augmented send aligning security privacy and usability
play

Augmented SEND: Aligning Security, Privacy, and Usability Ahmad - PowerPoint PPT Presentation

Nov 26, 2023 •411 likes •885 views

Augmented SEND: Aligning Security, Privacy, and Usability Ahmad AlSadeh Supervisor: Prof. Dr. Christoph Meinel Hasso-Plattner-Institut, University of Potsdam April 23, 2013 IPv4 address exhaustion 2 IANA unallocated address pool IPv6

  1. Augmented SEND: Aligning Security, Privacy, and Usability Ahmad AlSadeh Supervisor: Prof. Dr. Christoph Meinel Hasso-Plattner-Institut, University of Potsdam April 23, 2013

  2. IPv4 address exhaustion 2 ■ IANA unallocated address pool ■ IPv6 deployment is happening exhaustion: 03-Feb-2011 □ World IPv6 Launch Day: June 6, 2012 Google IPv6 Statistics IPv4 Address Report http://www.potaroo.net/tools/ipv4/ http://www.google.com/ipv6/index.html Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  3. Comparison of IPv4 and IPv6 3 IPv4 IPv6 2 32 = 4,294,967,296 2 128 = 340 trillion trillion trillion Number of Addresses = 4 billion addresses addresses Decimal notation: Hexadecimal notation: Address Format 192.146.200.67 2001:5FEB:BEEF::CAFE Prefix Notation 192.146.0.0/24 2001:5FEB:BEEF::/64 Stateless Address Autoconfiguration, Addresses Manually or through DHCP assigned using DHCPv6, or manually configuration configured IP<--> MAC Address Resolution Protocol Neighbor Discovery Protocol Translation (ARP) (NDP) Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  4. Neighbor Discovery Protocol (NDP) 4 ■ NDP is a part of ICMPv6 ■ Fundamental protocol in IPv6 suite □ Obtain configuration information including: □ Router, subnet prefix, and parameter discovery Internet □ Determine when a neighbor is no longer reachable □ Perform address resolution □ … Router Router ■ Local link protocol □ Subnet scope NDP scope host host host Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  5. NDP vulnerabilities 5 ■ NDP messages lack authentication □ The assumption that all nodes trust each other Internet ■ Attacks come from malicious □ host Router Router □ router ■ NDP is vulnerable to many attacks □ Spoofing □ Replay □ Rogue router □ … host host host Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  6. NDP vulnerabilities ( continue …) 6 ■ Duplicate Address Detection (DAD) DoS attack □ THC-IPv6 Attack Suite http://www.thc.org/thc-ipv6/ – dos-new-ip6 New Host Attacker Does anyone use this address Yes, I have this address ■ SEcure Neighbor Discovery (SEND) is the proposed solution Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  7. Outline ■ SEcure Neighbor Discovery (SEND) 7 ■ Problem statement ■ SEND users’ preferences □ Time – Based CGA □ CGA privacy Extension ■ WinSEND ■ CGAs enhancements: security and performance ■ SEND and IPsec ■ Conclusion Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  8. SEcure Neighbor Discovery (SEND) 8 ■ SEND is an integral part of NDP ■ Address Authentication ( Address Ownership Proof) □ CGA Option □ RSA Signature Option ■ Replay Protection □ Nonce Option □ Timestamp Option ■ Authorization Delegation Discovery (ADD) □ Certificate Path Solicitation (CPS), ICMPv6 message □ Certificate Path advertisement (CPA), ICMPv6 message Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  9. SEND (Simplified) Host A 9 Host B Hash ( Kpub , Parameters) 64 bits 64 bits Subnet Prefix Interface Identifier Sign(ND message) Source address = CGA address Verify Hash ( Kpub , Parameters) CGA option= Kpub + other parameters = Interface Identifier Nonce option Timestamp option Verify signature with Kpub RSA Signature Option = Signature SEND options are sent with the NDP message Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  10. NDP message protected by SEND 10 Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  11. Cryptographically Generated Addresses (CGAs) ■ Address authentication (Address ownership proof) 11 ■ Sender’s public key is bounded to IPv6 address ■ CGA generation algorithm Hash Extension CGA parameters 0 Hash2 Yes Final Subnet Collision 16xSec RSA Kpub 16xSec (112 bits) Modifier prefix Count leftmost =0? (variable) (128 bits) (64 bits) (8bits) Hash2 bits must be zero No SHA-1 SHA-1 Increment Modifier 64 bits Hash1 (160 bits) Modifier 0 0 RSA Kpub (128 bits) (64 bits) (8bits) (variable) Subnet prefix Sec ug • Generate/ Obtain an RSA key pair CGA • Pick a random Modifier • Select a Sec value Check the uniqueness of IPv6 address (DAD) • Set Collision Count to 0 Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  12. Sec value of the CGA 12 ■ In CGA, Sec (0 to 7), unsigned 3-bit integer, is scale factor which increases the cost (hash operation) for both □ The attacker : O(2 59+16xSec ) □ The address generator: O(2 16xSec ) ■ For example 16xSec 0 □ Sec=0, Hash2=0X123456789ABCD… Hash2 16xSec (112 bits) =0? □ Sec=1, Hash2=0X0000 56789ABCD… No □ Sec=2, Hash2=0X00000000 9ABCD… SHA-1 Increment Modifier □ … Modifier 0 0 RSA Kpub (128 bits) (64 bits) (8bits) (variable) Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  13. Problem statement ■ There are several factors that limit SEND deployment 13 □ SEND is compute-intensive and bandwidth-consuming □ SEND high time complexity may lead to privacy-related attacks □ SEND has not mature implementation for end user operating systems □ SEND is still vulnerable to DoS attacks □ Router Authorization Delegation Discovery (ADD) mechanism is so far theoretical rather than practical Publication: Ahmad AlSa'deh, Christoph Meinel, "Secure Neighbor Discovery: Review, Challenges, □ Perspectives, and Recommendations," IEEE Security & Privacy, vol. 10, no. 4, pp. 26-34, July-Aug. 2012. Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  14. Research questions ■ How could we decrease the complexity of SEND calculations to 14 make it usable without major changes to the SEND itself? ■ How could we enhance CGA against the privacy-related attacks? ■ What could we do to make SEND available for end users? ■ How SEND and IPsec can work together for securing IPv6 networks? Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  15. 1. SEND is compute-intensive 15 ■ Cryptography means a lot of computations ■ The average time for CGA address generation 16xSec Processor with 2.6 GHz 0 Hash2 16xSec (112 bits) Sec Average time = 0? 1 ~ 0.5 seconds No SHA- 2 ~ 2 hours 1 Increment Modifier 3 ~ 12 years 4 ~ 1.6. 10 6 years Modifier 0 0 RSA Kpub (128 bits) (64 bits) (8bits) (variable) • Select a Sec ■ Even for the same Sec value, predicting the convergence time is very difficult Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  16. Time-Based CGA (TB-CGA) ■ TB-CGA: Modifications to standard CGA 16 □ Select “ time parameter ” as an input □ Keep track of the best found security level within determined time □ Reduce the granularity of the security level from “16” to “ 8 ” Standard CGA Time-Based CGA 16xSec 8xSec 0 Hash2 16xSec 0 Hash2 (112 bits) = 0? Exceed (112 bits) time? No No SHA- SHA- 1 Increment 1 Increment Modifier -Store the Modifier Modifier -Store the best Hash2 Modifier 0 0 RSA Kpub Modifier 0 0 RSA Kpub (128 bits) (64 bits) (8bits) (variable) (128 bits) (64 bits) (8bits) (variable) • Select a Sec • Select a Time Parameter Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  17. Sec value measurements for different granularity ■ Granularity 16 (before) ■ Granularity 8 (after) 17 For Sec=0: 96.25% Sec=0: 12.53% For Sec=1: 3.75% Sec=1: 80.05% Ahmad Alsa'deh, Hosnieh Rafiee, Christoph Meinel, "Stopping Time Condition for Practical IPv6 ■ Cryptographically Generated Addresses," ICOIN, pp.257-262, The International Conference on Information Network 2012, 2012. Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  18. 2. Privacy concerns ■ High Sec value may cause unacceptable delay 18 ■ It is likely that once a host generates an acceptable CGA, it will continue to use □ this same address □ the same public key ■ hosts using CGAs could be susceptible to privacy related attacks Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

