs received
  • cmax random value changed when c reaches it
  • On receiving a msg, q checks
  • if (exp ? sq) ? (c cmax)
  • then q forwards msg
  • else q discards msg
  • fi q updates exp, c, cmax

23
Soft Sequence Numbers
exp
q
p
sq
c
cmax
sq
(hd sq txt)
sq1
c 0
. .
c 1
. .
. .
c cmax choose new cmax, c 0
24
Strong Integrity ProtocolUsing Soft Sequence
Numbers
  • Each sent msg from p to q is as follows
  • (hd sq d txt)
  • where p computes d as
  • d MD(S hd sq txt)
  • On receiving a msg, q checks
  • if (d MD(S0 hd sq txt) ?
  • d MD(S1 hd sq txt) ) ?
  • (exp ? sq ? c random value cmax)
  • then q forwards msg
  • else q discards msg
  • fi q updates exp, c, cmax

25
Hard Sequence Numbers
  • To overcome reset, use two operations SAVE and
    FETCH
  • When SAVE is executed, the last sequence number
    will be stored in persistent memory
  • When FETCH is executed, the last stored sequence
    number will be loaded from persistent memory into
    memory

26
Strong Integrity ProtocolUsing Hard Sequence
Numbers
  • Each sent msg from p to q is as follows
  • (hd sq d txt)
  • where p computes d as
  • d MD(S hd sq txt)
  • On receiving a msg, q checks
  • if (d MD(S0 hd sq txt) ?
  • d MD(S1 hd sq txt) ) ? (exp ? sq)
  • then q forwards msg
  • else q discards msg
  • fi q updates exp
  • p and q executes SAVE periodically
  • When waking up from a reset, p (or q) executes
    FETCH to fetch last stored seq, executes SAVE to
    store next seq, and continues after SAVE
    finishes

27
Tradeoff between Soft and Hard Sequence numbers
  • Soft sequence numbers are easier to implement
  • Do not require SAVE and FETCH operations and do
    not require persistent memory
  • Hard sequence numbers provide better security
  • When use soft sequence numbers, adversary has a
    chance, although small, to guess and get its
    sequence number accepted
  • When use hard sequence numbers, p and q stick to
    their sequence numbers and leave adversary no
    chance

28
Other Applications of Hop Integrity
  • Mobile IP
  • Secure multicast
  • Security of routing protocols

29
Mobile IP
  • A mobile computer c can visit a foreign network F
    other than its home network H
  • Msgs destined for c will be received by its home
    agent (HA) and forwarded to its foreign agent (FA)

m
m
home agent (HA)
c
Internet
m
F
H
foreign agent (FA)
30
Problem with Mobile IP
  • Mobile computer c can send a msg thru FA
  • However, this msg may be filtered out by next
    router q because its source address is strange

?
m
home agent (HA)
q
c
Internet
m
H
F
foreign agent (FA)
31
Mobile IP with Hop Integrity
  • With integrity check d added to msg m, q can
    check that m was indeed forwarded by FA
  • Thus, q ignores strange source of msg m and
    forwards m toward its ultimate destination

m
d
m
d
home agent (HA)
q
c
Internet
m
d
H
F
foreign agent (FA)
32
Multicast
  • Multicast msgs are forwarded through a spanning
    tree from root to every multicast destination
  • If a destination receives a multicast msg, then
    each destination receives a copy of same msg with
    high probability

33
Multicast
  • Multicast msgs are forwarded through a spanning
    tree from root to every multicast destination
  • If a destination receives a multicast msg, then
    each destination receives a copy of same msg with
    high probability

34
Multicast
  • Multicast msgs are forwarded through a spanning
    tree from root to every multicast destination
  • If a destination receives a multicast msg, then
    each destination receives a copy of same msg with
    high probability

35
Multicast
  • Multicast msgs are forwarded through a spanning
    tree from root to every multicast destination
  • If a destination receives a multicast msg, then
    each destination receives a copy of same msg with
    high probability

36
Security Problem with Multicast
  • If adversary inserts or modifies a multicast msg
    between two routers in middle of tree, then only
    a small fraction of multicast destinations
    receive the inserted or modified msg

37
Multicast with Hop Integrity
  • With hop integrity, an inserted or modified
    multicast message will be detected and discarded
    at its first hop in the spanning tree

38
Routing Information Protocol (RIP)
  • Every 30 seconds, RIP process in router R sends
    its routing table in a response msg to RIP
    process in each adjacent R
  • R updates its routing table when it receives a
    response msg from any adjacent R
  • Security problem

R?
R
RIP
RIP
UDP
IP
IP
39
RIP with Hop Integrity
  • With hop integrity, the response msgs are
    protected against message modification,
    insertion, and replay

R?
R
RIP
RIP
UDP
Secret Update
Secret Update
IP
IP
Integrity Check
Integrity Check
40
Security of Routing Protocols
  • Hop integrity can also provide uniform protection
    (against message modification, insertion, and
    replay) for other routing protocols
  • OSPF protocols (Hello, Exchange, Flood)
  • RSVP
  • Better than custom security mechanisms that have
    been proposed for some protocols

41
Implementation of Hop Integrity
  • Implementation of hop integrity protocols in
    Linux kernel
  • Add integrity check digest and soft sequence
    number to IP options in IP header
  • Compatible with legacy routers
  • Flexibility of deployment

42
Related Works
  • Ingress filtering RFC2827
  • Completes hop integrity
  • Secure routing Che97, MB96, SMG97
  • Not needed if hop integrity is installed
  • Traceback BLT01, SWK01, SPS01
  • Cannot prevent denial-of-service attacks, but can
    detect some of them
  • IPsec KA98a
  • Has goals other than dealing with
    denial-of-service attacks

43
Next Class
  • Security in transport layer
  • SSL and TLS
  • Application of SSL/TLS in Web security
  • Read Chapter 17
Write a Comment
User Comments (0)
About PowerShow.com