cse 543 computer security
play

CSE 543 - Computer Security Lecture 22 - Denial of Service November - PowerPoint PPT Presentation

Oct 26, 2023 •404 likes •663 views

CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Denial of Service Intentional prevention

  1. CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1

  2. Denial of Service • Intentional prevention of access to valued resource • CPU, memory, disk (system resources) • DNS, print queues, NIS (services) • Web server, database, media server (applications) • This is an attack on availability ( fidelity ) • Note : launching DOS attacks is easy • Note : preventing DOS attacks is hard • Mitigation the path most frequently traveled 2 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  3. SMURF Attacks • This is one of the deadliest and simplest of the DOS attacks (called a naturally amplified attack) • Send a large number PING packet networks on the broadcast IP addresses (e.g., 192.168.27.254) • Set the source packet IP address to be your victim • All hosts will reflexively respond to the ping at your victim • … and it will be crushed under the load. Host Host Host Host Host adversary Broadcast victim Host Host Host Host 3 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  4. Canonical (common) DOS - Request Flood • Attack: request flooding • Overwhelm some resource with legitimate requests • e.g., web-server, phone system • Note: unintentional flood is called a flash crowd 4 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  5. DOS Prevention - Reverse-Turing Tests • Turing test : measures whether a human can tell the difference between a human or computer (AI) • Reverse Turning tests : measures whether a user on the internet is a person, a bot, whatever? • CAPTCHA - c ompletely automated public Turing test to tell computers and humans apart • contorted image humans can read, computers can’t • image processing pressing SOA, making these harder • Note: often used not just for DOS prevention, but for protecting “free” services (email accounts) 5 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  6. DOS Prevention - Puzzles • Make the solver present evidence of “work” done • If work is proven, then process request • Note: only useful if request processing significantly more work than • Puzzle design • Must be hard to solve • Easy to Verify • Canonical Example • Puzzle: given x-bits of output of h(r), where h is a cryptographic hash function • Solution: Invert h(r) • Q: Assume you are given 108 bits of output for 128-bit hash function, how hard would it be to solve the puzzle? 6 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  7. Worms 7 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  8. Worms • A worm is a self-propagating program. • As relevant to this discussion 1. Exploits some vulnerability on a target host … 2. (often) imbeds itself into a host … 3. Searches for other vulnerable hosts … 4. Goto (1) • Q: Why do we care? 8 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  9. The Danger • What makes worms so dangerous is that infection grows at an exponential rate • A simple model: • s (search) is the time it takes to find vulnerable host • i (infect) is the time is take to infect a host • Assume that t=0 is the worm outbreak , the number of hosts at t=j is 2 (j/(s+i)) • For example, if (s+i = 1), what is it at time t=32? 9 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  10. The result 5,000,000,000 4,500,000,000 4,000,000,000 3,500,000,000 3,000,000,000 2,500,000,000 2,000,000,000 1,500,000,000 1,000,000,000 500,000,000 0 10 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  11. The Morris Worm • Robert Morris, a 23 doctoral student from Cornell • Wrote a small (99 line) program • November 3rd, 1988 • Simply disabled the Internet • How it did it • Reads /etc/password, they tries the obvious choices and dictionary, /usr/dict words • Used local /etc/hosts.equiv, .rhosts, .forward to identify hosts that are related • Tries cracked passwords at related hosts (if necessary) • Uses whatever services are available to compromise other hosts • Scanned local interfaces for network information • Covered its tracks (set is own process name to sh, prevented accurate cores, re-forked itself) 11 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  12. Other scanning strategies • The doomsday worm: a flash worm • Create a hit list of all vulnerable hosts • Staniford et al. argue this is feasible • Would contain a 48MB list • Do the infect and split approach • Use a zero-day vulnerability • Result: saturate the Internet is less than 30 seconds ! 12 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  13. Worms: Defense Strategies • (Auto) patch your systems: most, if not all, large worm outbreaks have exploited known vulnerabilities (with patches) • Heterogeneity: use more than one vendor for your networks • Shield (Ross): provides filtering for known vulnerabilities, such that they are protected immediately (analog to virus scanning) Network Shield Traffic Network Interface Operating System • Filtering: look for unnecessary or unusual communication patterns, then drop them on the floor • This is the dominant method, getting sophisticated (Arbor Networks) 13 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  14. D/DOS (generalized by Mirkovic) • Send a stream of packets/requests/whatever … • many PINGS, HTML requests, ... • Send a few malformed packets • causing failures or expensive error handling • low-rate packet dropping (TCP congestion control) • “ping of death” • Abuse legitimate access • Compromise service/host • Use its legitimate access rights to consume the rights for domain (e.g., local network) • E.g., First-year graduate student runs a recursive file operation on root of NFS partition 14 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  15. Distributed denial of service • DDOS: Network oriented attacks aimed at preventing access to network, host or service • Saturate the target’s network with traffic • Consume all network resources (e.g., SYN) • Overload a service with requests • Use “expensive” requests (e.g., “sign this data”) • Can be extremely costly (e.g, Amazon) • Result: service/host/network is unavailable • Frequently distributed via other attack • Note : IP is often hidden (spoofed) 15 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  16. The canonical DDOS attack (master) (router) Internet LAN (target) (adversary) (zombies) 16 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  17. Adversary Network (zombies) (masters) (adversary) (target) 17 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  18. Why DDOS • What would motivate someone DDOS? • An axe to grind … • Curiosity (script kiddies) … • Blackmail • Information warfare … • Internet is an open system ... • Packets not authenticated, probably can’t be • Would not solve the problem just move it (firewall) • Too many end-points can be remote controlled 18 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  19. Why is DDOS possible? (cont.) • Interdependence - services dependent on each other • E.g., Web depends on TCP and DNS, which depends on routing and congestion control, … • Limited resources (or rather resource imbalances ) • Many times it takes few resources on the client side to consume lots of resources on the server side • E.g., SYN packets consume lots of internal resources • You tell me .. (as said by Mirkovic et al.) • Intelligence and resources not co-located • No accountability • Control is distributed 19 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  20. DDOS and the E2E argument • E2E (a simplified version): We should design the network such that all the intelligence is at the edges . • So that the network can be more robust and scalable • Many think is the main reason why the Internet works • Downside: • Also, no real ability to police the traffic/content • So, many security solutions break this E2E by cracking open packets (e.g., application level firewalls) • DDOS is real because of this … 20 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  21. Q: An easy fix? • How do you solve distributed denial of service? 21 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  22. Simple DDOS Mitigation • Ingress/Egress Filtering – Helps spoofed sources, not much else • Better Security – Limit availability of zombies, not feasible – Prevent compromise, viruses, … • Quality of Service Guarantees (QOS) – Pre- or dynamically allocate bandwidth – E.g., diffserv, RSVP – Helps where such things are available … • Content replication – E.g,. CDS – Useful for static content CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

