CS 4700 / CS 5700Network Fundamentals

Lecture 20: Attacks and Tinfoil Hats(Bleeding hearts and Spies)

Last updated 12/3/2014

2

Worms Basics Example worms

Botnets Basics Torpig – fast flux/phishing

Privacy Anonymous communication

Outline

Take network security next

semester!

Motivation

Internet currently used for important services Financial transactions, medical records

Increasingly used for critical services 911, surgical operations, water/electrical

system control, remote controlled drones, etc. Networks more open than ever before

Global, ubiquitous Internet, wireless Networks more surveiled than ever before

Snowden revelations, pervasive tracking companies

3

4

Security != Privacy

How much of your mobile data was over HTTPS? Do you think that keeps your data private?

Encryption protects from eavesdroppers Does not mean that your privacy isn’t violated Your data could still be shared insecurely in the

backend

Proxying+encryption hides senders from receivers Does not defend from pervasive observers

5

Snowden wants to communicate with Greenwald without Alexander finding out

Ed’s IP Glenn’s IP

6

The problem of IP anonymity

Client ServerVPN proxy

Proxies are single point of attack(rogue admin, break in, legal, etc)

7

Tor model (very simplified)

Bitwise unlinkability Use multiple hosts to form a “circuit” Use multiple layers of encryption, peel them off

as you go

Sender/receiver anonymity Only the first hop (entry node) of a circuit

knows the sender Only the last hop (exit node) of a circuit knows

the receiver In simple case, this property holds as long as

first and lost hop are not compromised

8

Proxy

Traffic analysisOnion routing (Tor)

Onion routing doesn’t resisttraffic analysis (well known)

9

Outline

1) Overview2) Design3) Evaluation4) Ongoing work

10

Anonymous Quanta (Aqua)

k-anonymity: Indistinguishable among k clients

BitTorrent Appropriate latency and bandwidth Many concurrent and correlated flows

11

Threat model

Global passive (traffic analysis) attack Active attack Edge mixes aren’t compromised

12

Padding

Constant rate (strawman)

Defeats traffic analysis, but overhead proportionalto peak link payload rate on fully connected network

13

Outline

1) Overview2) Design

Padding at the core Padding at the edges Bitwise unlinkability Receiver’s anonymity (active attacks)

3) Evaluation4) Ongoing work

14

Multipath

Multipath reduces thepeak link payload rate

Padding

15

Variable uniform rate

Reduces overhead by adapting tochanges in aggregate payload traffic

16

Outline

1) Overview2) Design

Padding at the core Padding at the edges Bitwise unlinkability Receiver’s anonymity (active attacks)

3) Evaluation4) Ongoing work

17

k-anonymity sets (ksets)

Send ksetRecv kset

Provide k-anonymity by ensuring correlatedrate changes on at least k client links

Padding

18

Forming efficient ksets

Epochs1 2 3

Peers

’ ra

tes

1

2

3

Are there temporal and spatialcorrelations among BitTorrent flows?

19

Outline

1) Overview2) Design

Padding at the core Padding at the edges Bitwise unlinkability Receiver’s anonymity (active attacks)

3) Evaluation4) Ongoing work

20

Methodology: Trace driven simulations

Month-long BitTorrent trace with 100,000 users 20 million flow samples per day 200 million traceroute measurements

Models of anonymity systems Constant-rate: Onion routing v2 Broadcast: P5, DC-Nets P2P: Tarzan Aqua

21

Overhead @ edges

Models

Overh

ead

Much better bandwidth efficiency

22

Throttling @ edges

Models

Th

rott

ling

Efficiently leveragescorrelations in BitTorrent flows

23

Ongoing work

Traffic-analysis resistant VoIP Requires low latency But also requires less bandwidth

New design Peers always send traffic Trusted mixes provide

anonymity Untrusted superpeers

provide scalability

Host Compromise

One of earliest major Internet security incidents Internet Worm (1988): compromised almost

every BSD-derived machine on Internet Today: estimated that a single worm could

compromise 10M hosts in < 5 min Attacker gains control of a host

Read data Erase data Compromise another host Launch denial-of-service attacks on another host

24

25

Privacy Anonymous communication

Network attacks Buffer overflow/Heartbleed

Outline

Host Compromise: Stack Overflow

Typical code has many bugs because those bugs are not triggered by common input

Network code is vulnerable because it accepts input from the network

Network code that runs with high privileges (i.e., as root) is especially dangerous E.g., web server

26

Example

What is wrong with this code?

// Copy a variable length user name from a packet

#define MAXNAMELEN 64

int offset = OFFSET_USERNAME;

char username[MAXNAMELEN];

int name_len;

name_len = packet[offset];

memcpy(&username, packet[offset + 1], name_len);

name_len name0 43

Packet

27

Example

void foo(packet) { #define MAXNAMELEN 64 int offset = OFFSET_USERNAME; char username[MAXNAMELEN]; int name_len;

name_len = packet[offset]; memcpy(&username, packet[offset + 1],name_len); …}

“foo” return address

char username[]

int offset

int name_len

Stack

X

X-4

X-8

X-72

X-76

28

name_len name0 43

Packet

Chri

sto

Wils

on

15

[Malicious assembly instructions]

72 (MAXNAMELEN + 8)

Address: X-72

29

Heartbleed Attack (April, 2014) Vulnerability in OpenSSL

Used by HTTPS, SSH, many others to encrypt communication

Heartbeat attack Message of form: “Here’s some data, echo it back

to me” Takes as input: Data and length (L), where L <=

64KB Echoes back a block of data L What’s the problem?

Send one byte, get 64KB of RAM! Private keys, passwords, etc have been leaked

30

As described by XKCD

31

As described by XKCD

32

As described by XKCD

33

As described by XKCD

34

As described by XKCD

35

As described by XKCD

36

Impact of bug

Every SSL site should have Patched code, revoked old certificates, reissued new

ones

What did they actually do? Most patched: only 6% vulnerable after 3 weeks Most did not reissue: 73% are using vulnerable certs Most did not revoke: 87% with valid vulnerable certs

(!!!!)

Why does this matter? Attackers can MITM any of these sites These attacks may last for years (due to cert. expiry)

37

Wrap up

Computer networks today are pervasive Layered design promotes flexibility, scalability Pinch points due to IPv4 exhaustion, middleboxes,

peering

Internet success largely due to variety of applications Messaging, VoIP, video streaming, games, … Key challenges are how to do them efficiently

Internet is constantly evolving Will SDNs usher in a new era of reliability/flexibility? Will everything be mobile? How do we secure our communication and data?

38

Questions?

39