  19. CGA privacy extensions ■ Three main modifications 19 Reducing the granularity of CGA Setting a CGA lifetime Automatic key pair generation Ahmad Alsa’deh , Hosnieh Rafiee, and Christoph Meinel, "IPv6 Stateless Address Autoconfiguration: ■ Balancing Between Security, Privacy and Usability" in 5th International Symposium on Foundations and Practice of Security, FPS 2012, LNCS 7743, pp. 149 – 161, 2012. Augmented SEND: Aligning Security, Privacy, and Usability || Ahmad Alsadeh || April 23, 2013

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on

CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on

CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on Computation and Society Harvard University 1 Administrivia Final Project Presentation Schedules are on the website. HW4 2 Tonight we will look at

520 views • 35 slides
The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019

The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019

The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019 Hello! Im Joris van Rooij Software Architect at Jibe.Company From Eindhoven, the Netherlands J I B E . C O M P A N Y I like...

1.72k views • 144 slides
Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety &amp; Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety &amp; Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety &amp; Consent Georgia Bullen // @georgiamoon Executive Director Simply Secure FOSDEM // 2 February 2020 Everyone deserves technology they can trust. Simply Secure

437 views • 28 slides
IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad AlSadeh, Hosnieh Rafiee, Christoph Meinel Hasso-Plattner-Institut, University of Potsdam, Germany IPv6 StateLess Address Auto- Configuration

330 views • 20 slides
Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security Browser SSL Password Encryption warnings schemes usability IT Security 40M consumer 153M end user Thousands of credit cards credentials

785 views • 39 slides
Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Phd course on Formal modelling and analysis of interactive systems Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone United Nations University International Institute for Software Technology

1.76k views • 109 slides
CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something

CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something

CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something that you know Something that you have Something that you are Uses of Biometrics: Simple: Verification Is this who he claims to be?

