Download שקופית 1

Intro To Secure
Comm.
Exercise 6
Problem

A vendor wishes to incorporate the
following:
 Upon
any login/change the vendor updates
the cookie

Cookie(SessionTime||{Item||Price})
What kind of attacks may be done?
 What kind of attackers may do it?
 How does SSL help protect against certain
attacks/adversaries?

Solution


The interrogative adversary may easily change
the cookie.
The attacks may be
 extending
the session time indefinitely
 Changing products’ prices

SSL may prevent sniffing/active adversaries
from intercepting the cookies and/or changing
them while they’re transmitted
Problem

The following is a cookie based login process
 User
 Login to server, provide user/password
 Server
 Set Cookie(username||h(password))



The login process is protected with SSL.
The rest sessions are not.
Against what types of adversaries is this scheme
effective?
Solution





This scheme is immune to spoofing attacks, as
no spoofer can generate the cookie
This scheme is immune to sniffing attacks as the
secret is not sent in the clear.
However, active adversaries may do replay
attacks after the initial login.
How may you defend against active
adversaries?
Dictionary attacks are still possible, use SALT
against them.
Solution (2)
The simplest thing would be to protect the
entire client-server protocol using SSL.
 Developing a proprietary protocol may
lead to more complex client-side
applications.

Problem

The following identifier is put into a cookie
after user logon (to identify the session)
 Cookie(GlobalId++)
What types of adversaries may attack this
scheme?
 What is the attack?

Solution




The interrogative adversary may attack this
easily.
The attack would be to guess the sequence
number of another session.
Since this uses sequential numbers it is quite
easy.
How will you mend this flaw?
 Use cryptographic randomness
 PRF(GlobalId||Date)
IP-SEC
Scenario

An organization connects to the Internet from
multiple offices, and is concerned about:

Denial of service attacks from the Internet
 Protect data on few key applications (mostly web)
from
unauthorized exposure
 Efficiency and cost of solution

The organization considers employing IPSec as
a solution
Problem

When is IPSec not able to secure the
connection under the previous conditions
Solution
IPSec connections may not be reliable
when an attack is orchestrated from inside
the network (where IP sec is not utilized)
 Using IPSec in tunnel mode enables such
an attack from inside the network when a
virus/worm attacks the computers.

Problem

Few companies create extranet (shared
VPN over Internet) using IP-sec. How can
they (securely and efficiently)…
 Prevent
network attacker from counting CEOto-CEO messages
 Prevent insiders from eavesdropping on CEOto-CEO messages
Solution

Assuming
 CEO1:10.0.0.1
 CEO2:11.0.0.1


Use both transport mode and tunnel mode
IPSec.
First use Transport mode IPSec
 CEO1
SP : To CEO2 -> Encrypt Transport Mode
 CEO2 SP : To CEO1 -> Encrypt Transport Mode
Solution



Second, use IPSec tunnel mode between
routers such that ALL messages are encrypted
using tunnel mode (no differentiation between
CEO messages and users’ messages)
This way, messages between CEOs are
protected from being noticed from the internet
(this is because the messages are designated to
the routers)
Inside the network, the messages are still
encrypted.
Scenario
Problem
The company enables IPSec in tunnel
mode between each branch of the
company.
 Users are allowed to browse the internet
freely.
 How can a virus expose information sent
from branch A to B?

Solution
By sniffing the network, the virus can sniff
packets sent between the branches.
 The virus can then send the information to
a host located on the internet.
 Since the information between the
branches is sent on the clear (until it
reaches the VPN host) it is easily viewed.

Attack explenation
Say computer A from office A send
information to computer B in office B.
 The virus sniffs the network and gets a
hold of the message.
 The virus sends the message using a
connection to the internet, to an internet
host.

Problem

What if the routers are configured only to
allow secured IPSec communication?
 i.e.

no internet forwarding.
Is the attack viable now?
Solution


YES!!!
Through subliminal channels, the virus can
communicate with the sniffer
 Through
 Through

timings
length of packets
In conjunction with the SPI field.
 Assuming the SPI is different than other programs.
 The eavesdropper can then identify the messages
from the virus and identify them using timings/length
of packets.
‫)‪Problem (Test Question‬‬
‫‪‬‬
‫חברה מעונינת להבטיח מספר יישומים קריטיים )משכורות‪ ,‬כח אדם‪ ,‬דו"חות‬
‫מכירות( מפני תוקף חיצוני או פנימי‪ .‬ההנחה היא שהתוקף עלול להשתלט על‬
‫מחשב אחד או מחשבים מעטים‪ ,‬ובפרט מניחים שלא יוכל להשתלט על‬
‫שרתים )שמאובטחים היטב( אלא רק על תחנות עבודה‪ .‬מעונינים למנוע‬
‫מהתוקף‪ ,‬אפילו אם הוא שולט על מחשב אחד שנמצא ברשת מקומית‬
‫מסוימת‪ ,‬מלחשוף או לשנות הודעות בין מחשבים ברשת שאינם נשלטים על‬
‫ידיו ובין אחד משרתי היישומים הקריטיים‪ .‬מוצע להגן ע"י שימוש ב‪IP-sec-‬‬
‫בשיטת ‪ ESP‬ומצב ‪ ,Transport‬בין כל תחנת עבודה לבין השרתים שמריצים‬
‫את אותם שירותים קריטיים‪.‬‬
‫‪‬‬
‫הראה שפתרון זה עשוי שלא למנוע התקפה‪ ,‬ותוקף ששולט במחשב אחד ברשת‬
‫עלול להיות מסוגל להתחזות לשרת היישום הקריטי‪ .‬רמז‪ :‬שרתים אחרים ברשת‪,‬‬
‫שאינם מריצים את היישומים הקריטיים‪ ,‬אינם מריצים ‪.IP-sec‬‬
Solution



The key idea is that only application servers are
protected with IPSec.
What about DNS servers? (or any other naming servers)
The following attack may happen




ADV takes control over some computer (a client/DNS) which are
not protected.
ADV changes DNS record to point to the controlled computer
When the application needs to transmit information, it transmits
to the wrong IP thus not protecting the data with IPSec.
The application is UNAWARE of it.