other defenses threat model beyond tls
play

Other defenses Threat model (beyond TLS) TLS = confidentiality, - PowerPoint PPT Presentation

Nov 18, 2022 •215 likes •605 views

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure

  1. Other defenses

  2. Threat model (beyond TLS) • TLS = confidentiality, integrity, authenticity • Metadata leaks • Resource starvation

  3. Topic • Virtual Private Networks (VPNs) • Run as closed networks on Internet • Use IPSEC to secure messages Internet Introduction to Computer Networks 61

  4. Motivation • The best part of IP connectivity • You can send to any other host • The worst part of IP connectivity • Any host can send packets to you! • There’s nasty stuff out there … Internet Introduction to Computer Networks 62

  5. Motivation (2) • Often desirable to separate network from the Internet, e.g., a company • Private network with leased lines • Physically separated from Internet Leased line Site C Site A Site B No way in! Introduction to Computer Networks 63

  6. Motivation (3) • Idea: Use the public Internet instead of leased lines – cheaper! • Logically separated from Internet … • This is a Virtual Private Network (VPN) Virtual link Site C Site A Internet Site B Maybe … Introduction to Computer Networks 64

  7. Goal and Threat Model • Goal is to keep a logical network (VPN) separate from the Internet while using it for connectivity • Threat is Trudy may access VPN and intercept or tamper with messages Ideal Introduction to Computer Networks 65

  8. Tunneling • How can we build a virtual link? With tunneling! • Hosts in private network send to each other normally • To cross virtual link (tunnel), endpoints encapsulate packet Tunnel endpoint Tunnel endpoint Virtual link or tunnel Private Network A Public Internet Private Network B Introduction to Computer Networks 66

  9. Tunneling (2) • Tunnel endpoints encapsulate IP packets (“IP in IP”) • Add/modify outer IP header for delivery to endpoint App App Tunnel Many Tunnel Endpoint Routers! Endpoint TCP TCP IP IP IP IP IP IP IP IP 802.11 802.11 802.11 802.11 Ethernet Ethernet Private Network A Public Internet Private Network B 67

  10. Tunneling (3) • Simplest encapsulation wraps packet with another IP header • Outer (tunnel) IP header has tunnel endpoints as source/destination • Inner packet has private network IP addresses as source/destination Outer (Tunnel) IP Inner packet HTTP IP IP TCP Introduction to Computer Networks 68

  11. Tunneling (4) • Tunneling alone is not secure … • No confidentiality, integrity/ authenticity • Trudy can read, inject her own messages • We require cryptographic protections! • IPSEC (IP Security) is often used to secure VPN tunnels Introduction to Computer Networks 69

  12. IPSEC (IP Security) • Longstanding effort to secure the IP layer • Adds confidentiality, integrity/authenticity • IPSEC operation: • Keys are set up for communicating host pairs • Communication becomes more connection-oriented • Header and trailer added to protect IP packets Tunnel Mode Introduction to Computer Networks 70

  13. Takeaways • VPNs are useful for building networks on top of the Internet • Virtual links encapsulate packets • Alters IP connectivity for hosts • VPNs need crypto to secure messages • Typically IPSEC is used for confidentiality, integrity/authenticity Introduction to Computer Networks 71

  14. Tor • “The Onion Router” • Basic idea: 1. Many volunteers act as routers in the overlay 2. Generate circuit of routers that you know will send packet 3. Encrypt the packet in layers for each router in circuit 4. Send the packet 5. Each router receives, decrypts their layer, and forwards based on new info 6. Routers maintain state about circuit to route stuff back to sender • But again, only know the next hop

  15. Resource Attacks

  16. Topic • Distributed Denial-of-Service (DDOS) • An attack on network availability Yum! Internet Introduction to Computer Networks 74

  17. Topic • Distributed Denial-of-Service (DDoS) • An attack on network availability Uh oh! Internet Introduction to Computer Networks 75

  18. Motivation • The best part of IP connectivity • You can send to any other host • The worst part of IP connectivity • Any host can send packets to you! Uh oh! Internet Introduction to Computer Networks 76

  19. Motivation (2) • Flooding a host with many packets can interfere with its IP connectivity • Host may become unresponsive • This is a form of denial-of-service (DoS) Uh oh Internet Hello? Introduction to Computer Networks 77

