CSC474 Exam 2

Proxy Firewalls

-Acts as an intermediary between in-house clients and servers on the internet. -They are stateful, so they can analyze incoming traffic at a deeper level (possibly with deep packet inspection) looking for signs of attack. -Receives, interprets, and reinitiates communication (in an application context) -Proxies are good for complex state (in applications), but are slower than transparent firewalls. -If using a proxy for privacy, web servers only see your requests from the proxy, they don't see you.

How RPKI works

-Addresses: "Should this AS originate a prefix?" → Closer to the root problem of prefix hijacking -Places a root of trust at Regional Internet Registries (people that assign IP addresses) -RIRs issue certs to ISPs, ISPs issue certs to customers -RIRs sign ROAs that say "I am this AS, I originate this route" -When a router receives a new route/new origin, they can check it by referencing the ROAs → Uses cryptography for origin validation

BGP Attack: Path Forgery

-Attack based using on route advertisements. Attack: Adversary announces that they have a path to important IP address(es) so traffic is routed through them -Allows for traffic analysis, dropping traffic, rerouting traffic

BGP Prominent Security Incident: AS 7007

-Happened because of Sub-Prefix Hijacking (mechanism). -Leaked a bunch of routes with /24 prefixes (most specific), routers preferred the leaked routes, creating a routing black hole

BGP Prominent Security Incident: Pakistan Telecom

-Pakistan tried to block any traffic from Pakistan to YouTube via black holing anything to Youtube's IP addresses -Problem is they started announcing the black hole route to the rest of the internet → Fastest route appeared to be through the black hole route, bringing all youtube traffic down.

How BGP Works

-Routes info at the autonomous system level (doesn't care about what happens in the ASes). -Determines which ASes to route through to destination -BGP Messages: Origin announcements, Route advertisements, Route withdrawal -Border routers continually update routing tables to store all this info so they can always know the "best path"

Issues with Firewalls

-Rules are hard to write, and can get complex -General configuration and maintenance of firewalls is hard. -Network perimeters are not as clear as they used to be because internet-enabled devices are much more mobile. -Often seen by non-security personnel as impediment -Good policies still can't stop all attacks -A lot of network traffic is now transmitted over HTTP possibly as a consequence of firewalls → Ex: Not having to get firewall permission for an application to work if it just uses HTTP

BGP Attack: Sub-Prefix Hijacking

-Works because of Longest-Prefix Matching where smaller, more specific routes are preferred → Attacker advertises more specific path (Ex: 12.10.8.0/24 is preferred over 12.10.8.0/8) Attack: Adversary will advertise a more specific path to control traffic. More dangerous bc the route gets preferred everytime vs. in prefix hijacking where the route gets preferred only by nearby ASes

Simple SSL with Client Authentication

1. Client sends Server the client cert, server verifies cert. 2. Client signs a keyed hash of the handshake messages with client private key. Why? Because server can verify the signature using client public key.

Simple SSL Process

1. Client → Hello, List of Supported Ciphers, R-client → Server 2. Client ← Hello, Chosen Cipher, Certificate, R-Server ← Server Client chooses random S (pre-master secret), checks Server Cert 3. Client → E(K+Server, S), {Hash of handshake messages under Key K} → Server Server decrypts with its private key to get S, computes K (master secret) 4. Client ← {Hash of handshake messages under Key K} ← Server Client computes K, hashes handshake messages, compares hash to hash sent by Server, now Server is authenticated 5. Client ← Secure Channel → Server 6. Client ← Hey I'm Done → Server

Common implementation techniques for VPNs (2)

1. Client-to-gateway: Connect a single host into your own network as if it was physically connected. Host connects to VPN gateway, gateway forwards host traffic to destination in the network. 2. Gateway-to-gateway: Connect another network into your own network as if it was physically connected. VPNs can't just be bolted onto IP, have to build protocols on top of IP --> VPN Tunneling

3 ways to do authentication on the web

1. HTTP Basic - Authenticates client 2. HTTP Digest - Authenticates client 3. SSL / TLS - Authenticates server, can also do mutual authentication (client and server)

