evaluating network security using internet measurements
play

Evaluating Network Security using Internet Measurements Oliver - PowerPoint PPT Presentation

Mar 03, 2024 •352 likes •900 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security using Internet Measurements Oliver Gasser Tuesday 23 rd May, 2017 Chair of Network Architectures and Services

  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security using Internet Measurements Oliver Gasser Tuesday 23 rd May, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

  2. Chair of Network Architectures and Services Department of Informatics Technical University of Munich About me • Scientific researcher / PhD candidate • Chair of Network Architectures and Services • Technical University of Munich (Germany) • Co-leader of the Global Internet Observatory project • Research interests • Security protocols (TLS, SSH,. . . ) • Amplification attacks • IPv6 scanning O. Gasser — Evaluating Network Security using Internet Measurements 2

  3. Chair of Network Architectures and Services Department of Informatics Technical University of Munich What will this talk be about? • Internet-wide measurements • SSH • BACnet • IPv6 scanning O. Gasser — Evaluating Network Security using Internet Measurements 3

  4. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet measurements • Useful tool • Various techniques • Focus on empirical security measurements O. Gasser — Evaluating Network Security using Internet Measurements 4

  5. Chair of Network Architectures and Services Department of Informatics Technical University of Munich SSH • Secure Shell protocol • Provides encrypted & authenticated remote shell access • Mostly used on servers and routers to provide administrative ac- cess • Security critical protocol → evaluate SSH’s security O. Gasser — Evaluating Network Security using Internet Measurements 5

  6. Chair of Network Architectures and Services Department of Informatics Technical University of Munich SSH measurements • Internet-wide SSH scans 1 • Found ≈ 15 M servers • 42 k servers offer SSH 1 only • Downloaded > 25 M SSH host keys • Host keys identify a server similar to a certificate in TLS • Co-prime weak keys found (0.015 %, 2.4 % for SSH1) • Debian-weak keys found (0.05 %) • Man-in-the-Middle attack possible with weak keys 1 Gasser et al.: “A deeper understanding of SSH: results from Internet-wide scans”, NOMS’14. O. Gasser — Evaluating Network Security using Internet Measurements 6

  7. Chair of Network Architectures and Services Department of Informatics Technical University of Munich SSH: Duplicate keys 1.0 DE 0.5 TW1 • Same key on multiple servers US/JP US SG 0.1 • Similar threat of MitM attacks • Heavily clustered based on Pr[ #hosts > X ] 0.01 Autonomous Systems 1e−3 • Web-hosting providers deploy systems with pre- 1e−4 generated keys • SSH gateways 1 100 10,000 100,000 Number of hosts per key =: X O. Gasser — Evaluating Network Security using Internet Measurements 7

  8. Chair of Network Architectures and Services Department of Informatics Technical University of Munich SSH: Lessons learned • Weak keys • Duplicate keys • Man-in-the-Middle attacks possible • Use public key authentication to thwart MitM • Take cautionary measures before conducting SSH scans ¨ ⌣ O. Gasser — Evaluating Network Security using Internet Measurements 8

  9. Chair of Network Architectures and Services Department of Informatics Technical University of Munich The Internet? O. Gasser — Evaluating Network Security using Internet Measurements 9

  10. Chair of Network Architectures and Services Department of Informatics Technical University of Munich The Internet O. Gasser — Evaluating Network Security using Internet Measurements 10

  11. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet • Building Automation and Control Networks • Used to control • Heating • Solar panels • Ventilation • . . . • Unsolicited access can have real-world consequences • Presence detection → Break into home • Manipulate heating, water flow,. . . • Security & safety critical protocol → evaluate BACnet ’s security O. Gasser — Evaluating Network Security using Internet Measurements 11

  12. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet measurements • Internet-wide BACnet scans 2 • UDP-based request-response protocol • Retrieve and set properties • No security built in • More than 16k devices found 2 Gasser et al.: “Security Implications of Publicly Reachable Building Automation Systems”, WTMC’17. O. Gasser — Evaluating Network Security using Internet Measurements 12

  13. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet: Deployment → Heavily clustered in countries and ASes O. Gasser — Evaluating Network Security using Internet Measurements 13

  14. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Amplification attacks Amplifier Amplifier Network Network Small Large requests response with spoofed to victim IP address Victim Victim Attacker Attacker O. Gasser — Evaluating Network Security using Internet Measurements 14

  15. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: O. Gasser — Evaluating Network Security using Internet Measurements 15

  16. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: BACnet → UDP-based � O. Gasser — Evaluating Network Security using Internet Measurements 15

  17. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: BACnet → UDP-based � • No authentication: O. Gasser — Evaluating Network Security using Internet Measurements 15

  18. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: BACnet → UDP-based � • No authentication: BACnet → No handshake necessary � O. Gasser — Evaluating Network Security using Internet Measurements 15

  19. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: BACnet → UDP-based � • No authentication: BACnet → No handshake necessary � • Amplification: O. Gasser — Evaluating Network Security using Internet Measurements 15

  20. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: BACnet → UDP-based � • No authentication: BACnet → No handshake necessary � • Amplification: BACnet → ? O. Gasser — Evaluating Network Security using Internet Measurements 15

