Update CSE4303_L5.md

content/CSE4303/CSE4303_L4.md

@@ -24,4 +24,119 @@ Connection-oriented, preserves order
    - Enables spoofing and session hijacking
 3. Denial of Service (DoS) vulnerabilities
 
+#### TCP SYN Flood I: low rate (DoS Bug)
 
+Low rate SYN flood defenses
+
+Correct Solution:
+
+Syncookies: remove state from server
+
+Small performance overhead
+
+Hijacking Existing TCP connection
+
+- A, B trusted connection
+ - Send packets with predictable seq numbers
+
+- E impersonates B to A
+- DoS B’s queue
+- Sends packets to A that
+resemble B’s transmission
+  - E cannot receive, but may
+execute commands on A
+
+## Routing Security
+
+Routing Protocols
+
+- ARP (addr resolution protocol): IP addr ⟶ eth addr
+Security issues: (local network attacks)
+  - Node A can confuse gateway into sending it traffic for Node B
+  - By proxying traffic, node A can read/inject packets
+into B’s session (e.g. WiFi networks)
+- OSPF: used for routing within an AS
+- BGP: routing between Autonomous Systems
+Security issues: unauthenticated route updates
+  - Anyone can cause entire Internet to send traffic
+for a victim IP to attacker’s address
+- Example: Youtube-Pakistan mishap (see DDoS lecture)
+  - Anyone can hijack route to victim
+
+### Security Issues
+
+- BGP path attestations are un-authenticated
+  - Anyone can inject advertisements for arbitrary routes
+  - Advertisement will propagate everywhere
+  - Used for DoS, spam, and eavesdropping (details in DDoS lecture)
+  - Often a result of human error
+
+Solutions:
+
+- RPKI: AS obtains a certificate (ROA) from regional authority (RIR) and attaches ROA to path advertisement.
+Advertisements without a valid ROA are ignored. Defends against a malicious AS
+- SBGP: sign every hop of a path advertisement
+
+### Domain Name System
+
+DNS Root Name Servers
+
+- Hierarchical service
+  - Root name servers for toplevel domains
+  - Authoritative name servers
+for subdomains
+  - Local name resolvers contact
+authoritative servers when
+they do not know a name
+
+#### DNS Lookup Example
+
+#### Caching
+
+- DNS responses are cached
+  - Quick response for repeated translations
+  - Note: NS records for domains also cached
+- DNS negative queries are cached
+  - Save time for nonexistent sites, e.g. misspelling
+- Cached data periodically times out
+  - Lifetime (TTL) of data controlled by owner of data
+  - TTL passed with every record
+
+DNS Packet
+
+- Query ID:
+  - 16 bit random value
+  - Links response to query
+
+#### Basic DNS Vulnerabilities
+
+- Users/hosts trust the host-address mapping
+provided by DNS:
+  - Used as basis for many security policies:
+Browser same origin policy, URL address bar
+- Obvious problems
+  - Interception of requests or compromise of DNS servers can
+result in incorrect or malicious responses
+- e.g.: malicious access point in a Cafe
+  - Solution   - authenticated requests/responses
+- Provided by DNSsec … but few use DNSsec
+
+### DNS cache poisoning (a la Kaminsky’08)
+
+![DNS_cache_poisoning.png](https://notenextra.trance-0.com/CSE4303/DNS_cache_poisoning.png)
+
+#### DNS poisoning attacks in the wild
+
+- January 2005, the domain name for a large New York ISP, Panix, was hijacked to a site in Australia.
+- In November 2004, Google and Amazon users were sent to Med Network Inc., an online pharmacy
+- In March 2003, a group dubbed the "Freedom Cyber Force Militia" hijacked visitors to the Al-Jazeera Web site and presented them with the message "God Bless Our Troops"
+
+### Summary
+
+- Core protocols not designed for security
+  - Eavesdropping, Packet injection, Route stealing, DNS poisoning
+  - Patched over time to prevent basic attacks
+- More secure variants exist :
+  - IP $\to$ IPsec
+  - DNS $\to$ DNSsec
+  - BGP $\to$ sBGPs