  20. Goal and Threat Model • Goal is for host to keep network connectivity for desired services • Threat is Trudy may overwhelm host with undesired traffic Hi! Hello! Ideal Internet Trudy Introduction to Computer Networks 78

  22. Internet Reality • DDoS is a huge problem today! • Github attack of 1tbps • There are no great solutions • CDNs, network traffic filtering, and best practices all help Introduction to Computer Networks 80

  23. Denial-of-Service • Denial-of-service means a system is made unavailable to intended users • Typically because its resources are consumed by attackers instead • In the network context: • “System” means server • “Resources” mean bandwidth (network) or CPU/memory (host) Introduction to Computer Networks 81

  24. Host Denial-of-Service • Strange packets can sap host resources! • “Ping of Death” malformed packet • “SYN flood” sends many TCP connect requests and never follows up • Few bad packets can overwhelm host XXX • Patches exist for these vulnerabilities • Read about “SYN cookies” for interest Introduction to Computer Networks 82

  25. Network Denial-of-Service • Network DOS needs many packets • To saturate network links • Causes high congestion/loss Access Link Uh oh • Helpful to have many attackers … or Distributed Denial-of-Service Introduction to Computer Networks 83

  26. Distributed Denial-of-Service (DDOS) • Botnet provides many attackers in the form of compromised hosts • Hosts send traffic flood to victim • Network saturates near victim Ouch L Victim Botnet Introduction to Computer Networks 84

  27. Complication: Spoofing • Attackers can falsify their IP address • Put fake source address on packets • Historically network doesn’t check • Hides location of the attackers • Called IP address spoofing I hate that Bob! From: “Bob” Ha ha! Trudy Alice Introduction to Computer Networks 85

  28. Spoofing (2) • Actually, it’s worse than that • Trudy can trick Bob into really sending packets to Alice • To do so, Trudy spoofs Alice to Bob Huh? 1: To Bob 2: To Alice From: “Alice” From Bob (reply) Trudy Alice Bob Introduction to Computer Networks 86

  29. Best Practice: Ingress Filtering • Idea: Validate the IP source address of packets at ISP boundary (Duh!) • Ingress filtering is a best practice, but deployment has been slow Nope, from Trudy Drat From: Bob Internet Trudy ISP boundary Introduction to Computer Networks 87

  30. Flooding Defenses 1. Increase network capacity around the server; harder to cause loss • Use a CDN for high peak capacity 2. Filter out attack traffic within the network (at routers) • The earlier the filtering, the better • Ultimately what is needed, but ad hoc measures by ISPs today Introduction to Computer Networks 88

  31. End-to-End principle

  32. End-to-end Principle • Broad networking principle • First implementation in French CYCLADES network (after ARPA) (1970) • Articulated in its most recognizable form by Saltzer, Reed, Clark (1981) • Guidance on placing functionality such as reliability, security, etc.—in network or at endpoints (hosts)? • Argues for endpoint placement

  33. Multiple interpretations of the principle • The network cannot be trusted. Do it yourself. • The network can suffer heavy damage • Nuclear attacks (but not DDoS attacks!) • Need end-to-end correctness anyway • Diminishing returns from in-network functionality • Not everyone needs it • Place functionality in the network only when necessary (e.g., for performance)

  34. E2E Example: Error-correcting codes IP: 802.11: Host detects Link detects errors errors

  35. E2E Example: ARQ TCP: 802.11: Host retransmits Link detects drops on failure and retransmits

  36. E2E Example: In-order delivery TCP: SS5: Host enforces in- Network enforces order delivery in-order delivery

  37. E2E Example: Security SSL: GSM: Host encrypts Network encrypts content content

  38. End-to-End limitations • Some functionality cannot be implemented at endpoints • NATs, DoS protection, … the principle is silent on these • Assumes a clear dividing line between network and endpoints • Reality of distributed applications (e.g., CDNs) is more complex • No guidance on how much functionality can go in the network for performance

Recommend

Memory Exploits & Defenses Presenter: Kevin Snow What is the threat? How do we defend

Memory Exploits & Defenses Presenter: Kevin Snow What is the threat? How do we defend

Memory Exploits & Defenses Presenter: Kevin Snow What is the threat? How do we defend ourselves? What is the threat? Stack Smashing Return-to-libc Format String Error Heap Overflow Generic Stack Frame Caller Callee Stack

1.12k views • 79 slides
What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS & Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides
Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go wrong on the web! Clients encounter malicious content Web servers are target of break-ins Fake content/servers trick users Data sent