What are the two kinds of Internet Routing

1. Intra-Domain (Internal), Uses OSPF primarily 2. Inter-Domain (External), Uses BGP

Principle Security Problems with BGP

1. No authentication on BGP messages (origin announcements, route advertisements, route withdrawals). Anyone can: claim any path, claim any origin, can inject traffic 2. Prefix Hijacking: No authentication → Attacker can claim to originate a known prefix -Sub-Prefix Hijacking: Works because of Longest-Prefix Matching where smaller, more specific routes are preferred → Attacker advertises more specific path

Issues with biometric authenticators

1. Revocation (can't just get a new fingerprint if your fingerprints "data" is compromised) 2. "Fuzzy" credentials - Ex: Face changes based on mood 3. Easily spoofed (especially voice) 4. Great for physical security, hard to use for online systems

3 Security Guarantees provided by TLS

1. Server authentication (requires certificate infrastructure) 2. Session Key Establishment → Gives confidentiality, authentication, and integrity 3. It's a built-in functionality → Integrated into browsers, browsers have set of trusted root CA certs

Other BGP Attacks (2)

1. Taking control of a router (Ex: Via software, buffer overflow, ...) 2. Physical destruction of router

Basic Idea of SSL / TLS

A program can replace socket creation code with a "secure socket" API call to get authentication, confidentiality and integrity

What is ARP + ARP Spoofing

ARP: Given an IP, get MAC address (for communicating on LAN) 1. Alice broadcasts on LAN: Who has 10.0.0.2? 2. Bob responds: I do, My MAC address is ... Attack: Each ARP response overwrites previous in ARP table, just forge an ARP response and claim to be Bob. Can eavesdrop on ethernet connection, modify data, drop the data (causing DoS) Defenses: 1. Switches assign MAC addresses to ports (most common) 2. Smart switches remember MAC addresses 3. Software Defined Networking (SDN) controllers: Runs on a server and tells switches where to send packets

BGP Prominent Security Incident: Rostelecom

Accidental misconfiguration messed up IP addresses for Western financial institutions.

What is the Cipher Downgrade Attack? (on TLS/SSL)

Active adversary can select the cipher suites supported by client because that negotiation is in plaintext → Adversary forces server to choose weak cipher Problem: Server depended on unauthenticated client/server hello for cipher suite negotiation Solution: Go back and authenticate that stuff later via the keyed hash of previous messages → If unauthenticated messages were changed in transit, the client and server's hashes won't match.

Stateful Firewalls - Advantages and Disadvantages

Advantages: 1. More simple rule specification 2. More secure 3. Can handle FTP (not always) Disadvantages: Slower processing of packets

What are the advantages of HTTP Digest over HTTP Basic? What security issues does HTTP Digest have?

Advantages: 1. Password not transmitted in cleartext. 2. Cleartext password not stored on server, server just stores H(name | realm | password). 3. Replay attacks are harder. 4. An intercepted response is only valid for a single URL because the hashed request is part of response. Security Issues: Vulnerable to MitM attacks The document/page itself sent in plaintext (can be sniffed)

Stateless Firewalls - Advantages and Disadvantages

Advantages: Faster processing of packets Disadvantages: 1. More complex rule specification 2. Less secure (Ex: ACK scanning, no state stored so you don't know to deny ACK packets that aren't part of a TCP session) 3. Difficulty handling multi-port protocols (ex: FTP)

BGP Attack: Prefix Hijacking

An attacker can claim to originate a known prefix. The fake route propagates up bc nearby ASes talk to each other and decide the fake route is best → All the traffic for the prefix is routed to the bad router and the pipeline gets clogged

What are Transparent Firewalls?

Appears as single router (network), you never interact with it. Good for speed (sometimes routers use these bc they are fast)

What are Offline Bruteforce Password Attacks? Is it faster than Online Bruteforce Password Attacks?

Attacker steals stored password (in the form of a hash) → Attack computes the stored value of password (the hash) and compares with the stolen stored password. Yes, Offline Bruteforce Password Attacks are significantly faster than Online.

Types of Authentication Protocols + Typical Threat Model

Authentication can provide single (client/server) or mutual authentication (both). Authentication may be based on: Shared secret (symmetric key, password, ...) or Public Key(s) Typical Threat Model: Adversary can read, modify, fabricate, drop any message. Can't break crypto (aka assume good crypto). Can do multiple runs of a protocol simultaneously. Can exploit weaknesses in protocols/systems.

