security of cpe management protocols
play

Security of CPE Management Protocols Patrick Sattler, B. Sc. - PowerPoint PPT Presentation

Feb 16, 2024 •188 likes •437 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Security of CPE Management Protocols Patrick Sattler, B. Sc. Advisor: Oliver Gasser, M. Sc. April 20, 2017 Chair of Network Architectures and

  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Security of CPE Management Protocols Patrick Sattler, B. Sc. Advisor: Oliver Gasser, M. Sc. April 20, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

  2. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Contents Motivation Network Management Protocols TR-069 Architecture and Specification Threat Model Known Attacks and Incidents Bibliography P . Sattler – Security of CPE Management Protocols 2

  3. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Motivation • Easy remote configuration • ISPs use these protocols for CPEs • Little research on its security • Recent discovered vulnerabilities • DTAG incident P . Sattler – Security of CPE Management Protocols 3

  4. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Network Management Protocols Main Functionalities • Configuration Management • Performance Management • Fault Management • Security Management • Accounting Management P . Sattler – Security of CPE Management Protocols 4

  5. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Network Management Protocols • Simple Network Management Protocol • v1 published in 1988 (RFC 1067) • De-facto standard for LAN network management • Only v3 provides optional secure communication and authentication • Transport protocol: UDP • Common Management Information Protocol (CMIP) • Alternative to SNMP • Standardized in 1991; Predecessor of TR-069 • TR-069 — CPE WAN Management Protocol (CWMP) • Specified in TR-069 [1] by the Broadband Forum • De-facto standard for ISPs network management • Transport protocol: TCP • SSL/TLS is optional, authentication is required • RPC with SOAP over HTTP P . Sattler – Security of CPE Management Protocols 5

  6. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Network Management Protocols • NETCONF • Standard proposed by IETF in 2006 (RFC 4741) • RPC with XML (YANG) over TLS/SSH • Secure communication is required • Any connection oriented protocol allowed • RESTCONF • Successor of NETCONF • Uses RESTful paradigms • RPC with JSON (YANG) over HTTP over TLS P . Sattler – Security of CPE Management Protocols 6

  7. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Why focus on TR-069? • 2nd most open port: TCP/7547 (TR-069 default port) [2] • 46M IP addresses at last scan (April 5th, 2017) • Few research available [3] P . Sattler – Security of CPE Management Protocols 7

  8. Chair of Network Architectures and Services Department of Informatics Technical University of Munich TR-069 Protocol Stack RPC SOAP HTTP SSL/TLS SSL/TLS TCP/IP Figure 1: TR-069 Protocol Stack P . Sattler – Security of CPE Management Protocols 8

  9. Chair of Network Architectures and Services Department of Informatics Technical University of Munich TR-069 Architecture • Auto-Configuration Server (ACS) → the Controller • Normally one per provider • Gets configuration and commands from other infrastructure • CPEs → the managed devices • Either preconfigured ACS URLs or ACS discovery • CPE initiates all sessions to ACS • ACS can trigger session initiation (Connection Request) P . Sattler – Security of CPE Management Protocols 9

  10. Chair of Network Architectures and Services Department of Informatics Technical University of Munich TR-069 Architecture Different Databases e.g. Policy, Billing, ... CPE 
 Management Manged LAN devices ACS CPE Call Center P . Sattler – Security of CPE Management Protocols 10

  11. Chair of Network Architectures and Services Department of Informatics Technical University of Munich TR-069 Functionalities • Discover all available device functions (RPC calls) • Get and Set configuration data ( e.g., provisioning) • Get devices status data • Perform measurement and diagnosis • Download and update Soft-Firmware P . Sattler – Security of CPE Management Protocols 11

  12. Chair of Network Architectures and Services Department of Informatics Technical University of Munich TR-069 Session CPE ACS establish TCP Connection optional SSL handshake Inform Request HTTP POST Inform Response HTTP Response Empty Request HTTP POST Get/Set Values Request HTTP Response Get/Set Values Response HTTP POST Empty Response HTTP Response Connection Teardown Figure 3: A session example for TR-069 P . Sattler – Security of CPE Management Protocols 12

  13. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Threat Model • SSL/TLS • Usage of SSL/TLS is only suggested • TLS 1.2 is suggested for TR-069 1.4 • SSL 3.0 and TLS 1.0 support is required • SSL/TLS downgrade required (SCSV was standardized only in 2015) • Without TLS: • No confidentiality, authenticity, and data integrity • Every message can be eavesdropped, forged, modified, and re- played P . Sattler – Security of CPE Management Protocols 13

  14. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Threat Model • Mandatory to support old protocol versions (all back to 1.0 from 2006) • No checksum control for downloads (also firmware updates!) • Download server could be compromised • DNS hijacking to point to the attacker’s server • ACS is single point of failure P . Sattler – Security of CPE Management Protocols 14

