systems security why is measurement important
play

Systems Security: Why is Measurement Important? Patrick Traynor - PowerPoint PPT Presentation


  1. �������฀฀���฀฀�������� ��������������฀�������� � � �������฀���฀��������฀��������฀������ ����������฀��฀��������฀�������฀���฀����������� ������������฀�����฀�����������฀����������฀����฀฀�� Systems Security: Why is Measurement Important? Patrick Traynor CSE 544 - Advanced Systems Security 1/23/07 CSE 545 - Professor Patrick McDaniel Page 1

  2. Scotland vs Security CSE 544 - Professor Patrick McDaniel Page 2

  3. Scotland vs Security CSE 544 - Professor Patrick McDaniel Page 2

  4. Scotland vs Security CSE 544 - Professor Patrick McDaniel Page 2

  5. Scotland vs Security CSE 544 - Professor Patrick McDaniel Page 2

  6. Scotland vs Security CSE 544 - Professor Patrick McDaniel Page 2

  7. The Importance of Measurement • Measurement is a critical step in the science of systems security. • It helps us understand the true nature of a system - how it looks, feels and operates. ‣ While mathematical modeling is important, our models typically fail to describe subtle interactions between components. • Measurement is about the difference between how a bowling ball and a feather fall from a great height in a lab and in the real world... CSE 544 - Professor Patrick McDaniel Page 3

  8. Engineering vs Science • What is the difference between engineering and science? • Why then is measurement a science and not simply part of engineering? • Measurement is at the very core of what we as systems people do! ‣ If you have not done a performance analysis, you should consider one as part of your semester project... CSE 544 - Professor Patrick McDaniel Page 4

  9. Restoring State • Traffic channels (TCH) ‣ used to deliver voice traffic to cell phones (yak yak ...) • Control Channel (CCH) ‣ used for signaling between base station and phones ‣ used to deliver SMS messages CCH • not originally designed for SMS TCH Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5

  10. The Vulnerability • Once you fill the SDCCH channels with SMS traffic, call setup is blocked Voice X SMS SMS SMS SMS SMS SMS SMS SMS • The goal of an adversary is therefore to fill SDCCHs with SMS traffic. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6

  11. Modeling • To better understand these attacks and countermeasures, we use two techniques: queueing and simulation. • We implemented protocols/channels as specified in 3GPP documents. • We use parameters from publicly available documents: 3GPP , FCC, NCS. Call Completion Service Queue and Module SMS Delivery Voice Message Service Queue SMS RACH SDCCH TCH Generation Manager Attack SMS Reporting Module Systems and Internet Infrastructure Security (SIIS) Laboratory Page 7

  12. Why Simulation? • Why are the calculations in the first paper not enough to characterize this attack? • Why is simulation the right tool for this job? • How can we be sure that the results we get are meaningful? • What other techniques could you use in your class projects? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 8

  13. Attack Profile 1 1.2 Uniform (SDCCH) SDCCH Utilization Poisson (SDCCH) TCH Utilization Burst 12 (SDCCH) Average Percent Blocking During Attack 1 0.8 0.8 0.6 Utilization 0.6 0.4 0.4 0.2 0.2 0 0 3 4 5 6 7 8 9 0 500 1000 1500 2000 2500 3000 3500 4000 Time (seconds) SMS Attack Messages per Second • Examined call blocking under uniform, Poisson and bursty arrival patterns. • Because of variability in the network, we use the Poisson model for our remaining experiments. • Using 495 msgs/sec, a blocking probability of 71% is possible with the bandwidth of a cable modem. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9

  14. Current Countermeasures • SPAM filtering, Source IP-address filtering and Rate limitation are edge solutions . • There are many portals to these networks - email, IM, bulk senders, infected/compromised mobile devices, other provider networks, etc. • Given that the solutions offer no protection once messages are inside the system, we look to other methods to defend against attacks. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 10

  15. Queue Management • Simply adding a queue in front of the SDCCHs is not a sufficient means of preventing this attack. • We look to queue management techniques that have been successful in data networks. • We segment traffic into voice and SMS streams, and attempt to deliver the maximum amount of legitimate traffic possible. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 11

  16. Weighted Fair Queueing • Traffic can be classified, split into separate queues and serviced at equal rates. • Packets belonging to misbehaving flows are therefore unable to affect other traffic. • To ensure that voice calls are not crowded out by targeted SMS attacks, we give 2:1 priority to calls over text messages. Finished 2 Finished 4 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 12

  17. WFQ - Overview SMS Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  18. WFQ - Overview SMS 4 4 2 2 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  19. WFQ - Overview SMS 4 4 2 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  20. WFQ - Overview SMS 4 4 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  21. WFQ - Overview SMS 4 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  22. WFQ - Overview SMS 4 2 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  23. WFQ - Overview SMS 4 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  24. WFQ - Overview SMS Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  25. WFQ - Results 1 1 SDCCH Service Queue (SMS) TCH Service Queue (Voice) Service Queue TCH (Voice) 0.8 0.8 Percent of Attempts Blocked 0.6 0.6 Utilization 0.4 0.4 0.2 0.2 0 0 0 500 1000 1500 2000 2500 3000 3500 4000 0 500 1000 1500 2000 2500 3000 3500 4000 Time (seconds) Time (seconds) • Under WFQ, voice calls never block. • 72% of all SMS messages are blocked. • We throw out huge numbers of both legitimate AND malicious packets. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 14

  26. Random Early Detection • RED has traditionally been used to maintain TCP window size, but it also helps prevent queue lockout. • We again separate traffic into voice and SMS, but further subdivide SMS into high, medium and low origin priorities. ρ N Q = P Q 1 − ρ P Q = p 0 ( m ρ ) m • Based on these priorities, we m !(1 − ρ ) evict newly arriving # − 1 " m − 1 ( m ρ ) n ( m ρ ) m packets based on X p 0 = + n ! m !(1 − ρ ) n =0 queue status. ρ target = ρ actual (1 − P drop ) P drop = P drop,high · λ high + P drop,med · λ med + P drop,low · λ low λ SMS Systems and Internet Infrastructure Security (SIIS) Laboratory Page 15

  27. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  28. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  29. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  30. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  31. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  32. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  33. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  34. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  35. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  36. WRED - Results 1 Service Queue (SMS - Priority 1) Service Queue (SMS - Priority 2) Service Queue (SMS - Priority 3) 0.8 Percent of Attempts Blocked 0.6 0.4 0.2 0 0 500 1000 1500 2000 2500 3000 3500 4000 Time (seconds) • Messages of high and medium-priority experience no blocking, but increased delay. • An average of 77% of low-priority messages are blocked. • This is a nice solution, assuming meaningful partitioning of flows. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 17

Recommend


More recommend