592 views • 40 slides
Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA

Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA

Technology Usability Lab in Privacy and Security Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA {FIRSTNAME.LASTNAME}@ED.AC.UK End users requirement of usability is starting to be acknowledged as a serious market

490 views • 23 slides
Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Introduction Security-usability threat model Security and usability evaluation Summary Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe Oxford University Computing Laboratory Availability,

829 views • 23 slides
Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi

Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi

Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi Google, Inc. Rochester Institute of Technology kak@google.com rlaz@cs.rit.edu Symposium on Usable Privacy and Security (SOUPS) 2009 July 15th-17th,

272 views • 26 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 25: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science &amp; Engineering

419 views • 4 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science &amp; Engineering

219 views • 5 slides
Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271 Announcements intermission Introduction to Computer Security Usability and Voting combined slides Usable security example areas Stephen McCamant Elections

305 views • 8 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Human Factors Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI)

Human Factors Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Human Factors Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Discuss the practical consideration of usability of security

459 views • 31 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
Two forms of data parallelism flat, regular nested, irregular covers sparse structures and

Two forms of data parallelism flat, regular nested, irregular covers sparse structures and

A DDING S UPPORT FOR M ULTI -D IMENSIONAL A RRAYS TO D ATA P ARALLEL H ASKELL Gabriele Keller with M. Chakravarty, S. Peyton Jones, R. Leshchinskiy Programming Languages &amp; Systems School of Computer Sciences &amp; Engineering University of

448 views • 29 slides
NANO NOS Ideas powered by world-class data At a a g glance Play with the data at the

NANO NOS Ideas powered by world-class data At a a g glance Play with the data at the

Conservatives 36, Liberals 33, NDP 18, Green 8, Peoples 1 in latest Nanos federal tracking Nanos Weekly Tracking, ending March 8, 2019 (released March 12, 2019 - 6 am Eastern) NANO NOS Ideas powered by world-class data At a a g glance

811 views • 28 slides
DCS-ctrl: A Fast and Flexible Device-Control Mechanism for Device-Centric Server Architecture

DCS-ctrl: A Fast and Flexible Device-Control Mechanism for Device-Centric Server Architecture

DCS-ctrl: A Fast and Flexible Device-Control Mechanism for Device-Centric Server Architecture Dongup Kwon 1 , Jaehyung Ahn 2 , Dongju Chae 2 , Mohammadamin Ajdari 2 , Jaewon Lee 1 , Suheon Bae 1 , Youngsok Kim 1 , and Jangwoo Kim 1 1 Dept. of

648 views • 29 slides
Innovation Fund A National Development Plan Fund under Project Ireland 2040 Imelda Lambkin

Innovation Fund A National Development Plan Fund under Project Ireland 2040 Imelda Lambkin

Disruptive Technologies Innovation Fund A National Development Plan Fund under Project Ireland 2040 Imelda Lambkin Manager - Disruptive Technologies Innovation Fund Enterprise Ireland 22 OCTOBER 2020 DTIF: 500M over 10 years (360M yet

804 views • 18 slides
MOL2NET, 2018 , 4, http://sciforum.net/conference/mol2net-04 2 many, attractive and successful

MOL2NET, 2018 , 4, http://sciforum.net/conference/mol2net-04 2 many, attractive and successful

MOL2NET, 2018 , 4, http://sciforum.net/conference/mol2net-04 1 MOL2NET, International Conference Series on Multidisciplinary Sciences MDPI Project Portfolio Optimization under Temporal Constraints with uncertainty Fausto Balderas-Jaramillo b ,

744 views • 7 slides
Metastable antibranes and higher-form hydrodynamics Supergravity D-branes Based on: arXiv:

Metastable antibranes and higher-form hydrodynamics Supergravity D-branes Based on: arXiv:

Metastable antibranes and higher-form hydrodynamics Supergravity D-branes Based on: arXiv: 1904.13283 (JHEP) by JA, N. Nguyen, V. Niarchos &amp; N.A. Obers Jay Armas arXiv: 1812.1201067 (Phys. Rev. Lett.) by JA, N. Nguyen, V. Niarchos, N.A.

1.1k views • 58 slides
Ashtead Neighbourhood Forum 5th August Agenda 1. Introduction 1. Apologies 2. Minutes of

Ashtead Neighbourhood Forum 5th August Agenda 1. Introduction 1. Apologies 2. Minutes of

Ashtead Neighbourhood Forum 5th August Agenda 1. Introduction 1. Apologies 2. Minutes of Last Meeting 3. Matters Arising 2. MVDC Local Plan 1. Background Guy Davies MVDC 2. Those Numbers Pat Wiltshire and David Hawksworth 3.

166 views • 12 slides
Our opportunity to shape the village for the future What is a Neighbourhood Plan? A way for

Our opportunity to shape the village for the future What is a Neighbourhood Plan? A way for

Turvey Neighbourhood Plan Our opportunity to shape the village for the future What is a Neighbourhood Plan? A way for Turvey residents to influence how land is used and where new housing is developed in our village Turveys Neighbourhood

616 views • 34 slides

More recommend