240 views • 23 slides
Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

8.10.2019 Information Security Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak Can Network Security: Hacettepe University Ensure security of communication over insecure medium

267 views • 10 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

Overview CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security Computer security threats Unintentional: - Coding faults - Operational faults -

238 views • 8 slides
CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 OS Security An secure OS should provide the

873 views • 28 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives

839 views • 38 slides
Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

1.08k views • 42 slides
Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

553 views • 39 slides
CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mandatory Access Control Is about administration

462 views • 19 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 11 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #2 later today Allocate last 30 mins No Class

488 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins

414 views • 20 slides
CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL:

CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL:

CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger 1 Denial of Service Intentional

406 views • 18 slides
Planning to Control Crowd-Sourced Workflows Daniel S. Weld University of Washington 1

Planning to Control Crowd-Sourced Workflows Daniel S. Weld University of Washington 1

3/4/20 Planning to Control Crowd-Sourced Workflows Daniel S. Weld University of Washington 1 30,000 View Crowdsourcing is huge & growing rapidly Virtual organizations Flash teams with mixed human & machine members

591 views • 22 slides
Streaming Video and TCP-Friendly Congestion Control Sugih Jamin Department of EECS University

Streaming Video and TCP-Friendly Congestion Control Sugih Jamin Department of EECS University

Streaming Video and TCP-Friendly Congestion Control Sugih Jamin Department of EECS University of Michigan jamin@eecs.umich.edu Joint work with: Zhiheng Wang (UofM), Sujata Banerjee (HP Labs) Sugih Jamin (jamin@eecs.umich.edu) Video

401 views • 26 slides
OceanStore Status and Directions ROC/OceanStore Retreat 6/10/02 John Kubiatowicz University of

OceanStore Status and Directions ROC/OceanStore Retreat 6/10/02 John Kubiatowicz University of

OceanStore Status and Directions ROC/OceanStore Retreat 6/10/02 John Kubiatowicz University of California at Berkeley Everyones Data, One Utility Millions of servers, billions of clients . 1000-YEAR durability (excepting fall of

557 views • 18 slides
Analysis of Peer to Peer Communication in Networks 2/15/10 Prestige Lecture Purdue University 1

Analysis of Peer to Peer Communication in Networks 2/15/10 Prestige Lecture Purdue University 1

Analysis of Peer to Peer Communication in Networks 2/15/10 Prestige Lecture Purdue University 1 Outline of presentation Overview Fluid analysis (after Massoulie and Vojnovic) Direct stochastic analysis (work with Ji Zhu)

484 views • 32 slides
Black-Box Performance Control for High-Volume Non-Interactive Systems Chunqiang (CQ) Tang IBM

Black-Box Performance Control for High-Volume Non-Interactive Systems Chunqiang (CQ) Tang IBM

IBM Research Black-Box Performance Control for High-Volume Non-Interactive Systems Chunqiang (CQ) Tang IBM T.J. Watson Research Center Sunjit Tara IBM Software Group, Tivoli Rong N. Chang IBM T.J. Watson Research Center Chun Zhang IBM T.J.

425 views • 23 slides
Online Social Networks Fast growing class of Internet services Global IP traffic growth

Online Social Networks Fast growing class of Internet services Global IP traffic growth

15.08.2011 Institute of Computer Science University of Wrzburg Prof. Phuoc Tran-Gia Modelling of Emerging Internet Services: Social Networks and Crowdsourcing Phuoc Tran-Gia, Ingo Scholtes, Tobias Hofeld, Matthias Hirth Institute of

447 views • 6 slides
Content Delivery Networks Instructor: Peter Baumann email: p.baumann@jacobs-university.de tel:

Content Delivery Networks Instructor: Peter Baumann email: p.baumann@jacobs-university.de tel:

Content Delivery Networks Instructor: Peter Baumann email: p.baumann@jacobs-university.de tel: -3178 Credits: Lucy Cherkasova, office: room 88, Research 1 HP Research Labs Palo Alto 340151 Big Data & Cloud Services (P. Baumann) 1

181 views • 14 slides

More recommend