  21. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet: Amplification factor • About 14k BACnet devices misusable as amplifier • Request same property multiple times within one request • Amplification factor similar to DNS Open Resolver • Operators write really detailed location information into BACnet devices O. Gasser — Evaluating Network Security using Internet Measurements 16

  22. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet: Amplification factor • About 14k BACnet devices misusable as amplifier • Request same property multiple times within one request • Amplification factor similar to DNS Open Resolver • Operators write really detailed location information into BACnet devices • Hwy 57; Located in the silver box on the electrical pole in front of Grove Primary Care Clinic. Pole 123 O. Gasser — Evaluating Network Security using Internet Measurements 16

  23. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks! • Connectionless: BACnet → UDP-based � • No authentication: BACnet → No handshake necessary � • Amplification: O. Gasser — Evaluating Network Security using Internet Measurements 17

  24. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks! • Connectionless: BACnet → UDP-based � • No authentication: BACnet → No handshake necessary � • Amplification: BACnet → Freely choose combination of requested properties � O. Gasser — Evaluating Network Security using Internet Measurements 17

  25. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet: Lessons learned • Never attach your BACnet device to the public Internet • Direct threats: Information leakage, surveillance,. . . • Indirect threats: Misused as amplifier • Notify affected parties via CERTs O. Gasser — Evaluating Network Security using Internet Measurements 18

  26. Chair of Network Architectures and Services Department of Informatics Technical University of Munich IPv6 measurements • IPv6 adoption 3 ≈ 15% • Vast address space • Brute-force scanning approach infeasible • Smart address selection needed 3 https://www.google.com/intl/en/ipv6/statistics.html O. Gasser — Evaluating Network Security using Internet Measurements 19

Recommend

Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday 24 th May, 2019 Chairman: Prof. Dr. Jrg

877 views • 55 slides
Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The Internet as a whole is poorly CS 239 measured Advanced Topics in Network And, hence, poorly understood Security No existing network-wide

354 views • 4 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
A summary of security-related network measurements. David Malone Maynooth University.

A summary of security-related network measurements. David Malone Maynooth University.

A summary of security-related network measurements. David Malone Maynooth University. 2017-09-11 15:15:00 Network Measurement Results Internet Measurement Conference (IMC), Passive and Active Measurement Conference (PAM), Traffic

812 views • 12 slides
Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High

Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High

Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High Quality Path- Discover network trends, find paths Building network models oriented Network Measurement Run experiments using models and

209 views • 4 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet

In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet

Chair of Network Architectures and Services Department of Informatics Technical University of Munich In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements Oliver Gasser, Benjamin Hof, Max

531 views • 39 slides
Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH

Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH

Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH Zrich Imagine a building or structure that represents the Internet The Internet The Internet is perceived to be like the pyramids: monumental

776 views • 19 slides
Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison

Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison

Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison Telco/Internet Comparison Internet Telephone System no central authority central authority end systems in control network in control

1.07k views • 59 slides
Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group,

Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group,

Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group, ETH Zrich Worst Internet Security Problems? Malware (worms, viruses, etc.) Spyware Ransomware APT HTTP-based attacks Spam,

424 views • 17 slides
Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof.

Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof.

Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof. Raluca Ada Popa Feb 27, 2018 Some slides credit David Wagner Announcements Midterm grades released Regrades: Read the follow-ups on the

1.75k views • 156 slides
Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on

Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on

Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on Fire! Lack of sovereignty Frequent outages https://downdetector.com Constant DDoS attacks https://www.digitalattackmap.com

730 views • 48 slides
Macro- and Microscopic Analysis of the Internet Economy from Network Measurements Jakub Mikians

Macro- and Microscopic Analysis of the Internet Economy from Network Measurements Jakub Mikians

Introduction Macroscopic view: Interdomain Traffic Matrix Microscopic view: Price Discrimination Conclusions and Further Work Contributions Backup Macro- and Microscopic Analysis of the Internet Economy from Network Measurements Jakub Mikians

1.04k views • 78 slides
Introduction to Network Security Chapter 3 The Internet Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 3 The Internet Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 3 The Internet Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics The Internet Addressing Client Server Routing Dr. Doug Jacobson - Introduction to 2 Network

940 views • 24 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things (IoT)? Why is IoT Security so Important? Dyn DDOS Attack What are the security challenges of an IoT network? A Proposed Taxonomy

176 views • 14 slides
Division (CSD) Active Internet Measurements (AIMS) 2015 Conference B. Ann Cox, PhD. Program

Division (CSD) Active Internet Measurements (AIMS) 2015 Conference B. Ann Cox, PhD. Program

DHS S&T Cyber Security Division (CSD) Active Internet Measurements (AIMS) 2015 Conference B. Ann Cox, PhD. Program Manager Cyber Security Division (CSD) HSARPA Science and Technology (S&T) Directorate CSDs Going to RSA! The

813 views • 9 slides
Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Compiler Infrastructure Systems and Internet Infrastructure Security

603 views • 23 slides
Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Namespaces Systems and Internet Infrastructure Security (SIIS)

1.13k views • 49 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #15 Oct 20 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Reading: How to 0wn the Internet See schedule page

647 views • 49 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Two new readings were assigned How to 0wn the Internet in

768 views • 39 slides
CMPSC 497 Security Basics Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497 Security Basics Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Security Basics Trent Jaeger Systems and Internet

397 views • 28 slides

More recommend