Trance-0/NoteNextra-origin
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Trance-0
2026-01-27 11:58:32 -06:00
parent eead5b6458
commit 52e69f9340
4 changed files with 196 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
content/CSE4303/CSE4303_L4.md
View File

@@ -24,4 +24,119 @@ Connection-oriented, preserves order
- Enables spoofing and session hijacking - Enables spoofing and session hijacking
3. Denial of Service (DoS) vulnerabilities 3. Denial of Service (DoS) vulnerabilities
#### TCP SYN Flood I: low rate (DoS Bug)
Low rate SYN flood defenses
Correct Solution:
Syncookies: remove state from server
Small performance overhead
Hijacking Existing TCP connection
- A, B trusted connection
- Send packets with predictable seq numbers
- E impersonates B to A
- DoS Bs queue
- Sends packets to A that
resemble Bs transmission
- E cannot receive, but may
execute commands on A
## Routing Security
Routing Protocols
- ARP (addr resolution protocol): IP addr ⟶ eth addr
Security issues: (local network attacks)
- Node A can confuse gateway into sending it traffic for Node B
- By proxying traffic, node A can read/inject packets
into Bs session (e.g. WiFi networks)
- OSPF: used for routing within an AS
- BGP: routing between Autonomous Systems
Security issues: unauthenticated route updates
- Anyone can cause entire Internet to send traffic
for a victim IP to attackers address
- Example: Youtube-Pakistan mishap (see DDoS lecture)
- Anyone can hijack route to victim
### Security Issues
- BGP path attestations are un-authenticated
- Anyone can inject advertisements for arbitrary routes
- Advertisement will propagate everywhere
- Used for DoS, spam, and eavesdropping (details in DDoS lecture)
- Often a result of human error
Solutions:
- RPKI: AS obtains a certificate (ROA) from regional authority (RIR) and attaches ROA to path advertisement.
Advertisements without a valid ROA are ignored. Defends against a malicious AS
- SBGP: sign every hop of a path advertisement
### Domain Name System
DNS Root Name Servers
- Hierarchical service
- Root name servers for toplevel domains
- Authoritative name servers
for subdomains
- Local name resolvers contact
authoritative servers when
they do not know a name
#### DNS Lookup Example
#### Caching
- DNS responses are cached
- Quick response for repeated translations
- Note: NS records for domains also cached
- DNS negative queries are cached
- Save time for nonexistent sites, e.g. misspelling
- Cached data periodically times out
- Lifetime (TTL) of data controlled by owner of data
- TTL passed with every record
DNS Packet
- Query ID:
- 16 bit random value
- Links response to query
#### Basic DNS Vulnerabilities
- Users/hosts trust the host-address mapping
provided by DNS:
- Used as basis for many security policies:
Browser same origin policy, URL address bar
- Obvious problems
- Interception of requests or compromise of DNS servers can
result in incorrect or malicious responses
- e.g.: malicious access point in a Cafe
- Solution - authenticated requests/responses
- Provided by DNSsec … but few use DNSsec
### DNS cache poisoning (a la Kaminsky08)
![DNS_cache_poisoning.png](https://notenextra.trance-0.com/CSE4303/DNS_cache_poisoning.png)
#### DNS poisoning attacks in the wild
- January 2005, the domain name for a large New York ISP, Panix, was hijacked to a site in Australia.
- In November 2004, Google and Amazon users were sent to Med Network Inc., an online pharmacy
- In March 2003, a group dubbed the "Freedom Cyber Force Militia" hijacked visitors to the Al-Jazeera Web site and presented them with the message "God Bless Our Troops"
### Summary
- Core protocols not designed for security
- Eavesdropping, Packet injection, Route stealing, DNS poisoning
- Patched over time to prevent basic attacks
- More secure variants exist :
- IP $\to$ IPsec
- DNS $\to$ DNSsec
- BGP $\to$ sBGPs

80
content/CSE4303/CSE4303_L5.md Normal file
View File

@@ -0,0 +1,80 @@
# CSE4303 Introduction to Computer Security (Lecture 5)
## Cryptography: Foundations
### Definitions
Cryptography is the study of techniques that enable secure communication and computation in the presence of adversaries, by providing formal guarantees such as confidentiality, integrity, and authenticity.
Cryptanalysis is the study of techniques for breaking cryptographic systems, by recovering secret information or violating security guarantees without knowing the secret key
### Background: security guarantee
- Well-defined statement about difficulty of compromising a system
- ...with clear implicit or explicit assumptions about:
- Parameters of the system
- Threat model
- Attack surfaces
- Example: "A one-time pad cipher is secure against any cryptanalysis, including a brute-force attack, assuming:
- the key is the same length as the plaintext,
- the key is truly random, and
- the key is never re-used.
- Example: "Given that keys remain uncompromised (by human error, side channel, etc.), recovering an RSA private key from a given public key is at least as hard as integer factorization."
- I.e. we can reduce RSA to integer factorization.
- Note: correct implementation is not guaranteed!
- Non-example: "This app is secure."
- Empty claim: what does it mean?
### Overview: Encryption and Decryption
- The message m is called the plaintext.
- Alice will convert plaintext m to an encrypted form using an encryption algorithm E that outputs a ciphertext c for m
#### Cryptography goals
- Confidentiality:
- Mallory and Eve cannot recover original message from ciphertext
- Integrity:
- Mallory cannot modify message from Alice to Bob without detection
by Bob
- Authenticity:
- Mallory cannot craft a message that Bob would accept as coming from Alice
#### Cryptosystem compoents
1. The set of possible plaintexts (M)
2. The set of possible ciphertexts (C)
3. The set of encryption keys (K)
4. The set of decryption keys (usually K as well)
5. The correspondence between encryption keys and decryption
keys
6. The encryption algorithm to use (E)
7. The decryption algorithm to use (D)
#### Symmetric ciphers:
A cipher defined over $(K,M,C)$ is a pair of efficient algorithms $(E,D)$ where $E: K\times M\to C$ and $D: K\times C \to M$
Correctness Property:
$\forall m\in M, \exists k\in K$, $E(k,m) = c\in C$, and $D(k,c) = m$
- $D$ and $E$ are often efficient (polynomial time | concrete time)
- $E$ is encryption, often randomized.
- $D$ is decryption, always deterministic.
#### Threat models
Attackers may have:
- collection of ciphertexts (ciphertext-only attack)
- collection of plaintext/ciphertext pairs (known plaintext attack: KPA )
- collection of plaintext/ciphertext pairs for plaintexts selected by the attacker (chosen plaintext attack: CPA )
- collection of plaintext/ciphertext pairs for ciphertexts selected by the attacker (chosen ciphertext attack: CCA/CCA2 )
### Symmetric (shared-key) encryption
Refer to this lecture notes
[CSE442T Lecture 1](https://notenextra.trance-0.com/CSE442T/CSE442T_L1/)

BIN
content/CSE4303/DNS_cache_poisoning.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 105 KiB

2
content/CSE4303/_meta.js
View File

@@ -7,5 +7,5 @@ export default {
CSE4303_L2: "Introduction to Computer Security (Lecture 2)", CSE4303_L2: "Introduction to Computer Security (Lecture 2)",
CSE4303_L3: "Introduction to Computer Security (Lecture 3)", CSE4303_L3: "Introduction to Computer Security (Lecture 3)",
CSE4303_L4: "Introduction to Computer Security (Lecture 4)", CSE4303_L4: "Introduction to Computer Security (Lecture 4)",
CSE4303_L5: "Introduction to Computer Security (Lecture 5)",
} }