diff --git a/content/CSE4303/CSE4303_L4.md b/content/CSE4303/CSE4303_L4.md index 3e6c060..8e2e23f 100644 --- a/content/CSE4303/CSE4303_L4.md +++ b/content/CSE4303/CSE4303_L4.md @@ -24,4 +24,119 @@ Connection-oriented, preserves order - Enables spoofing and session hijacking 3. Denial of Service (DoS) vulnerabilities +#### TCP SYN Flood I: low rate (DoS Bug) +Low rate SYN flood defenses + +Correct Solution: + +Syncookies: remove state from server + +Small performance overhead + +Hijacking Existing TCP connection + +- A, B trusted connection + - Send packets with predictable seq numbers + +- E impersonates B to A +- DoS B’s queue +- Sends packets to A that +resemble B’s transmission + - E cannot receive, but may +execute commands on A + +## Routing Security + +Routing Protocols + +- ARP (addr resolution protocol): IP addr ⟶ eth addr +Security issues: (local network attacks) + - Node A can confuse gateway into sending it traffic for Node B + - By proxying traffic, node A can read/inject packets +into B’s session (e.g. WiFi networks) +- OSPF: used for routing within an AS +- BGP: routing between Autonomous Systems +Security issues: unauthenticated route updates + - Anyone can cause entire Internet to send traffic +for a victim IP to attacker’s address +- Example: Youtube-Pakistan mishap (see DDoS lecture) + - Anyone can hijack route to victim + +### Security Issues + +- BGP path attestations are un-authenticated + - Anyone can inject advertisements for arbitrary routes + - Advertisement will propagate everywhere + - Used for DoS, spam, and eavesdropping (details in DDoS lecture) + - Often a result of human error + +Solutions: + +- RPKI: AS obtains a certificate (ROA) from regional authority (RIR) and attaches ROA to path advertisement. +Advertisements without a valid ROA are ignored. Defends against a malicious AS +- SBGP: sign every hop of a path advertisement + +### Domain Name System + +DNS Root Name Servers + +- Hierarchical service + - Root name servers for toplevel domains + - Authoritative name servers +for subdomains + - Local name resolvers contact +authoritative servers when +they do not know a name + +#### DNS Lookup Example + +#### Caching + +- DNS responses are cached + - Quick response for repeated translations + - Note: NS records for domains also cached +- DNS negative queries are cached + - Save time for nonexistent sites, e.g. misspelling +- Cached data periodically times out + - Lifetime (TTL) of data controlled by owner of data + - TTL passed with every record + +DNS Packet + +- Query ID: + - 16 bit random value + - Links response to query + +#### Basic DNS Vulnerabilities + +- Users/hosts trust the host-address mapping +provided by DNS: + - Used as basis for many security policies: +Browser same origin policy, URL address bar +- Obvious problems + - Interception of requests or compromise of DNS servers can +result in incorrect or malicious responses +- e.g.: malicious access point in a Cafe + - Solution - authenticated requests/responses +- Provided by DNSsec … but few use DNSsec + +### DNS cache poisoning (a la Kaminsky’08) + +![DNS_cache_poisoning.png](https://notenextra.trance-0.com/CSE4303/DNS_cache_poisoning.png) + +#### DNS poisoning attacks in the wild + +- January 2005, the domain name for a large New York ISP, Panix, was hijacked to a site in Australia. +- In November 2004, Google and Amazon users were sent to Med Network Inc., an online pharmacy +- In March 2003, a group dubbed the "Freedom Cyber Force Militia" hijacked visitors to the Al-Jazeera Web site and presented them with the message "God Bless Our Troops" + +### Summary + +- Core protocols not designed for security + - Eavesdropping, Packet injection, Route stealing, DNS poisoning + - Patched over time to prevent basic attacks +- More secure variants exist : + - IP $\to$ IPsec + - DNS $\to$ DNSsec + - BGP $\to$ sBGPs \ No newline at end of file diff --git a/content/CSE4303/CSE4303_L5.md