Attacks NS-H0503-02/1104 1
advertisement
Attacks NS-H0503-02/1104 1 The Definition • Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable • Security rests on confidentiality, authenticity, integrity, and availability NS-H0503-02/1104 2 Security Goals Confidentiality Integrity NS-H0503-02/1104 Avaliability 3 Security Threats and Attacks • A threat is a potential violation of security. – Flaws in design, implementation, and operation. • An attack is any action that violates security. – Active adversary. • Common threats: – Snooping/eavesdropping, alteration, spoofing, repudiation of origin, denial of receipt, delay and denial of service. NS-H0503-02/1104 4 Types of Attacks Passive Threads Release of Message Contents NS-H0503-02/1104 Traffic Analysis Active Threads Masquerade Replay Modification of Message Contents Denial of Service 5 Attacks, Services and Mechanisms • Security Attack: – Any action that compromises the security of information. • Security Mechanism: – A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: – A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. NS-H0503-02/1104 6 Security Attacks • Interruption: – attack on availability • Interception: – attack on confidentiality • Modfication: – attack on integtrity • Fabrication: – attack on authenticity NS-H0503-02/1104 7 Security Attacks NS-H0503-02/1104 8 Eavesdropping - Message Interception Attack on Confidentiality • Unauthorized access to information • Packet sniffers and wiretappers • Illicit copying of data and programs S R Eavesdropper NS-H0503-02/1104 9 Tampering With Messages Integrity Attack • Stop the flow of the message • Delay and optionally modify the message • Release the message again S R Perpetrator NS-H0503-02/1104 10 Fabrication Authenticity Attack • Unauthorized assumption of other’s identity • Generate and distribute objects under this identity S R Masquerader: from S NS-H0503-02/1104 11 Attack on Availability • Destroy hardware (cutting fiber) or software • Modify software in a subtle way (alias commands) • Corrupt packets in transit S R • Blatant denial of service (DoS): – Crashing the server – Overwhelm the server (use up its resource) NS-H0503-02/1104 12 Threat Examples - IP Spoofing • A common first step to many threats. • Source IP address cannot be trusted! SRC: source DST: destination IP Header SRC: 128.59.10.8 DST: 130.207.7.237 NS-H0503-02/1104 IP Payload Is it really from Columbia University? 13 Routers Only Care About Destination 128.59.10.xx src:128.59.10.8 dst:130.207.7.237 Rtr Columbia 36.190.0.xx Stanford NS-H0503-02/1104 Rtr Rtr 130.207.xx.xx Georgia Tech src:128.59.10.8 dst:130.207.7.237 14 Why Should I Care? • Attack packets with spoofed IP address help hide the attacking source. • A smurf attack launched with your host IP address could bring your host and network to their knees. • Higher protocol layers (e.g., TCP) help to protect applications from direct harm, but not enough. NS-H0503-02/1104 15 Current IPv4 Infrastructure • No authentication for the source • Various approaches exist to address the problem: – Router/firewall filtering – TCP handshake NS-H0503-02/1104 16 Router Filtering • Decide whether this packet, with certain source IP address, should come from this side of network. • Not standard - local policy. Hey, you shouldn’t be here! 36.190.0.xx Stanford NS-H0503-02/1104 Rtr src:128.59.10.8 dst:130.207.7.237 17 Router Filtering • Very effective for some networks (ISP should always do that!) – At least be sure that this packet is from some particular subnet • Problems: – Hard to handle frequent add/delete hosts/subnets or mobileIP – Upsets customers should legitimate packets get discarded – Need to trust other routers NS-H0503-02/1104 18 TCP Handshake server client SYN seq=x SYN seq=y, ACK x+1 ACK y+1 connection established NS-H0503-02/1104 19 TCP Handshake 128.59.10.xx seq=y, ACK x+1 Rtr Columbia 36.190.0.xx Rtr Rtr x 130.207.xx.xx Georgia Tech The handshake prevents the attacker src:128.59.10.8 from establishing a TCP connection Stanford dst:130.207.7.237 pretending to be 128.59.10.8 NS-H0503-02/1104 20 TCP Handshake • Very effective for stopping most such attacks • Problems: – The attacker can succeed if “y” can be predicted – Other DoS attacks are still possible (e.g., TCP SYN-flood) NS-H0503-02/1104 21 IP Spoofing & SYN Flood X establishes a TCP connection with B assuming A’s IP address (4) SYN(seq=n)ACK(seq=m+1) A (2) predict B’s TCP seq. behavior B (3) X NS-H0503-02/1104 22 Vulnerability • A vulnerability (or security flaw) is a specific failure of the security controls. • Using the failure to violate the site security: exploiting the vulnerability; the person who does this: an attacker. • It can be due to: – Lapses in design, implementation, and operation procedures. – Even security algorithms/systems are not immune! • We will go over some examples in this course. NS-H0503-02/1104 23 IP Protocol-related Vulnerabilities • Authentication based on IP source address – But no effective mechanisms against IP spoofing • Consequences (possible exploits) – Denial of Service attacks on infrastructures, e.g. • IP Spoofing and SYN Flood • Smurf and Fraggle attacks • OSPF Max Sequence NS-H0503-02/1104 24 Methods of Defence • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls NS-H0503-02/1104 25 Impact of Attacks • Theft of confidential information • Unauthorized use of – Network bandwidth – Computing resource • Spread of false information • Disruption of legitimate services All attacks can be related and are dangerous! NS-H0503-02/1104 26 The Security Life Cycle • The iterations of – Threats – Policy – Specification – Design – Implementation – Operation and maintenance NS-H0503-02/1104 27