  15. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Known Attacks ACS vulnerabilities • Exploit ACS = ISP fleet takeover • Tal et al. [3] graded ACS vendors age as from the 90s • Analyzed OpenACS ( Java ) and GenieACS ( node.js ) • RCE on both after 3 day analysis • Authentication bypass, SQL injection, RCE, and DoS vulnerability on ACS from undisclosed vendor • Proof of concept on real providers ACS with 500k connected de- vices P . Sattler – Security of CPE Management Protocols 15

  16. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Known Attacks CPE vulnerabilities • Attack SOHO router from LAN to change ACS • Tal et al. [5] presented three vulnerabilities at 31c3 (2014) • TR-069 runs a HTTP Server on 7547 for Connection Requests • 52% use RomPager as HTTP Server • 97% of them have version 4.07 (from 2002) • Zynos from ZyXEL includes RomPager 4.07 P . Sattler – Security of CPE Management Protocols 16

  17. Chair of Network Architectures and Services Department of Informatics Technical University of Munich RomPager 4.07 Vulnerabilities • Overflowing HTTP digest authentication username • Overwrite function pointer (RCE) • Memory mapping is to diverse for large scale attacks • Three concurrent requests overwrite the HTTP handler structure • RCE vulnerability • Works only on port 80 (not relevant for TR-069) • Misfortune Cookie [6] P . Sattler – Security of CPE Management Protocols 17

  18. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Misfortune Cookie • Zynos has no dynamic memory allocation • RomPager allocates an array with length 10 for cookies • Cookies are named C0, C1, . . . , C9 • Searches for an initial capital “C” • Rest of the name is index of array • Enables writing relative from a fixed point (RCE) • Worked on any model from any brand • Fixed version was provided in 2005 (9 years earlier than the re- search!) P . Sattler – Security of CPE Management Protocols 18

  19. Chair of Network Architectures and Services Department of Informatics Technical University of Munich DTAG incident • November 28 - 29: outage of 900k Speedport routers [7] • Mirai botnet targeted a vulnerability in TR-064 [8] • Uses the same TCP port as TR-069 • Command injection vulnerability in NTP field • Routers from Irish provider were vulnerable • Some assumed a bug in the attacker’s code [9] P . Sattler – Security of CPE Management Protocols 19

  20. Chair of Network Architectures and Services Department of Informatics Technical University of Munich DTAG incident • Weinmann found a DoS vulnerability to be responsible [7] • DTAGs short term solution was blocking port 7547 • Speedport routers were not vulnerable against NTP vulnerability • Weinmann found also other vulnerabilities in TR-069 (not disclosed) • DTAG claims that TR-069 is secure amongst others because of a device dependent password [10] • Still they parsed requests from other sources than the configured ACS P . Sattler – Security of CPE Management Protocols 20

  21. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Conclusion • ISPs and Router manufactures do not take security seriously [11] • Routers vulnerable to Misfortune Cookie still in 2016 [12] • TR-069 should be more protected (with firewalls, ACLs, or VLANs) • ISPs need to take responsibility • More research into TR-069s security needed P . Sattler – Security of CPE Management Protocols 21

Recommend

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography and system mechanisms meet They allow trust to be taken from where it exists to where it s needed But they are

941 views • 67 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval, Steve Kremer, Itsaka Rakotonirina Inria Nancy Grand-Est Security protocols TLS Wifi @ PASS E-voting E-passport 2 24 Security protocols

830 views • 69 slides
Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography Reading Group Presenter: C t lin Hri cu References Verified Interoperable Implementations of Security Protocols. Karthikeyan Bhargavan,

922 views • 70 slides
4 Application Layer Protocols Device Management Protocols Application layer protocols offering

4 Application Layer Protocols Device Management Protocols Application layer protocols offering

EPFL, Spring 2017 4 Application Layer Protocols Device Management Protocols Application layer protocols offering remote services for large networks of devices: - Monitoring (health of devices and network, get current state) - Management

1.31k views • 93 slides
Security protocols, crypto etc Computer Science Tripos part 2 Steven J. Murdoch Slides

Security protocols, crypto etc Computer Science Tripos part 2 Steven J. Murdoch Slides

Security protocols, crypto etc Computer Science Tripos part 2 Steven J. Murdoch Slides originally by Ross Anderson Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography

1.47k views • 118 slides
Outline Security Protocols Societal issues and cryptography CS 239 Key recovery

Outline Security Protocols Societal issues and cryptography CS 239 Key recovery

Outline Security Protocols Societal issues and cryptography CS 239 Key recovery cryptosystems Computer Security Designing secure protocols February 10, 2003 Basic protocols Key exchange Lecture 8 Lecture 8 Page 1 Page

148 views • 10 slides
Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
Human Errors in Security Protocols David Basin joint work with Sa a Radomirovi and Lara

Human Errors in Security Protocols David Basin joint work with Sa a Radomirovi and Lara

