augmented send aligning security privacy and usability
play

Augmented SEND: Aligning Security, Privacy, and Usability Ahmad - PowerPoint PPT Presentation

Nov 26, 2023 •411 likes •885 views

Augmented SEND: Aligning Security, Privacy, and Usability Ahmad AlSadeh Supervisor: Prof. Dr. Christoph Meinel Hasso-Plattner-Institut, University of Potsdam April 23, 2013 IPv4 address exhaustion 2 IANA unallocated address pool IPv6

  1. Augmented SEND: Aligning Security, Privacy, and Usability Ahmad AlSadeh Supervisor: Prof. Dr. Christoph Meinel Hasso-Plattner-Institut, University of Potsdam April 23, 2013

  2. IPv4 address exhaustion 2 ■ IANA unallocated address pool ■ IPv6 deployment is happening exhaustion: 03-Feb-2011 □ World IPv6 Launch Day: June 6, 2012 Google IPv6 Statistics IPv4 Address Report http://www.potaroo.net/tools/ipv4/ http://www.google.com/ipv6/index.html Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  3. Comparison of IPv4 and IPv6 3 IPv4 IPv6 2 32 = 4,294,967,296 2 128 = 340 trillion trillion trillion Number of Addresses = 4 billion addresses addresses Decimal notation: Hexadecimal notation: Address Format 192.146.200.67 2001:5FEB:BEEF::CAFE Prefix Notation 192.146.0.0/24 2001:5FEB:BEEF::/64 Stateless Address Autoconfiguration, Addresses Manually or through DHCP assigned using DHCPv6, or manually configuration configured IP<--> MAC Address Resolution Protocol Neighbor Discovery Protocol Translation (ARP) (NDP) Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  4. Neighbor Discovery Protocol (NDP) 4 ■ NDP is a part of ICMPv6 ■ Fundamental protocol in IPv6 suite □ Obtain configuration information including: □ Router, subnet prefix, and parameter discovery Internet □ Determine when a neighbor is no longer reachable □ Perform address resolution □ … Router Router ■ Local link protocol □ Subnet scope NDP scope host host host Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  5. NDP vulnerabilities 5 ■ NDP messages lack authentication □ The assumption that all nodes trust each other Internet ■ Attacks come from malicious □ host Router Router □ router ■ NDP is vulnerable to many attacks □ Spoofing □ Replay □ Rogue router □ … host host host Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  6. NDP vulnerabilities ( continue …) 6 ■ Duplicate Address Detection (DAD) DoS attack □ THC-IPv6 Attack Suite http://www.thc.org/thc-ipv6/ – dos-new-ip6 New Host Attacker Does anyone use this address Yes, I have this address ■ SEcure Neighbor Discovery (SEND) is the proposed solution Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  7. Outline ■ SEcure Neighbor Discovery (SEND) 7 ■ Problem statement ■ SEND users’ preferences □ Time – Based CGA □ CGA privacy Extension ■ WinSEND ■ CGAs enhancements: security and performance ■ SEND and IPsec ■ Conclusion Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  8. SEcure Neighbor Discovery (SEND) 8 ■ SEND is an integral part of NDP ■ Address Authentication ( Address Ownership Proof) □ CGA Option □ RSA Signature Option ■ Replay Protection □ Nonce Option □ Timestamp Option ■ Authorization Delegation Discovery (ADD) □ Certificate Path Solicitation (CPS), ICMPv6 message □ Certificate Path advertisement (CPA), ICMPv6 message Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  9. SEND (Simplified) Host A 9 Host B Hash ( Kpub , Parameters) 64 bits 64 bits Subnet Prefix Interface Identifier Sign(ND message) Source address = CGA address Verify Hash ( Kpub , Parameters) CGA option= Kpub + other parameters = Interface Identifier Nonce option Timestamp option Verify signature with Kpub RSA Signature Option = Signature SEND options are sent with the NDP message Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  10. NDP message protected by SEND 10 Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  11. Cryptographically Generated Addresses (CGAs) ■ Address authentication (Address ownership proof) 11 ■ Sender’s public key is bounded to IPv6 address ■ CGA generation algorithm Hash Extension CGA parameters 0 Hash2 Yes Final Subnet Collision 16xSec RSA Kpub 16xSec (112 bits) Modifier prefix Count leftmost =0? (variable) (128 bits) (64 bits) (8bits) Hash2 bits must be zero No SHA-1 SHA-1 Increment Modifier 64 bits Hash1 (160 bits) Modifier 0 0 RSA Kpub (128 bits) (64 bits) (8bits) (variable) Subnet prefix Sec ug • Generate/ Obtain an RSA key pair CGA • Pick a random Modifier • Select a Sec value Check the uniqueness of IPv6 address (DAD) • Set Collision Count to 0 Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  12. Sec value of the CGA 12 ■ In CGA, Sec (0 to 7), unsigned 3-bit integer, is scale factor which increases the cost (hash operation) for both □ The attacker : O(2 59+16xSec ) □ The address generator: O(2 16xSec ) ■ For example 16xSec 0 □ Sec=0, Hash2=0X123456789ABCD… Hash2 16xSec (112 bits) =0? □ Sec=1, Hash2=0X0000 56789ABCD… No □ Sec=2, Hash2=0X00000000 9ABCD… SHA-1 Increment Modifier □ … Modifier 0 0 RSA Kpub (128 bits) (64 bits) (8bits) (variable) Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  13. Problem statement ■ There are several factors that limit SEND deployment 13 □ SEND is compute-intensive and bandwidth-consuming □ SEND high time complexity may lead to privacy-related attacks □ SEND has not mature implementation for end user operating systems □ SEND is still vulnerable to DoS attacks □ Router Authorization Delegation Discovery (ADD) mechanism is so far theoretical rather than practical Publication: Ahmad AlSa'deh, Christoph Meinel, "Secure Neighbor Discovery: Review, Challenges, □ Perspectives, and Recommendations," IEEE Security & Privacy, vol. 10, no. 4, pp. 26-34, July-Aug. 2012. Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  14. Research questions ■ How could we decrease the complexity of SEND calculations to 14 make it usable without major changes to the SEND itself? ■ How could we enhance CGA against the privacy-related attacks? ■ What could we do to make SEND available for end users? ■ How SEND and IPsec can work together for securing IPv6 networks? Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  15. 1. SEND is compute-intensive 15 ■ Cryptography means a lot of computations ■ The average time for CGA address generation 16xSec Processor with 2.6 GHz 0 Hash2 16xSec (112 bits) Sec Average time = 0? 1 ~ 0.5 seconds No SHA- 2 ~ 2 hours 1 Increment Modifier 3 ~ 12 years 4 ~ 1.6. 10 6 years Modifier 0 0 RSA Kpub (128 bits) (64 bits) (8bits) (variable) • Select a Sec ■ Even for the same Sec value, predicting the convergence time is very difficult Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  16. Time-Based CGA (TB-CGA) ■ TB-CGA: Modifications to standard CGA 16 □ Select “ time parameter ” as an input □ Keep track of the best found security level within determined time □ Reduce the granularity of the security level from “16” to “ 8 ” Standard CGA Time-Based CGA 16xSec 8xSec 0 Hash2 16xSec 0 Hash2 (112 bits) = 0? Exceed (112 bits) time? No No SHA- SHA- 1 Increment 1 Increment Modifier -Store the Modifier Modifier -Store the best Hash2 Modifier 0 0 RSA Kpub Modifier 0 0 RSA Kpub (128 bits) (64 bits) (8bits) (variable) (128 bits) (64 bits) (8bits) (variable) • Select a Sec • Select a Time Parameter Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  17. Sec value measurements for different granularity ■ Granularity 16 (before) ■ Granularity 8 (after) 17 For Sec=0: 96.25% Sec=0: 12.53% For Sec=1: 3.75% Sec=1: 80.05% Ahmad Alsa'deh, Hosnieh Rafiee, Christoph Meinel, "Stopping Time Condition for Practical IPv6 ■ Cryptographically Generated Addresses," ICOIN, pp.257-262, The International Conference on Information Network 2012, 2012. Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  18. 2. Privacy concerns ■ High Sec value may cause unacceptable delay 18 ■ It is likely that once a host generates an acceptable CGA, it will continue to use □ this same address □ the same public key ■ hosts using CGAs could be susceptible to privacy related attacks Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  19. CGA privacy extensions ■ Three main modifications 19 Reducing the granularity of CGA Setting a CGA lifetime Automatic key pair generation Ahmad Alsa’deh , Hosnieh Rafiee, and Christoph Meinel, "IPv6 Stateless Address Autoconfiguration: ■ Balancing Between Security, Privacy and Usability" in 5th International Symposium on Foundations and Practice of Security, FPS 2012, LNCS 7743, pp. 149 – 161, 2012. Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

Recommend

CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on

CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on

CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on Computation and Society Harvard University 1 Administrivia Final Project Presentation Schedules are on the website. HW4 2 Tonight we will look at

520 views • 35 slides
The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019

The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019

The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019 Hello! Im Joris van Rooij Software Architect at Jibe.Company From Eindhoven, the Netherlands J I B E . C O M P A N Y I like...

