security analysis of the micro transport protocol with a
play

Security Analysis of the Micro Transport Protocol with a Misbehaving - PowerPoint PPT Presentation

Jun 04, 2023 •163 likes •557 views

Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver Florian Adamsky, Syed Ali Khayam, Rudolf Jger and Muukrishnan Rajarajan The 4th

  1. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver Florian Adamsky, Syed Ali Khayam, Rudolf Jäger and Muukrishnan Rajarajan The 4th International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery 2012 B. Sc. Florian Adamsky | CyberC 2012 1 / 26 florian@adamsky.it http://florian.adamsky.it

  2. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver Contents 1 Introduction Background 2 Aack Details and Results Aack 1: Lying about the Delay Aack 2: Lazy Opt-Ack Aack 3: Opt-Ack 3 Countermeasures Randomly Skipped Packets 4 Conclusions B. Sc. Florian Adamsky | CyberC 2012 2 / 26

  3. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Introduction Contents 1 Introduction Background 2 Aack Details and Results Aack 1: Lying about the Delay Aack 2: Lazy Opt-Ack Aack 3: Opt-Ack 3 Countermeasures Randomly Skipped Packets 4 Conclusions B. Sc. Florian Adamsky | CyberC 2012 3 / 26

  4. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Introduction Introduction BitTorrent is the most widely used Peer-to-Peer (P2P) application Before December 2008, TCP was its default transfer protocol Since this date, uTorrent switched from TCP to the Micro Transport Protocol (uTP) which is based on UDP B. Sc. Florian Adamsky | CyberC 2012 4 / 26

  5. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Introduction | Background What’s the problem with TCP and BitTorrent? BitTorrent is in most cases background traffic BitTorrent uses multiple connection at once TCP distributes the available bandwidth evenly across connections The more connections one application uses, the larger the share of bandwidth Old Solution: Configure bandwidth limit Requires knowledge about the own Internet connection Oen lets big head room which is unused Bad configured BitTorrent client can harm other people in the network B. Sc. Florian Adamsky | CyberC 2012 5 / 26 ⇒ Novel transport protocol based on UDP: Micro Transport Protocol (uTP)

  6. e next Internet meltdown? http://www.theregister.co.uk/2008/12/01/richard_bennett_utorrent_udp/print.html

  7. Why the sky isn’t falling http: //arstechnica.com/old/content/2008/12/utorrents-switch-to-udp-and-why-the-sky-isnt-falling.ars

  8. uTP traffic . Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Introduction | Background .. B. Sc. Florian Adamsky | CyberC 2012 All Traffic (except uTP) . . . . Bandwidth . Time . . . Traffic . Micro Transport Protocol (uTP) . Scales beer when sending over many connections at once Detects foreground traffic and automatically slows down Advantages: SACK uses a 32 bitmask where each bit represents a packet Sequence numbers and ACKs refer to packets, not bytes Differences to TCP Sequence numbers and ACK numbers Window based flow control Similarities to TCP Transport (LEDBAT) Introduces a new congestion control: Low Extra Delay Background uTP is a reliable transport protocol which makes use of UDP 8 / 26 No congestion control (Slow-start, congestion avoidance, …) → LEDBAT

  9. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Introduction | Background .. B. Sc. Florian Adamsky | CyberC 2012 All Traffic (except uTP) . . . . Bandwidth . Time . . . Traffic . Micro Transport Protocol (uTP) Sequence numbers and ACK numbers uTP is a reliable transport protocol which makes use of UDP Introduces a new congestion control: Low Extra Delay Background Transport (LEDBAT) Similarities to TCP Window based flow control Differences to TCP . Sequence numbers and ACKs refer to packets, not bytes SACK uses a 32 bitmask where each bit represents a packet Advantages: Detects foreground traffic and automatically slows down Scales beer when sending over many connections at once 8 / 26 No congestion control (Slow-start, congestion avoidance, …) → LEDBAT uTP traffic .

