network security attacks
play

Network Security: Attacks CS 161: Computer Security Prof. Vern Paxson - PowerPoint PPT Presentation

Network Security: Attacks CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca


  1. Network Security: Attacks CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca Portnoff, Nate Wang http://inst.eecs.berkeley.edu/~cs161 / March 9, 2017

  2. IP Packet Header (Continued) • Two IP addresses – Source IP address (32 bits in main IP version) – Destination IP address (32 bits, likewise) • Destination address – Unique identifier/locator for the receiving host – Allows each node to make forwarding decisions • Source address – Unique identifier/locator for the sending host – Recipient can decide whether to accept packet – Enables recipient to send reply back to source

  3. Postal Envelopes: (Post office doesn’t look at the letter inside the envelope)

  4. Analogy of IP to Postal Envelopes: IP source address IP destination address (Routers don’t look at the payload beyond the IP header)

  5. IP: “ Best Effort ” Packet Delivery • Routers inspect destination address, locate “ next hop ” in forwarding table – Address = ~unique identifier/locator for the receiving host • Only provides a “ I’ll give it a try ” delivery service: – Packets may be lost – Packets may be corrupted – Packets may be delivered out of order source destination IP network

  6. Threats Due to the Lower Layers

  7. Layers 1 & 2: General Threats? Framing and transmission of a collection of bits into individual messages sent across a 7 Application single “ subnetwork ” (one physical technology) 4 Transport 3 (Inter)Network 2 Link Encoding bits to send them over a single physical link 1 Physical e.g. patterns of voltage levels / photon intensities / RF modulation

  8. Physical/Link-Layer Threats: Eavesdropping • Also termed sniffing • For subnets using broadcast technologies (e.g., WiFi, some types of Ethernet), get it for “ free ” – Each attached system’s NIC (= Network Interface Card) can capture any communication on the subnet – Some handy tools for doing so o tcpdump (low-level ASCII printout)

  9. TCPDUMP: Packet Capture & ASCII Dumper 9

  10. Physical/Link-Layer Threats: Eavesdropping • Also termed sniffing • For subnets using broadcast technologies (e.g., WiFi, some types of Ethernet), get it for “ free ” – Each attached system’s NIC (= Network Interface Card) can capture any communication on the subnet – Some handy tools for doing so o tcpdump (low-level ASCII printout) o Wireshark (GUI for displaying 800+ protocols)

  11. Wireshark: GUI for Packet Capture/Exam. 11

  12. Wireshark: GUI for Packet Capture/Exam. 12

  13. Wireshark: GUI for Packet Capture/Exam. 13

  14. Physical/Link-Layer Threats: Eavesdropping • Also termed sniffing • For subnets using broadcast technologies (e.g., WiFi, some types of Ethernet), get it for “ free ” – Each attached system’s NIC (= Network Interface Card) can capture any communication on the subnet – Some handy tools for doing so o tcpdump (low-level ASCII printout) o Wireshark (GUI for displaying 800+ protocols) o Bro (scriptable real-time network analysis; see bro.org ) • For any technology, routers (and internal “ switches ” ) can look at / export traffic they forward • You can also “ tap ” a link – Insert a device to mirror the physical signal

  15. Physical/Link-Layer Threats: Eavesdropping • Also termed sniffing • For subnets using broadcast technologies (e.g., WiFi, some types of Ethernet), get it for “ free ” – Each attached system’s NIC (= Network Interface Card) can capture any communication on the subnet – Some handy tools for doing so o tcpdump (low-level ASCII printout) o Wireshark (GUI for displaying 800+ protocols) o Bro (scriptable real-time network analysis) • For any technology, routers (and internal “ switches ” ) can look at / export traffic they forward • You can also “ tap ” a link – Insert a device to mirror the physical signal – Or: just steal it!

  16. Stealing Photons

  17. Protec1ng Against Eavesdropping in the Coffee Shop

  18. 1. Join the wireless network If either match up, your laptop joins the network. Op;onally performs a cryptographic exchange.

  19. 1. Join the wireless network If either match up, your laptop joins the network. Op1onally performs a cryptographic exchange.

  20. 1. Join the wireless network If either match up, your laptop joins the network. Op1onally performs a cryptographic exchange. Most commonly today, that is done using WPA2.

  21. Password: $secret! KeyCounter KeyCounter (and other stuff) (and other stuff) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  22. SSID Password: $secret! KeyCounter (and other stuff) Both your laptop and the AP now compute: K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  23. This func;on Password: $secret! KeyCounter (and other stuff) Both your laptop and the AP now compute: K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  24. This func;on computes this many itera;ons Password: $secret! KeyCounter (and other stuff) Both your laptop and the AP now compute: K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  25. This func;on computes this many itera;ons of this func;on Password: $secret! KeyCounter (and other stuff) Both your laptop and the AP now compute: K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  26. This func;on computes this many itera;ons of this func;on using this as the MAC key Password: $secret! KeyCounter (and other stuff) Both your laptop and the AP now compute: K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  27. This func;on computes this many itera;ons of this func;on using this as the MAC key and the XOR of these as the ini;al input. Password: $secret! KeyCounter (and other stuff) Both your laptop and the AP now compute: K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  28. This func;on computes this many itera;ons of this func;on using this as the MAC key and the XOR of these as the ini;al input. Each subsequent itera;on takes the output of the previous computa;on as Password: $secret! its input. KeyCounter (and other stuff) Both your laptop and the AP now compute: K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  29. Now your laptop and the AP have derived a shared secret. K K Password: $secret! KeyCounter (and other stuff) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  30. Eve Eve a5acks! K K Password: $Secret! KeyCounter (and other stuff) K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  31. Eve Since the password is never exposed, if Eve doesn’t know it, the best she can do is a dic1onary aFack to try to guess it. K K Password: $secret! KeyCounter (and other stuff) K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  32. Eve Since the password is never exposed, if Eve doesn’t know it, the best she can do is a dic1onary aFack to try to guess it . K This goes slowly due to the 1000s of HMAC itera;ons. K Password: $secret! KeyCounter (and other stuff) K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  33. Eve BUT: if Eve ponies up $2.25 for a cup of coffee and gets the password to the local net … K K Password: $secret! KeyCounter (and other stuff) K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  34. K Eve BUT: if Eve ponies up $2.25 for a cup of coffee and gets the password to the local net … then she knows both of these! K K Password: $secret! KeyCounter (and other stuff) K = F(HMAC-SHA1, “$secret!", “ATT192”, KeyCounter , 4096) KeyCounter WPA2, common form (“Personal”; simplified) (and other stuff)

  35. WPA2, actually-secure-but-inconvenient form(“Enterprise”; simplified)

  36. Your laptop is preconfigured with a cert for an Authen1ca1on Server . a { Auth : : A } K -1 CA Auth WPA2, actually-secure-but-inconvenient form(“Enterprise”; simplified)

  37. You establish a secure connec;on via the AP to the Authen;ca;on Server using TLS. a { Auth : : A } K -1 CA Auth WPA2, actually-secure-but-inconvenient form(“Enterprise”; simplified)

  38. You then transmit your authen;ca;on info (username/password, or your own cert) to the server User=Alice, Password= ReallyHard2Gue$$ a { Auth : : A } K -1 CA Auth WPA2, actually-secure-but-inconvenient form(“Enterprise”; simplified)

Recommend


More recommend