446 views • 16 slides
Transferable Adversarial Examples: Insights, A9acks & Defenses June 12 th 2017 Florian

Transferable Adversarial Examples: Insights, A9acks & Defenses June 12 th 2017 Florian

Transferable Adversarial Examples: Insights, A9acks & Defenses June 12 th 2017 Florian Tramr Joint work with Alexey Kurakin, Nicolas Papernot, Ian Goodfellow, Dan Boneh & Patrick McDaniel Adversarial Examples Threat Model: White-Box

480 views • 27 slides
Topics 1 . Building national interest in threat assessm ent 2 . Virginia threat assessm ent m

Topics 1 . Building national interest in threat assessm ent 2 . Virginia threat assessm ent m

The Virginia Model of School Threat Assessment June 19, 2019 Dewey Cornell, Ph.D. The Virginia Model of School Threat Assessm ent Dewey Cornell, Ph.D. Curry School of Education University of Virginia 434-924-8929 Email:

299 views • 15 slides
Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and

Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and

Presenting a live 90 minute webinar with interactive Q&A Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and Contemporaneous Exchange Managing the Audit Process, Mitigating Regulatory Sanctions, and

893 views • 52 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat

Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat

Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat Model- Unencrypted SSID Hiding SSID - network name LoboGuest eduroam Default broadcast SSID SSID hiding do not broadcast SSID

552 views • 18 slides
Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure messages

736 views • 30 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview

Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview

Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview Goals and Big Ideas Threat Model Strengths Weaknesses Evaluation Attack Defenses Discussion Questions

240 views • 20 slides
Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be defined as: A person whose immediate activity can cause death and/or serious injury An active threat can involve a firearm or another

395 views • 15 slides
Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los Chief Security Evangelist HP Software Shane MacDougall Principal Tactical Intelligence Modern threat modeling is a defensive response to

783 views • 52 slides
The University of Texas Threat and Error Management Model: Components and Examples Robert L.

The University of Texas Threat and Error Management Model: Components and Examples Robert L.

The University of Texas Threat and Error Management Model: Components and Examples Robert L. Helmreich Ph.D. David M. Musson, M.D. Department of Psychology The University of Texas at Austin Published on the British Medical Journal Web Site

1.12k views • 52 slides
Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect Multi-phase approach Initially: create Cyber Domain PIM and S TIX PS M with UML Profile for NIEM Expand to other PS M, create Threat Meta

211 views • 10 slides
The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda

The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda

The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda Grses Motivation imec - ESAT/COSIC, KU Leuven Threat Modeling 1. Characterize the system 2. Identify the threats 3. Threat and Risk analysis

147 views • 12 slides
Threat Model at the County Level Eric L. Lazarus David L. Dill Jeremy Epstein Joseph Lorenzo

Threat Model at the County Level Eric L. Lazarus David L. Dill Jeremy Epstein Joseph Lorenzo

Applying a Reusable Election Threat Model at the County Level Eric L. Lazarus David L. Dill Jeremy Epstein Joseph Lorenzo Hall Motivation Legitimacy of government depends on trustworthy elections. Potential for undetected fraud

484 views • 19 slides
Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force Los Angeles RWQCB Presentation September 15, 2011 Prologue Low-Threat Policy: An Evolutionary Process STATE WATER RESOURCES CONTROL BOARD

528 views • 31 slides
Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3 Denial of Service Attack (DoS) 4 THREAT CATEGORY THREAT ACTION TYPE Malware/Badware Send data to the external entity/site, Trapdoor/Backdoor Entry,

719 views • 23 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

This time We will continue By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything youve always wanted to know about gdb but were too afraid to ask Overflow defenses Other memory

1.49k views • 117 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

This time We will continue By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything youve always wanted to know about gdb but were too afraid to ask Overflow defenses Other memory

1.23k views • 95 slides
Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1 Lecture Overview 1. Advanced MATE attacks models tools & techniques 2. Protected code comprehension processes 3. Advanced MATE defenses 4.

1.79k views • 114 slides
Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Introduction Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430) Inquisitive people, unintentional blunders Hackers driven by technical challenges Disgruntled employees or

357 views • 23 slides
How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR

How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR

How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR 2010 Introduction Cause Current threat around IEDs is continuously changing Little known about possible future threat Goal List

210 views • 16 slides

More recommend