  10. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Introduction | Background LEDBAT (Congestion Control) B. Sc. Florian Adamsky | CyberC 2012 IETF just tries to standardize LEDBAT (Dra 09³) ACKs during one window And also: . . 9 / 26 . . Receiver LEDBAT uses one way delay as the main congestion measurement . Will be compared with previous values (not absolute values) Sender . t [ s n d D a t a ] ∆ t = t rcv − t snd ∆ ] K C A [ t Packet loss (max_window = max_window × 0 . 78 ) ³ http://tools.ietf.org/id/draft-ietf-ledbat-congestion-09.txt

  11. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Aack Details and Results Contents 1 Introduction Background 2 Aack Details and Results Aack 1: Lying about the Delay Aack 2: Lazy Opt-Ack Aack 3: Opt-Ack 3 Countermeasures Randomly Skipped Packets 4 Conclusions B. Sc. Florian Adamsky | CyberC 2012 10 / 26

  12. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Aack Details and Results | Aack 1: Lying about the Delay Sender B. Sc. Florian Adamsky | CyberC 2012 . . Aack Idea 1 (Delay Measurement) . . 11 / 26 . . How to do that? more packets into the network .. Lying about the one way delay to induce the sender to send more and Idea . Aacker A t s n [ D d a t a ] ∆ t = 1 ms ∆ ] K C A [ t

  13. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Aack Details and Results | Aack 1: Lying about the Delay Delay Calucation B. Sc. Florian Adamsky | CyberC 2012 delay_factor delay_factor Code Snippet delay_factor 12 / 26 4 1 2 scaled_gain = MAX_CWND_INCREASE_PACKETS_PER_RTT * delay_factor * window_factor; max_window += scaled_gain; ⃗ 100 ms − min ( our _ hist ) = 100 ms 100 ms − 0 = 100 ms = 1

  14. Bandwidth Usage (100 MiB File Transfer) Time in Seconds . . . . . . . . . Packets per Second . . . Without Aack . . . Delay Aack . . . . . . . . . 6 , 000 5 , 000 4 , 000 3 , 000 2 , 000 1 , 000 0 . 0 20 40 60 80 100 120 140 160 180

  15. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Aack Details and Results | Aack 2: Lazy Opt-Ack Aack Idea 2 (Packet loss) .. Idea . We do not inform the sender about packet loss How to do that? As an aacker we’re not interested in data integrity Save all packets we got sequentially and not according to there sequence number B. Sc. Florian Adamsky | CyberC 2012 14 / 26

  16. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Aack Details and Results | Aack 2: Lazy Opt-Ack . . 0 . 0 . 1 . 1 . 3 2 Aack: Packet sorting sequentially . 3 . 4 . 5 . 6 . 4 B. Sc. Florian Adamsky | CyberC 2012 . 4 Aack Idea 2 2 Normal packet sorting . . 0 . 0 . 1 . 1 . . . Packet Loss . 3 . 3 . 4 . 5 . 6 15 / 26

  17. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Aack Details and Results | Aack 2: Lazy Opt-Ack . . 0 . 0 . 1 . 1 . 3 2 Aack: Packet sorting sequentially . 3 . 4 . 5 . 6 . 4 B. Sc. Florian Adamsky | CyberC 2012 . 4 Aack Idea 2 2 Normal packet sorting . . 0 . 0 . 1 . 1 . . . Packet Loss . 3 . 3 . 4 . 5 . 6 15 / 26

  18. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Aack Details and Results | Aack 2: Lazy Opt-Ack . . . . . Time in Seconds . Packets per Second . . . Without Aack . . Delay Aack . . Lazy Opt-Ack Aack B. Sc. Florian Adamsky | CyberC 2012 Bandwidth Usage with Loss Aack 16 / 26 . . . . . . . . . . . 6 , 000 4 , 000 2 , 000 0 . 0 20 40 60 80 100 120 140 160 180

  19. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Aack Details and Results | Aack 3: Opt-Ack Set all bits of the SACK bitmask to the value 1 B. Sc. Florian Adamsky | CyberC 2012 1 with this code 1 Aack Idea 3 (Selective Acknowledgment) Replace that code: Again: As an aacker we’re not interested in data interested How to do that? Pretend that we got all packets always via SACK . Idea .. 17 / 26 uint m = 0; // SACK bitmask uint m = UINT_MAX; // SACK bitmask

  20. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Aack Details and Results | Aack 3: Opt-Ack Without Aack . . . Time in Seconds . Packets per Second . . . . . . Delay Aack . . Lazy Opt-Ack Aack . . Opt-Ack Aack B. Sc. Florian Adamsky | CyberC 2012 Bandwidth Usage with SACK Aack 18 / 26 . . . . . . . . . . . . 6 , 000 4 , 000 2 , 000 0 . 0 20 40 60 80 100 120 140 160 180

  21. Bandwidth from all Aacks . . . . . . . . . Average Bandwidth Usage in Mbit/s . . . . Opt-ACK . . . . . . . 25 23 . 84 20 15 . 39 15 10 6 . 2 5 . 43 5 w/o Aack . Delay Aack . Lazy Opt-ACK .

