Computer Security Foundations What is Security? Attacker Assets - - PowerPoint PPT Presentation

computer security foundations what is security
SMART_READER_LITE
LIVE PREVIEW

Computer Security Foundations What is Security? Attacker Assets - - PowerPoint PPT Presentation

Jun 02, 2023 10 likes •248 views

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

slide-1
SLIDE 1

IN3210 – Network Security

Computer Security Foundations

slide-2
SLIDE 2

What is Security?

Attacker

Threat

Assets

Counter- measure

slide-3
SLIDE 3

Computer Security

⚫ Security of computers and networks ⚫ Protection of digital assets ⚫ Axioms of Computer Security:

− Confidentiality (e.g. of transmitted secret information) − Integrity (e.g. of stored data) − Availability (e.g. of services)

⚫ Further goals:

− Authenticity − Non-repudiation − Privacy

slide-4
SLIDE 4

Motivations for attacks

⚫ Financial advantages

− Free of charge use service with costs − Performing financial transactions − → Spoofing different identity

⚫ “Fun”

− Challenging security systems

⚫ “Revenge”

− Vandalism − Intrigues

⚫ Political or religious motives

slide-5
SLIDE 5

Security Threats

⚫ Examples for attacks

− Services:

▪ Denial-of-Service

− Communication:

▪ Eavesdropping ▪ Modification

− Stored data:

▪ Espionage ▪ Deletion ▪ „Vandalism“

⚫ Basic attack measures

  • n communication

− Sniffing − Redirection, e.g.

▪ ARP Spoofing ▪ DNS Poisoning ▪ Phishing

− Man-in-the-middle

slide-6
SLIDE 6

“Nomenclature”

⚫ The “good” ones:

− Alice − Bob

⚫ The “bad” ones:

− Eve (passive attacker) − Mallory (active attacker)

6

Bob Alice Eve Mallory

slide-7
SLIDE 7

Sniffing

⚫ Requires access to the communication medium ⚫ Passive Attacks, e.g.:

− Eavesdropping − Traffic analysis

Bob Alice Eve

slide-8
SLIDE 8

Redirection

⚫ Can be used as preparation for man-in-the middle attacks

Bob Alice Eve / Mallory

slide-9
SLIDE 9

Man-in-the-middle

⚫ Passive attacks (see „Sniffing“) ⚫ Active attacks, e.g.

− Packet drop − Packet modification − Packet injection − Packet replay

Alice Bob Eve / Mallory

slide-10
SLIDE 10

Adversary Model

⚫ Important question:

− What capabilities do I assume for the attacker? − What kind of attacks can the attacker perform?

⚫ → Adversary model ⚫ Required for implementing countermeasures/testing

security protocols

⚫ Typical adversary model (Dolev and Yao, 1983):

− The attacker can perform any of the aforementioned action on transmitted packets − The attacker can not break “secure” algorithms (e.g. AES)

⚫ Security schemes (e.g. cryptographic protocols) must

guarantee their security goals in the presence of this attacker

10

slide-11
SLIDE 11

Attack Examples

11

slide-12
SLIDE 12

ARP

⚫ Address Resolution Protocol ⚫ Maps inside local networks from IP address to MAC address

10.0.0.8 Who has 10.0.0.8? 10.0.0.8 = FA … B3 FA … B3

slide-13
SLIDE 13

ARP Spoofing (Redirection Attack)

10.0.0.8 Who has 10.0.0.8? 10.0.0.8 = DC … A7 10.0.0.24 FA … B3 DC … A7

slide-14
SLIDE 14

IP Protocol

⚫ Properties:

− Connection-less − Adressing: source + target IP address − No QoS − No acklowledgement − No protection of packet order − No protection from packet loss / duplication

⚫ No mechanisms for:

− Confidentiality − Integrity − Authenticity − Non-repudiation − Anonymity

slide-15
SLIDE 15

IP Address Spoofing

Network 129.13.182.* Network 131.234.142.*

IP Packet Router Router Source Destination 131.234.142.34 129.13.182.17 Data

C 131.234.142.34 B 129.13.182.17

A

Message from C

slide-16
SLIDE 16

IP Address Spoofing

⚫ Principle:

− Attacker (A) sends packet to B using source IP address of C − Possible response is sent back to C

⚫ Variants:

− Denial of Service on C − Tricking B (or C):

▪ Response not required (e.g. DNS spoofing) ▪ Response can be anticipated ▪ Response can still be read by A (e.g. ARP spoofing)

⚫ Works better with connectionless protocols like UDP or ICMP

than for example with TCP C A B

slide-17
SLIDE 17

Denial-of-Service (DoS)

⚫ Attacker tries to overload the target service or network ⚫ → „Service Denial“ for legitimate users ⚫ Attack can target different service layers:

− Network (e.g. gateway, TCP/IP stacks) − Representation (e.g. XML processing) − Application − Database

⚫ Attacker looks for the bottleneck inside the service

processing chain!

slide-18
SLIDE 18

DoS Example: SYN Flooding

SYN SYN ACK ACK SYN SYN ACK SYN SYN ACK SYN SYN ACK Client Server Client Server

slide-19
SLIDE 19

DDoS: Distributed DoS

⚫ Often executed by multiple attackers: Distributed Denial of

service (DDoS)

⚫ Either controlled by botnet or „crowd“

slide-20
SLIDE 20

DDoS: Mirai Botnet

⚫ Millions of infected IoT devices (routers, IP cameras) ⚫ Offers DDoS as a service:

50.000 devices for 2 weeks: 3000$ - 4000$

Image Source: https://fossbytes.com/live-map-shows-record-breaking-mirai-malware-attacking-country/ Image Source: http://www.bleepingcomputer.com/news/security/you-can-now-rent-a-mirai-botnet-of-400-000-bots/

slide-21
SLIDE 21

DDoS: Mirai Botnet

⚫ Illustrating the infection with Mirai

Quelle: Twitter

slide-22
SLIDE 22

DDoS: Mirai Botnet

⚫ One victim

22 Source: http://krebsonsecurity.com/

slide-23
SLIDE 23

Attack Examples

⚫ ... many more to come throughout the class

23