Human Errors in Security Protocols David Basin joint work with Sa a Radomirovi and Lara Schmid Institute of Information Security Recap Security Protocols We have defined the Dolev-Yao adversary communicating agents that follow a

618 views • 51 slides
Security in in Security 802.11 Data Link Link Protocols Protocols 802.11 Data Gianluca Dini

Security in in Security 802.11 Data Link Link Protocols Protocols 802.11 Data Gianluca Dini

Security in in Security 802.11 Data Link Link Protocols Protocols 802.11 Data Gianluca Dini Gianluca Dini Dept. of Ingegneria dellInformazione University of Pisa, Italy Via Diotisalvi 2, 56100 Pisa gianluca.dini@ing.unipi.it If you

467 views • 35 slides
Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security Symposium, 2008 Many Protocols Authentication and key exchange SSL/TLS, Kerberos, IKE, JFK, IKEv2, Wireless and mobile computing Mobile IP, WEP,

959 views • 71 slides
Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives Discuss the complexities in mitigating security bugs occurring in network protocols. Describe some current issues. Leave time for Q&A.

631 views • 50 slides
Proving Properties of Security Protocols by Induction Lawrence C. Paulson Computer Laboratory

Proving Properties of Security Protocols by Induction Lawrence C. Paulson Computer Laboratory

Proving Security Protocols 1 L. C. Paulson Proving Properties of Security Protocols by Induction Lawrence C. Paulson Computer Laboratory University of Cambridge Proving Security Protocols 2 L. C. Paulson Cryptographic Protocol Analysis

389 views • 24 slides
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined

989 views • 73 slides
Real-World Protocols Prof. Tom Austin San Jos State University Real-World Protocols Next,

Real-World Protocols Prof. Tom Austin San Jos State University Real-World Protocols Next,

CS 166: Information Security Real-World Protocols Prof. Tom Austin San Jos State University Real-World Protocols Next, we look at real protocols SSH a simple & useful security protocol SSL practical security on the Web

1.27k views • 112 slides
Mathy Vanhoef Public PhD Defense A Security Analysis of the WPA- TKIP and TLS Security Protocols

Mathy Vanhoef Public PhD Defense A Security Analysis of the WPA- TKIP and TLS Security Protocols

Mathy Vanhoef Public PhD Defense A Security Analysis of the WPA- TKIP and TLS Security Protocols Data handled by computers: Banking details Emails Messaging Adult websites Private files Mobile devices 2 Goal of dissertation Is the

758 views • 51 slides
Modeling and verification of security protocols Part I: Basics of cryptography and introduction to

Modeling and verification of security protocols Part I: Basics of cryptography and introduction to

Modeling and verification of security protocols Part I: Basics of cryptography and introduction to security protocols Dresden University of Technology Martin Pitt martin@piware.de Paper and slides available at http://www.piware.de/docs.shtml

549 views • 33 slides
Verification of Security Protocols eronique Cortier 1 V July 2nd, 2010 Movep 2010 1 LORIA,

Verification of Security Protocols eronique Cortier 1 V July 2nd, 2010 Movep 2010 1 LORIA,

Introduction on security protocols Formal models Going further Towards more guarantees Verification of Security Protocols eronique Cortier 1 V July 2nd, 2010 Movep 2010 1 LORIA, CNRS - INRIA Cassis project, Nancy Universities 1/102 V

2.12k views • 160 slides
Verification of Security Protocols Part I eronique Cortier 1 V September, 2010 Fosad 2010 1

Verification of Security Protocols Part I eronique Cortier 1 V September, 2010 Fosad 2010 1

Introduction on security protocols Formal models Unbounded number of sessions Verification of Security Protocols Part I eronique Cortier 1 V September, 2010 Fosad 2010 1 LORIA, CNRS 1/65 V eronique Cortier Verification of Security

1.29k views • 111 slides
23-04-18 Advanced Network Security 3. Agreement and consensus I: concepts and protocols for

23-04-18 Advanced Network Security 3. Agreement and consensus I: concepts and protocols for

23-04-18 Advanced Network Security 3. Agreement and consensus I: concepts and protocols for crash failures Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh

115 views • 8 slides
Security protocols: formal models and verification Sergiu Bursuc School of Computer Science,

Security protocols: formal models and verification Sergiu Bursuc School of Computer Science,

Security protocols: formal models and verification Sergiu Bursuc School of Computer Science, University of Bristol Finse Winter School, 7 May 2015 Security protocols: roles and goals Roles: P 1 , . . . , P n (e.g. clients, servers, devices,

1.43k views • 127 slides
Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides
Outline More Security Protocols Combining key distribution and authentication CS 239

Outline More Security Protocols Combining key distribution and authentication CS 239

Outline More Security Protocols Combining key distribution and authentication CS 239 Verifying security protocols Computer Security February 4, 2004 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2004 CS 239, Winter 2004

297 views • 11 slides

More recommend