  22. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver | Aack Details and Results | Aack 3: Opt-Ack Delay Aack B. Sc. Florian Adamsky | CyberC 2012 42 % Opt-Ack Aack 7 % Lazy Opt-Ack Aack 0 % 0 % Can we create Congestion? Without Aack Packet loss Client Results Parallel to this file transfer via uTP Constant 50 Mbit/s UDP stream with iPerf Congestion Experiment 20 / 26

Recommend

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

IN3210 Network Security Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals: Authentication Integrity Confidentiality Transparent security protocol between TCP and application

1k views • 66 slides
Automated Reasoning for Security Protocol Analysis The ASW Protocol Revisited: A Unified View

Automated Reasoning for Security Protocol Analysis The ASW Protocol Revisited: A Unified View

Automated Reasoning for Security Protocol Analysis The ASW Protocol Revisited: A Unified View Paul Hankes Drielsma and Sebastian M odersheim Information Security, ETH Zurich ARSPA Paul Hankes Drielsma 1 Introduction ASW: an

508 views • 14 slides
Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline

Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline

Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline TLS overview TLS Record Protocol Theory Attacks Security analysis TLS Handshake Protocol Security analysis Discussion 2

1.78k views • 173 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA IIT Delhi, Fall 2010 Lecture 1: WriCng Secure Web ApplicaCons

472 views • 25 slides
1 Roscoe 95, Schneider 96, Compositionality Language Approach Abadi-Gordon97

1 Roscoe 95, Schneider 96, Compositionality Language Approach Abadi-Gordon97

Probabilistic Polynomial-Time Standard analysis methods Process Calculus for Security Finite-state analysis Protocol Analysis Easier Dolev-Yao model Symbolic search of protocol runs Proofs of correctness in formal logic

258 views • 7 slides
OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte

OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte

GSM/3G security Implementing GSM protocols Security analysis Summary OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte gnumonks.org gpl-violations.org OpenBSC airprobe.org hmw-consulting.de SSTIC

1.16k views • 34 slides
1 The http protocol: more WWW: the http protocol http is stateless http: hypertext

1 The http protocol: more WWW: the http protocol http is stateless http: hypertext

Internet apps: their protocols and transport protocols Application Underlying layer protocol Application transport protocol e-mail smtp [RFC 821] World Wide Web TCP remote terminal access telnet [RFC 854] TCP Web http [RFC 2068] TCP

438 views • 5 slides
Internetworking Internetworking Address Resolution Protocol Address Resolution Protocol z

Internetworking Internetworking Address Resolution Protocol Address Resolution Protocol z

Internet Protocol Suite: Transport Internet Protocol Suite: Transport TCP: Transmission Control Protocol Byte stream transfer Internet Protocol Suite Internet Protocol Suite Reliable, connection-oriented service Point-to-point

374 views • 3 slides
Relating Strands and Multiset Rewriting For Security Protocol Analysis Iliano Cervesato Nancy

Relating Strands and Multiset Rewriting For Security Protocol Analysis Iliano Cervesato Nancy

Relating Strands and Multiset Rewriting For Security Protocol Analysis Iliano Cervesato Nancy Durgin, Patrick Lincoln John Mitchell, Andre Scedrov July 3 rd , 2000 CSFW-13 Cambridge, UK Representing Security Protocols Several recent

632 views • 38 slides
Trend Micro Security Development Lifecycle (ChiChang Kung) 2019-03 Agenda

Trend Micro Security Development Lifecycle (ChiChang Kung) 2019-03 Agenda

Trend Micro Security Development Lifecycle (ChiChang Kung) 2019-03 Agenda Introduction Security Development Lifecycle Threat Modeling and Security Design Static Source Code Analysis Software Build Security 3 rd