1.72k views • 144 slides
Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety &amp; Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety &amp; Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety &amp; Consent Georgia Bullen // @georgiamoon Executive Director Simply Secure FOSDEM // 2 February 2020 Everyone deserves technology they can trust. Simply Secure

437 views • 28 slides
IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad AlSadeh, Hosnieh Rafiee, Christoph Meinel Hasso-Plattner-Institut, University of Potsdam, Germany IPv6 StateLess Address Auto- Configuration

330 views • 20 slides
Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security Browser SSL Password Encryption warnings schemes usability IT Security 40M consumer 153M end user Thousands of credit cards credentials

785 views • 39 slides
Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Phd course on Formal modelling and analysis of interactive systems Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone United Nations University International Institute for Software Technology

1.76k views • 109 slides
CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something

CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something

CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something that you know Something that you have Something that you are Uses of Biometrics: Simple: Verification Is this who he claims to be?

592 views • 40 slides
Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA

Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA

Technology Usability Lab in Privacy and Security Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA {FIRSTNAME.LASTNAME}@ED.AC.UK End users requirement of usability is starting to be acknowledged as a serious market

490 views • 23 slides
Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Introduction Security-usability threat model Security and usability evaluation Summary Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe Oxford University Computing Laboratory Availability,

829 views • 23 slides
Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi

Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi

Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi Google, Inc. Rochester Institute of Technology kak@google.com rlaz@cs.rit.edu Symposium on Usable Privacy and Security (SOUPS) 2009 July 15th-17th,

272 views • 26 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 25: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science &amp; Engineering

419 views • 4 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science &amp; Engineering

219 views • 5 slides
Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271 Announcements intermission Introduction to Computer Security Usability and Voting combined slides Usable security example areas Stephen McCamant Elections

305 views • 8 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Human Factors Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI)

Human Factors Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Human Factors Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Discuss the practical consideration of usability of security

459 views • 31 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. &quot;Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Usability of privacy policies: Notice and choice Michelle Mazurek With material from Lorrie

Usability of privacy policies: Notice and choice Michelle Mazurek With material from Lorrie

Usability of privacy policies: Notice and choice Michelle Mazurek With material from Lorrie Cranor, Florian Schaub, and Carman Neustaedter 1 Logistics HW3 grades are out See detailed comments in ELMS Today: Privacy policies, notice

786 views • 42 slides
S &amp; P SECURITY &amp; PRIVACY GROUP Security and Privacy for Payment Channel Networks

S &amp; P SECURITY &amp; PRIVACY GROUP Security and Privacy for Payment Channel Networks

FAKULTT FR !NFORMATIK Faculty of Informatics S &amp; P SECURITY &amp; PRIVACY GROUP Security and Privacy for Payment Channel Networks Pedro Moreno-Sanchez Blockchain Summer School BDLT19 Vienna, Sep 2nd 2019 Blockchain Research

1.41k views • 73 slides
Portfolio of Work (9 pages) T H E N E X T R E V O L U T I O N I N R E T A I L AUGMENTED

Portfolio of Work (9 pages) T H E N E X T R E V O L U T I O N I N R E T A I L AUGMENTED

T H E N E X T R E V O L U T I O N I N R E T A I L AUGMENTED REALITY (AR) What is Augmented Reality Augmented Leads in Technology Visual Methodology Augmented Reality Forecast Multi-sided Marketing Model

280 views • 25 slides
Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much easier if there were someone we could all TRUST with our data Be8er data mining -- using MORE data, while respec@ng users PRIVACY

888 views • 35 slides
Web Privacy Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI)

Web Privacy Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Web Privacy Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Consider the difference between security and privacy Discuss work

814 views • 43 slides
Privacy &amp; Security Matters: Privacy &amp; Security Matters: Protecting Personal Data

Privacy &amp; Security Matters: Privacy &amp; Security Matters: Protecting Personal Data

Privacy &amp; Security Matters: Privacy &amp; Security Matters: Protecting Personal Data Protecting Personal Data Privacy &amp; Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides

More recommend