content/CSE4303/CSE4303_L5.md

@@ -0,0 +1,79 @@
+# CSE4303 Introduction to Computer Security (Lecture 5)
+
+## Cryptography: Foundations
+
+### Definitions
+
+Cryptography is the study of techniques that enable secure communication and computation in the presence of adversaries, by providing formal guarantees such as confidentiality, integrity, and authenticity.
+
+Cryptanalysis is the study of techniques for breaking cryptographic systems, by recovering secret information or violating security guarantees without knowing the secret key
+
+### Background: security guarantee
+
+- Well-defined statement about difficulty of compromising a system
+  - ...with clear implicit or explicit assumptions about:
+    - Parameters of the system
+    - Threat model
+    - Attack surfaces
+- Example: "A one-time pad cipher is secure against any cryptanalysis, including a brute-force attack, assuming:
+  - the key is the same length as the plaintext,
+  - the key is truly random, and
+  - the key is never re-used.
+- Example: "Given that keys remain uncompromised (by human error, side channel, etc.), recovering an RSA private key from a given public key is at least as hard as integer factorization."
+  - I.e. we can reduce RSA to integer factorization.
+  - Note: correct implementation is not guaranteed!
+- Non-example: "This app is secure."
+  - Empty claim: what does it mean?
+
+### Overview: Encryption and Decryption
+
+- The message m is called the plaintext.
+- Alice will convert plaintext m to an encrypted form using an encryption algorithm E that outputs a ciphertext c for m
+
+#### Cryptography goals
+
+- Confidentiality:
+  - Mallory and Eve cannot recover original message from ciphertext
+- Integrity:
+  - Mallory cannot modify message from Alice to Bob without detection
+by Bob
+- Authenticity:
+  - Mallory cannot craft a message that Bob would accept as coming from Alice
+
+#### Cryptosystem compoents
+
+1. The set of possible plaintexts (M)
+2. The set of possible ciphertexts (C)
+3. The set of encryption keys (K)
+4. The set of decryption keys (usually K as well)
+5. The correspondence between encryption keys and decryption
+keys
+6. The encryption algorithm to use (E)
+7. The decryption algorithm to use (D)
+
+#### Symmetric ciphers:
+
+A cipher defined over $(K,M,C)$ is a pair of efficient algorithms $(E,D)$ where $E: K\times M\to C$ and $D: K\times C \to M$
+
+Correctness Property:
+
+$\forall m\in M, \exists k\in K$, $E(k,m) = c\in C$, and $D(k,c) = m$
+
+- $D$ and $E$ are often efficient (polynomial time | concrete time)
+- $E$ is encryption, often randomized.
+- $D$ is decryption, always deterministic.
+
+#### Threat models
+
+Attackers may have:
+
+- collection of ciphertexts (ciphertext-only attack)
+- collection of plaintext/ciphertext pairs (known plaintext attack: KPA )
+- collection of plaintext/ciphertext pairs for plaintexts selected by the attacker (chosen plaintext attack: CPA )
+- collection of plaintext/ciphertext pairs for ciphertexts selected by the attacker (chosen ciphertext attack: CCA/CCA2 )
+
+### Symmetric (shared-key) encryption
+
+Refer to this lecture notes
+
+[CSE442T Lecture 1](https://notenextra.trance-0.com/CSE442T/CSE442T_L1/)

content/CSE4303/_meta.js

@@ -7,5 +7,5 @@ export default {
     CSE4303_L2: "Introduction to Computer Security (Lecture 2)",
     CSE4303_L3: "Introduction to Computer Security (Lecture 3)",
     CSE4303_L4: "Introduction to Computer Security (Lecture 4)",
-
+    CSE4303_L5: "Introduction to Computer Security (Lecture 5)",
 }