Attacks Defenses EE 122 Intro to Communication Networks Fall 2006 MW 4 5 30 in Donner 155 Vern Paxson TAs Dilip Antony Joseph and Sukun Kim http inst eecs berkeley edu ee122 Materials with thanks to Jennifer Rexford Ion Stoica and colleagues at Princeton and UC Berkeley 1 Announcements No office hours this week Next week by appointment as I m giving a lecture on network security research next Weds Reminder particular topics for next Monday s lecture or for next Wednesday s review Guest lecture Weds Nov 29 Prof Ion Stoica 2 1 Goals of Today s Lecture Public Key Infrastructure PKI Putting it all together how does https work Attacks compromising systems Buffer overflows Logic errors Social engineering Automated attacks worms bots Attacks denial of service DoS Network layer DDoS Transport layer SYN flooding Application layer one defense CAPTCHAs 3 Public Key Infrastructure PKI Public key crypto is very powerful but the realities of distributing the public keys turn out to be quite hard PKI System managing public key distribution on a wide scale Trust distribution mechanism Confidentiality via Encryption Integrity via Digital Signatures Non Repudiation via Digital Signature Authentication via Digital Certificates 4 2 Managing Trust The most solid level of trust is rooted in our direct personal experience E g Alice s trust that Bob is who they say they are Clearly doesn t scale to a global network In its absence we rely on delegation Alice trusts Bob s identity because Charlie attests to it and Alice trusts Charlie 5 Managing Trust con t Trust is not particularly transitive Should Alice trust Bob because she trusts Charlie and Charlie vouches for Donna and Donna says Eve is trustworthy and Eve vouches for Bob s identity Two models of delegating trust Rely on your set of friends and their friends Web of trust e g PGP Rely on trusted well known authorities and their minions Trusted root e g HTTPS 6 3 PKI Conceptual Framework Trusted Root PKI Basis well known public key serves as root of a hierarchy Managed by a Certificate Authority CA To publish a public key ask the CA to digitally sign a statement indicating that they agree certify that it s indeed your key This is a certificate for your key certificate bunch of bits Includes both your public key and the signed statement Anyone can verify the signature Delegation of trust to the CA They d better not screw up duped into signing bogus key They d better have procedures for dealing with stolen keys Note can build up a hierarchy of signing 7 Components of a PKI 8 4 Digital Certificate Signed data structure that binds an entity with its corresponding public key Signed by a recognized and trusted authority i e Certification Authority CA Provide assurance that a particular public key belongs to a specific entity Example certificate of entity E E nameE Kepublic KCAprivate KCAprivate private key of Certificate Authority KEpublic public key of entity E Actually they ll sign whatever glob of bits you give them nameE name of entity E Your browser has a bunch of CAs wired into it 9 Certification Authority People processes responsible for creation delivery and management of digital certificates Organized in an hierarchy To verify signature chain follow hierarchy up to root Root CA CA 1 CA 2 10 5 Registration Authority People processes responsible for Authenticating the identity of new entities users or computing devices e g By phone or physical presence ID Issuing requests to CA for certificates The CA must trust the Registration Authority 11 Certificate Repository A database accessible to all users of a PKI Contains Digital certificates Policy information associated with certs Certificate revocation information Vital to be able to identify certs that have been compromised Usually done via a revocation list 12 6 Putting It All Together HTTPS What happens when you click on https www amazon com https Use HTTP over SSL TLS SSL Secure Socket Layer TLS Transport Layer Security Successor to SSL and compatible with it RFC 4346 Provides security layer authentication encryption on top of TCP Fairly transparent to the app 13 HTTPS Connection SSL TLS con t Browser client connects Browser via TCP to Amazon s HTTPS server Client sends over list of crypto protocols it supports Server picks protocols to use for this session Server sends over its certificate all of this is in the clear Amazon SYN CK SYN A ACK H e ll o T L S I su p p o S S L R S A A rt R S E A 3 S128 S DES M D H A 1 or 5 o r se HA1 Let s u S128 S SA A E R S L T t m y c er Here s ta of da 1 KB 14 7 Inside the Server s Certificate Name associated with cert e g Amazon Amazon s public key RSA exponent e modulus n A bunch of auxiliary info physical address type of cert expiration time See homework 4 URL to revocation center to check for revoked keys Name of certificate s signatory who signed it A public key signature of a hash MD5 of all this Constructed using the signatory s private RSA key 15 Validating Amazon s Identity Browser retrieves cert belonging to the signatory These are hardwired into the browser If it can t find the cert then warns the user that site has not been verified And may ask whether to continue Note can still proceed just without authentication Browser uses public key in signatory s cert to decrypt signature Compares with its own MD5 hash of Amazon s cert Assuming signature matches now have high confidence it s indeed Amazon assuming signatory is trustworthy 16 8 HTTPS Connection SSL TLS con t Browser constructs a random Browser session key K Browser encrypts K using Amazon s public key Browser sends E K n e to server K E g client can authenticate using a password what step is missing Here s m y c er t ta of da B K 1 E K n e Agreed Browser displays All subsequent communication encrypted w symmetric cipher e g AES128 using key K Amazon E pas sword onse E resp K K K 17 Host Compromise Tricking a host into executing on your behalf Can consider what is attacked server or client and the semantic level at which it is attacked Attacks on servers client sends subversive requests Happens at attacker s choosing Some hosts are servers unknowingly Attacks on clients server attacker waits for client to connect sends it a subversive reply E g drive by spyware E g recent study found 15 of popular KaZaA files infected by one of 52 different viruses 18 9 Semantic Level of Compromise E g buffer overflows Part of the request sent by the attacker too large to fit Large class of attacks with a variety
View Full Document
Unlocking...