IN3210 – Network Security Computer Security Foundations
What is Security? Attacker Assets Threat Counter- measure
Computer Security ⚫ Security of computers and networks ⚫ Protection of digital assets ⚫ Axioms of Computer Security: − Confidentiality (e.g. of transmitted secret information) − Integrity (e.g. of stored data) − Availability (e.g. of services) ⚫ Further goals: − Authenticity − Non-repudiation − Privacy
Motivations for attacks ⚫ Financial advantages − Free of charge use service with costs − Performing financial transactions − → Spoofing different identity ⚫ “Fun” − Challenging security systems ⚫ “Revenge” − Vandalism − Intrigues ⚫ Political or religious motives
Security Threats ⚫ Examples for attacks ⚫ Basic attack measures − Services: on communication ▪ Denial-of-Service − Communication: − Sniffing ▪ Eavesdropping − Redirection, e.g. ▪ Modification ▪ ARP Spoofing − Stored data: ▪ DNS Poisoning ▪ Espionage ▪ Phishing ▪ Deletion − Man-in-the-middle ▪ „Vandalism“
“Nomenclature” ⚫ The “good” ones: Alice − Alice − Bob Bob ⚫ The “bad” ones: − Eve (passive attacker) − Mallory (active attacker) Mallory Eve 6
Sniffing ⚫ Requires access to the communication medium ⚫ Passive Attacks, e.g.: − Eavesdropping − Traffic analysis Eve Bob Alice
Redirection ⚫ Can be used as preparation for man-in-the middle attacks Eve / Mallory Bob Alice
Man-in-the-middle ⚫ Passive attacks (see „Sniffing“) ⚫ Active attacks, e.g. − Packet drop − Packet modification − Packet injection − Packet replay Alice Bob Eve / Mallory
Adversary Model ⚫ Important question: − What capabilities do I assume for the attacker? − What kind of attacks can the attacker perform? ⚫ → Adversary model ⚫ Required for implementing countermeasures/testing security protocols ⚫ Typical adversary model (Dolev and Yao, 1983): − The attacker can perform any of the aforementioned action on transmitted packets − The attacker can not break “secure” algorithms (e.g. AES) ⚫ Security schemes (e.g. cryptographic protocols) must guarantee their security goals in the presence of this attacker 10
Attack Examples 11
ARP ⚫ Address Resolution Protocol ⚫ Maps inside local networks from IP address to MAC address 10.0.0.8 Who has 10.0.0.8? 10.0.0.8 = FA … B3 FA … B3
ARP Spoofing (Redirection Attack) 10.0.0.8 Who has 10.0.0.8? FA … B3 10.0.0.8 = DC … A7 10.0.0.24 DC … A7
IP Protocol ⚫ Properties: − Connection-less − Adressing: source + target IP address − No QoS − No acklowledgement − No protection of packet order − No protection from packet loss / duplication ⚫ No mechanisms for: − Confidentiality − Integrity − Authenticity − Non-repudiation − Anonymity
IP Address Spoofing Message from C Network Network 131.234.142.* 129.13.182.* A B IP Packet 129.13.182.17 Source Destination 131.234.142.34 129.13.182.17 Data Router Router C 131.234.142.34
IP Address Spoofing A ⚫ Principle: B − Attacker (A) sends packet to B using source IP address of C C − Possible response is sent back to C ⚫ Variants: − Denial of Service on C − Tricking B (or C): ▪ Response not required (e.g. DNS spoofing) ▪ Response can be anticipated ▪ Response can still be read by A (e.g. ARP spoofing) ⚫ Works better with connectionless protocols like UDP or ICMP than for example with TCP
Denial-of-Service (DoS) ⚫ Attacker tries to overload the target service or network ⚫ → „Service Denial“ for legitimate users ⚫ Attack can target different service layers: − Network (e.g. gateway, TCP/IP stacks) − Representation (e.g. XML processing) − Application − Database ⚫ Attacker looks for the bottleneck inside the service processing chain!
DoS Example: SYN Flooding Client Server SYN Client Server SYN ACK SYN SYN ACK SYN ACK SYN ACK SYN SYN ACK
DDoS: Distributed DoS ⚫ Often executed by multiple attackers: Distributed Denial of service (DDoS) ⚫ Either controlled by botnet or „crowd“
⚫ Offers DDoS as a service: ⚫ Millions of infected IoT devices (routers, IP cameras) DDoS: Mirai Botnet 50.000 devices for 2 weeks: 3000$ - 4000$ Image Source: https://fossbytes.com/live-map-shows-record-breaking-mirai-malware-attacking-country/ Image Source: http://www.bleepingcomputer.com/news/security/you-can-now-rent-a-mirai-botnet-of-400-000-bots/
DDoS: Mirai Botnet ⚫ Illustrating the infection with Mirai Quelle: Twitter
⚫ One victim DDoS: Mirai Botnet 22 Source: http://krebsonsecurity.com/
Attack Examples ⚫ ... many more to come throughout the class 23
Recommend
More recommend