615 views • 15 slides
User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the

User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the

User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the Internet architecture Only adds demultiplexing capability to basic best-effort delivery provided by IP Needs to identify target process

834 views • 36 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA Karthikeyan.Bhargavan@inria.fr IIT Delhi, Fall 2010 Lecture 4: Security

348 views • 34 slides
Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce transactions supported by almost all browsers,

609 views • 21 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides
THE TRANSPORT LAYER Outline Transport layer in the Internet Multiplexing and

THE TRANSPORT LAYER Outline Transport layer in the Internet Multiplexing and

THE TRANSPORT LAYER Outline Transport layer in the Internet Multiplexing and demultiplexing UDP: User Datagram Protocol TCP: Transport Control Protocol General features TRANSPORT LAYER IN THE INTERNET In the

563 views • 29 slides
Extending Security Protocol Analysis : New Challenges Mike Bond, Jolyon Clulow {Mike.Bond,

Extending Security Protocol Analysis : New Challenges Mike Bond, Jolyon Clulow {Mike.Bond,

Extending Security Protocol Analysis : New Challenges Mike Bond, Jolyon Clulow {Mike.Bond, Jolyon.Clulow}@cl.cam.ac.uk Workshop on Automated Reasoning for Security Protocols Analysis (ARSPA 2004) 4 th July 2004 Outline An introduction to

764 views • 31 slides
Transport Protocols in the Internet Introduction to TCP TCP - Transmission Control Protocol

Transport Protocols in the Internet Introduction to TCP TCP - Transmission Control Protocol

IN2140: Introduction to Operating Systems and Data Communication Transport Protocols in the Internet Introduction to TCP TCP - Transmission Control Protocol TCP is the main transport protocol of the Internet TCP provides Reliable

154 views • 11 slides
TLS Record Protocol: Security Analysis and Defense-in-depth Countermeasures for HTTPS Olivier

TLS Record Protocol: Security Analysis and Defense-in-depth Countermeasures for HTTPS Olivier

TLS Record Protocol: Security Analysis and Defense-in-depth Countermeasures for HTTPS Olivier Levillain, Baptiste Gourdin, Herv Debar ANSSI, Sekoia, Tlcom SudParis ASIACCS 2015 Levillain, Gourdin, Debar (ASIACCS) TLS Record Protocol

793 views • 62 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA Karthikeyan.Bhargavan@inria.fr IIT Delhi, Fall 2010 Lecture 3: Coding

527 views • 36 slides
V2 MESSAGE TRANSPORT PROTOCOL V2 MESSAGE TRANSPORT PROTOCOL Jonas Schnelli - Breaking Bitcoin

V2 MESSAGE TRANSPORT PROTOCOL V2 MESSAGE TRANSPORT PROTOCOL Jonas Schnelli - Breaking Bitcoin

BIP324 Jonas Schnelli / dev@jonasschnelli.ch / Breaking Bitcoin 8th June 2019 PGP: CA1A2908DCE2F13074C62CDE1EB776BB03C7922D V2 MESSAGE TRANSPORT PROTOCOL V2 MESSAGE TRANSPORT PROTOCOL Jonas Schnelli - Breaking Bitcoin 2019 Goals of the v2

620 views • 43 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA Karthikeyan.Bhargavan@inria.fr IIT Delhi, Fall 2010 Lecture 7: Using

393 views • 38 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA Karthikeyan.Bhargavan@inria.fr IIT Delhi, Fall 2010 Lecture 2: A

530 views • 41 slides
Transport Layer Security Chester Rebeiro IIT Madras Some of the slides borrowed from the book

Transport Layer Security Chester Rebeiro IIT Madras Some of the slides borrowed from the book

Transport Layer Security Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du TLS: Protocol to achieve secure communication TLS provides secure communication channel

834 views • 66 slides
SCTP: An innovative transport layer protocol for the web (Position paper) P. Natarajan, J.

SCTP: An innovative transport layer protocol for the web (Position paper) P. Natarajan, J.

SCTP: An innovative transport layer protocol for the web (Position paper) P. Natarajan, J. Iyengar, P. Amer, & R. Stewart 1 HTTP over TCP Transmission Control Protocol (TCP) has been the default transport for HTTP. HTTP/TCP

216 views • 21 slides

More recommend