cs 4700 / cs 5700 network fundamentals lecture 20: attacks and tinfoil hats (bleeding hearts and...
TRANSCRIPT
CS 4700 / CS 5700Network Fundamentals
Lecture 20: Attacks and Tinfoil Hats(Bleeding hearts and Spies)
Last updated 12/3/2014
2
Worms Basics Example worms
Botnets Basics Torpig – fast flux/phishing
Privacy Anonymous communication
Outline
Take network security next
semester!
Motivation
Internet currently used for important services Financial transactions, medical records
Increasingly used for critical services 911, surgical operations, water/electrical
system control, remote controlled drones, etc. Networks more open than ever before
Global, ubiquitous Internet, wireless Networks more surveiled than ever before
Snowden revelations, pervasive tracking companies
3
4
Security != Privacy
How much of your mobile data was over HTTPS? Do you think that keeps your data private?
Encryption protects from eavesdroppers Does not mean that your privacy isn’t violated Your data could still be shared insecurely in the
backend
Proxying+encryption hides senders from receivers Does not defend from pervasive observers
5
Snowden wants to communicate with Greenwald without Alexander finding out
Ed’s IP Glenn’s IP
6
The problem of IP anonymity
Client ServerVPN proxy
Proxies are single point of attack(rogue admin, break in, legal, etc)
7
Tor model (very simplified)
Bitwise unlinkability Use multiple hosts to form a “circuit” Use multiple layers of encryption, peel them off
as you go
Sender/receiver anonymity Only the first hop (entry node) of a circuit
knows the sender Only the last hop (exit node) of a circuit knows
the receiver In simple case, this property holds as long as
first and lost hop are not compromised
8
Proxy
Traffic analysisOnion routing (Tor)
Onion routing doesn’t resisttraffic analysis (well known)
9
Outline
1) Overview2) Design3) Evaluation4) Ongoing work
10
Anonymous Quanta (Aqua)
k-anonymity: Indistinguishable among k clients
BitTorrent Appropriate latency and bandwidth Many concurrent and correlated flows
11
Threat model
Global passive (traffic analysis) attack Active attack Edge mixes aren’t compromised
12
Padding
Constant rate (strawman)
Defeats traffic analysis, but overhead proportionalto peak link payload rate on fully connected network
13
Outline
1) Overview2) Design
Padding at the core Padding at the edges Bitwise unlinkability Receiver’s anonymity (active attacks)
3) Evaluation4) Ongoing work
14
Multipath
Multipath reduces thepeak link payload rate
Padding
15
Variable uniform rate
Reduces overhead by adapting tochanges in aggregate payload traffic
16
Outline
1) Overview2) Design
Padding at the core Padding at the edges Bitwise unlinkability Receiver’s anonymity (active attacks)
3) Evaluation4) Ongoing work
17
k-anonymity sets (ksets)
Send ksetRecv kset
Provide k-anonymity by ensuring correlatedrate changes on at least k client links
Padding
18
Forming efficient ksets
Epochs1 2 3
Peers
’ ra
tes
1
2
3
Are there temporal and spatialcorrelations among BitTorrent flows?
19
Outline
1) Overview2) Design
Padding at the core Padding at the edges Bitwise unlinkability Receiver’s anonymity (active attacks)
3) Evaluation4) Ongoing work
20
Methodology: Trace driven simulations
Month-long BitTorrent trace with 100,000 users 20 million flow samples per day 200 million traceroute measurements
Models of anonymity systems Constant-rate: Onion routing v2 Broadcast: P5, DC-Nets P2P: Tarzan Aqua
21
Overhead @ edges
Models
Overh
ead
Much better bandwidth efficiency
22
Throttling @ edges
Models
Th
rott
ling
Efficiently leveragescorrelations in BitTorrent flows
23
Ongoing work
Traffic-analysis resistant VoIP Requires low latency But also requires less bandwidth
New design Peers always send traffic Trusted mixes provide
anonymity Untrusted superpeers
provide scalability
Host Compromise
One of earliest major Internet security incidents Internet Worm (1988): compromised almost
every BSD-derived machine on Internet Today: estimated that a single worm could
compromise 10M hosts in < 5 min Attacker gains control of a host
Read data Erase data Compromise another host Launch denial-of-service attacks on another host
24
25
Privacy Anonymous communication
Network attacks Buffer overflow/Heartbleed
Outline
Host Compromise: Stack Overflow
Typical code has many bugs because those bugs are not triggered by common input
Network code is vulnerable because it accepts input from the network
Network code that runs with high privileges (i.e., as root) is especially dangerous E.g., web server
26
Example
What is wrong with this code?
// Copy a variable length user name from a packet
#define MAXNAMELEN 64
int offset = OFFSET_USERNAME;
char username[MAXNAMELEN];
int name_len;
name_len = packet[offset];
memcpy(&username, packet[offset + 1], name_len);
name_len name0 43
Packet
27
Example
void foo(packet) { #define MAXNAMELEN 64 int offset = OFFSET_USERNAME; char username[MAXNAMELEN]; int name_len;
name_len = packet[offset]; memcpy(&username, packet[offset + 1],name_len); …}
“foo” return address
char username[]
int offset
int name_len
Stack
X
X-4
X-8
X-72
X-76
28
name_len name0 43
Packet
Chri
sto
Wils
on
15
[Malicious assembly instructions]
72 (MAXNAMELEN + 8)
Address: X-72
29
Heartbleed Attack (April, 2014) Vulnerability in OpenSSL
Used by HTTPS, SSH, many others to encrypt communication
Heartbeat attack Message of form: “Here’s some data, echo it back
to me” Takes as input: Data and length (L), where L <=
64KB Echoes back a block of data L What’s the problem?
Send one byte, get 64KB of RAM! Private keys, passwords, etc have been leaked
30
As described by XKCD
31
As described by XKCD
32
As described by XKCD
33
As described by XKCD
34
As described by XKCD
35
As described by XKCD
36
Impact of bug
Every SSL site should have Patched code, revoked old certificates, reissued new
ones
What did they actually do? Most patched: only 6% vulnerable after 3 weeks Most did not reissue: 73% are using vulnerable certs Most did not revoke: 87% with valid vulnerable certs
(!!!!)
Why does this matter? Attackers can MITM any of these sites These attacks may last for years (due to cert. expiry)
37
Wrap up
Computer networks today are pervasive Layered design promotes flexibility, scalability Pinch points due to IPv4 exhaustion, middleboxes,
peering
Internet success largely due to variety of applications Messaging, VoIP, video streaming, games, … Key challenges are how to do them efficiently
Internet is constantly evolving Will SDNs usher in a new era of reliability/flexibility? Will everything be mobile? How do we secure our communication and data?
38
Questions?
39