RPKI Benefits and Challenges

Benefits: -Offline cryptography (verify updates once per day) -Protection from hijacks Challenges: -RPKI takedowns and misconfigurations -Does not work for route leaks or path shortening attacks

What is HTTP Basic Authentication? Security issues?

Browser → GET page → Server Browser ← 401 Unauthorized, Request credentials ← Server Browser → GET page, Send credentials → Server Browser ← Send page ← Server Issues: Credentials are base64 encoded (trivial to steal). No server authentication.

What is HTTP Digest Authentication? What is the challenge/response?

Browser → GET page → Server Browser ← 401 Unauthorized, Request credentials, Nonce ← Server Browser → GET page, Nonce, Response→ Server Browser ← Send page ← Server Challenge is the request of credentials and sending the nonce (nonce used for freshness, prevent replay attacks) Reponse = H( H(name | realm | password) | nonce | H(request) )

Password Storage

Can't store unencrypted passwords because compromised file system = compromised passwords. Solution: Store hash of passwords Better Solution: Store [salt, h(salt | password)] --> An attacker stealing the password DB can't bring a dictionary of hashed passwords, can't easily determine if two users have the same password, and must attempt to break each password individually

What is a firewall? Goals of firewalls?

Computer that sits b/t your internal network and the rest of the network, attempts to prevent bad things without preventing good things Goals: Limit exposure to attacks, acts a choke point for all activity in and out of the network

Three Jobs of TCP

Congestion Control, Reliably send packets, Flow control

What are Credentials? What the 3 types of Credentials?

Credentials are a proof of identity. 1. Something you know 2. Something you have (bearer-authenticators) 3. Something you are (biometric-authenticators)

BGP Attack: Link Cuttng

Cutting all links or certain links (through DoS attacks or physically) to deny service or to force traffic into a desired pattern.

TLS Key Exchange Method: Anonymous Diffie-Hellman

DH public keys with no authentication, never used In the two other DH methods, the public keys are authenticated in some way (via server cert for fixed DH, via RSA key for Ephemeral DH)

Attacks that circumvent SSL and/or TLS

Downgrade attacks: Cipher downgrade, Logjam attack Cross-protocol attacks BEAST attacks CRIME and BREACH attack

TCP Three-way Handshake + 3 things about it

Each party selects Initial Sequence Number (ISN) 1. Alice → Syn(ISN-a) → Bob 2. Alice ← Syn(ISN-b), Ack(ISN-a) ← Bob 3. Alice → Ack(ISN-b) → Bob 1. Shows both parties can send and receive data. 2. Kind of stops forgery. If Mallory tries to impersonate Alice, Mallory runs into a problem because Syn(ISN-b) in step 2 still got routed to Alice --> She has to guess ISN-b in step 3. 3. Not secure bc ISNs are sometimes predictable

ICMP Attacks

Error messages of the internet. Some ICMP messages cause clients to alter behavior, and they aren't authenticated. Attack: Spoofed ICMP pings can cause the client to reset TCP connection. Defenses: 1. Filter most of ICMP (firewalls pretty much always block them now) 2. Verify/sanity check ICMP sources and content

What is Authentication?

Evaluating the authenticity of identity proving credentials

Potential Issues of VPNs

False sense of security (can be exploited, hacked, ... ex: NordVPN) Can be configured incorrectly

Examples of biometric authenticators (something you are)

Fingerprint, facial recognition, voice signature, retina scanner

What are Stateful Firewalls?

Firewalls that store some kind of state. Needed when a single packet contains insufficient data to make access control decisions (Should I let this packet through?) Ex: Is this TCP packet part of an established session?

Six values generated in a TLS session. What are they, how are they generated?