b/content/CSE4303/CSE4303_L5.md new file mode 100644 index 0000000..1726e5f --- /dev/null +++ b/content/CSE4303/CSE4303_L5.md @@ -0,0 +1,80 @@ +# CSE4303 Introduction to Computer Security (Lecture 5) + +## Cryptography: Foundations + +### Definitions + +Cryptography is the study of techniques that enable secure communication and computation in the presence of adversaries, by providing formal guarantees such as confidentiality, integrity, and authenticity. + +Cryptanalysis is the study of techniques for breaking cryptographic systems, by recovering secret information or violating security guarantees without knowing the secret key + +### Background: security guarantee + +- Well-defined statement about difficulty of compromising a system + - ...with clear implicit or explicit assumptions about: + - Parameters of the system + - Threat model + - Attack surfaces +- Example: "A one-time pad cipher is secure against any cryptanalysis, including a brute-force attack, assuming: + - the key is the same length as the plaintext, + - the key is truly random, and + - the key is never re-used. +- Example: "Given that keys remain uncompromised (by human error, side channel, etc.), recovering an RSA private key from a given public key is at least as hard as integer factorization." + - I.e. we can reduce RSA to integer factorization. + - Note: correct implementation is not guaranteed! +- Non-example: "This app is secure." + - Empty claim: what does it mean? + +### Overview: Encryption and Decryption + +- The message m is called the plaintext. +- Alice will convert plaintext m to an encrypted form using an encryption algorithm E that outputs a ciphertext c for m + +#### Cryptography goals + +- Confidentiality: + - Mallory and Eve cannot recover original message from ciphertext +- Integrity: + - Mallory cannot modify message from Alice to Bob without detection +by Bob +- Authenticity: + - Mallory cannot craft a message that Bob would accept as coming from Alice + +#### Cryptosystem compoents + +1. The set of possible plaintexts (M) +2. The set of possible ciphertexts (C) +3. The set of encryption keys (K) +4. The set of decryption keys (usually K as well) +5. The correspondence between encryption keys and decryption +keys +6. The encryption algorithm to use (E) +7. The decryption algorithm to use (D) + +#### Symmetric ciphers: + +A cipher defined over $(K,M,C)$ is a pair of efficient algorithms $(E,D)$ where $E: K\times M\to C$ and $D: K\times C \to M$ + +Correctness Property: + +$\forall m\in M, \exists k\in K$, $E(k,m) = c\in C$, and $D(k,c) = m$ + +- $D$ and $E$ are often efficient (polynomial time | concrete time) +- $E$ is encryption, often randomized. +- $D$ is decryption, always deterministic. + +#### Threat models + +Attackers may have: + +- collection of ciphertexts (ciphertext-only attack) +- collection of plaintext/ciphertext pairs (known plaintext attack: KPA ) +- collection of plaintext/ciphertext pairs for plaintexts selected by the attacker (chosen plaintext attack: CPA ) +- collection of plaintext/ciphertext pairs for ciphertexts selected by the attacker (chosen ciphertext attack: CCA/CCA2 ) + +### Symmetric (shared-key) encryption + +Refer to this lecture notes + +[CSE442T Lecture 1](https://notenextra.trance-0.com/CSE442T/CSE442T_L1/) + diff --git a/content/CSE4303/DNS_cache_poisoning.png b/content/CSE4303/DNS_cache_poisoning.png new file mode 100644 index 0000000..696d28d Binary files /dev/null and b/content/CSE4303/DNS_cache_poisoning.png differ diff --git a/content/CSE4303/_meta.js b/content/CSE4303/_meta.js index 894f7e5..3ec53ca 100644 --- a/content/CSE4303/_meta.js +++ b/content/CSE4303/_meta.js @@ -7,5 +7,5 @@ export default { CSE4303_L2: "Introduction to Computer Security (Lecture 2)", CSE4303_L3: "Introduction to Computer Security (Lecture 3)", CSE4303_L4: "Introduction to Computer Security (Lecture 4)", - + CSE4303_L5: "Introduction to Computer Security (Lecture 5)", }