Generated from the master secret K, R-client (nonce), and R-server (nonce). IVs are generated when using a cipher mode that needs IVs. Client authentication and encryption keys Server authentication and encryption keys Client encryption IV Server encryption IV

TCP/IP Message Spoofing, Attack and Defenses

Happens because ISNs are predictable in many TCP implementation. 1. Alice → Syn(ISN-a) → Bob 2. Alice ← Syn(ISN-b), Ack(ISN-a) ← Bob 3. Alice → Ack(ISN-b) → Bob Attack: Mallory guesses ISN-b in step 3 to spoof a message as Alice because ISNs are predictable. Defenses: More rapidly change ISNs and/or randomize ISNs to prevent ISN guessing

What is K in Simple SSL? Does simple SSL provide perfect forward secrecy?

K is the shared master secret, K = f(S, R-client, R-server) No perfect forward secrecy. Compromise server private key gives S, S gives K, K allows you to decrypt all past communications.

Ways security can be violated even with TLS active

Malicious website/JS, CA compromise (bad cert), Server misconfiguration, etc...

TLS Key Exchange Method: RSA

No perfect forward secrecy. Server must have a certificate, used in Simple SSL example Uses pre-master secret (S) to compute master secret (K)

TLS Key Exchange Method: Ephemeral Diffie-Hellman

Provides perfect forward secrecy, used the most IRL DH public keys are exchanged, signed by RSA key (usually signed by just the server, clients usually don't have RSA key) Uses exchanged public keys to arrive at shared master secret

Purpose of certificate + 3 things in a certificate

Purpose: Binds an identity to a private key 1. Identity 2. Public Key of cert owner 3. Signature from Certificate Authority (CA)

What is multi-factor authentication? Name an example

Requiring more than one authentication method Ex: ATM requires debit card and PIN

Routing Manipulation Attack

Routers share data (reachability and distance vectors) about where they can route to, the data is used to decide the best route. Attack: The data is not authenticated, so adversary can forge vectors to control traffic (route through adversary, or route to nothing causing DoS) Defense: Still an open problem, attacks happen all the time

What is a DMZ? Why use one?

Zone between LAN and internet. Used for network isolation. Traffic can be controlled/blocked between the stuff you never want exposed (ex: accounting DB) and forward facing devices via a firewall (ex: mail server), then another firewall can control traffic b/t forward facing devices and the internet

Server vs. Mutual Authentication

Server Auth: Just authenticating the server Mutual Auth: Authenticating the client and server

TLS Key Exchange Method: Fixed Diffie-Hellman

Server provides DH public parameters (key) in a cert. Client responds with DH public key in a cert or key exchange message. Uses exchanged public keys to arrive at shared master secret.

What is the Seven plus or minus two rule? What are the implications of it in regards to passwords?

Seven plus or minus two rule: Most humans can remember ~5 - 9 things at once → Limits complexity of passwords that can be securely used

Source Routing Attacks/Defenses

Source Routing: Allows sender to specify route of packets through flags. Attacks: 1. Access Networks: Can specify your packets to route through a network that you shouldn't have access to 2. DoS: Can flood links/routes by sending all your packets down a small link/route Defenses: Block packets with source routing flags, pretty much every router ignores these flags now.

Problems with Security Questions

The answers are usually public or are easily guessable

Examples of bearer-authenticators (something you have)

Tokens/Transponders (smartphones, ex-pass, secureID) Smartcards Digital Certificates

Problems with Passwords

Users: Choose bad passwords, reuse them, forget them, sometimes given them out

Problems addressed by VPNs + Goals of VPNs

VPNs are designed to solve two problems: 1. I want to protect my traffic b/t my host and some destination. 2. I want the networks of multiple locations in my organization to be connected, without directly running fiber to each location (Ex: Connecting all UNC Campuses) Overall Goals: Join physically separated networks. Provide secure access to private network over public links.

What is Deep Packet Inspection? Concerns?

When the actual data of the packet is examined for application and/or content context as opposed to just looking at the headers. Ex: Inspect HTTP packets for malicious URLS Serious privacy issues if done by the wrong entity (like your ISP)

What are Online Bruteforce Password Attacks? Possible defenses?

When the attacker tries one possible password after another through the official interface. Defense: Developers can limit the amount of password attempts

Ping-of-Death Attack (another ICMP attack)

Works because of software overflow bug in IP fragmentation. Attack: Send malformed packet → Buffer overflow in kernel → gg wp Defense: The bug was patched in most OSes and firewalls, but the vulnerability still pops up