evaluating network security using internet measurements
play

Evaluating Network Security using Internet Measurements Oliver - PowerPoint PPT Presentation

Mar 03, 2024 •352 likes •900 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security using Internet Measurements Oliver Gasser Tuesday 23 rd May, 2017 Chair of Network Architectures and Services

  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security using Internet Measurements Oliver Gasser Tuesday 23 rd May, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

  2. Chair of Network Architectures and Services Department of Informatics Technical University of Munich About me • Scientific researcher / PhD candidate • Chair of Network Architectures and Services • Technical University of Munich (Germany) • Co-leader of the Global Internet Observatory project • Research interests • Security protocols (TLS, SSH,. . . ) • Amplification attacks • IPv6 scanning O. Gasser — Evaluating Network Security using Internet Measurements 2

  3. Chair of Network Architectures and Services Department of Informatics Technical University of Munich What will this talk be about? • Internet-wide measurements • SSH • BACnet • IPv6 scanning O. Gasser — Evaluating Network Security using Internet Measurements 3

  4. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet measurements • Useful tool • Various techniques • Focus on empirical security measurements O. Gasser — Evaluating Network Security using Internet Measurements 4

  5. Chair of Network Architectures and Services Department of Informatics Technical University of Munich SSH • Secure Shell protocol • Provides encrypted & authenticated remote shell access • Mostly used on servers and routers to provide administrative ac- cess • Security critical protocol → evaluate SSH’s security O. Gasser — Evaluating Network Security using Internet Measurements 5

  6. Chair of Network Architectures and Services Department of Informatics Technical University of Munich SSH measurements • Internet-wide SSH scans 1 • Found ≈ 15 M servers • 42 k servers offer SSH 1 only • Downloaded > 25 M SSH host keys • Host keys identify a server similar to a certificate in TLS • Co-prime weak keys found (0.015 %, 2.4 % for SSH1) • Debian-weak keys found (0.05 %) • Man-in-the-Middle attack possible with weak keys 1 Gasser et al.: “A deeper understanding of SSH: results from Internet-wide scans”, NOMS’14. O. Gasser — Evaluating Network Security using Internet Measurements 6

  7. Chair of Network Architectures and Services Department of Informatics Technical University of Munich SSH: Duplicate keys 1.0 DE 0.5 TW1 • Same key on multiple servers US/JP US SG 0.1 • Similar threat of MitM attacks • Heavily clustered based on Pr[ #hosts > X ] 0.01 Autonomous Systems 1e−3 • Web-hosting providers deploy systems with pre- 1e−4 generated keys • SSH gateways 1 100 10,000 100,000 Number of hosts per key =: X O. Gasser — Evaluating Network Security using Internet Measurements 7

  8. Chair of Network Architectures and Services Department of Informatics Technical University of Munich SSH: Lessons learned • Weak keys • Duplicate keys • Man-in-the-Middle attacks possible • Use public key authentication to thwart MitM • Take cautionary measures before conducting SSH scans ¨ ⌣ O. Gasser — Evaluating Network Security using Internet Measurements 8

  9. Chair of Network Architectures and Services Department of Informatics Technical University of Munich The Internet? O. Gasser — Evaluating Network Security using Internet Measurements 9

  10. Chair of Network Architectures and Services Department of Informatics Technical University of Munich The Internet O. Gasser — Evaluating Network Security using Internet Measurements 10

  11. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet • Building Automation and Control Networks • Used to control • Heating • Solar panels • Ventilation • . . . • Unsolicited access can have real-world consequences • Presence detection → Break into home • Manipulate heating, water flow,. . . • Security & safety critical protocol → evaluate BACnet ’s security O. Gasser — Evaluating Network Security using Internet Measurements 11

  12. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet measurements • Internet-wide BACnet scans 2 • UDP-based request-response protocol • Retrieve and set properties • No security built in • More than 16k devices found 2 Gasser et al.: “Security Implications of Publicly Reachable Building Automation Systems”, WTMC’17. O. Gasser — Evaluating Network Security using Internet Measurements 12

  13. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet: Deployment → Heavily clustered in countries and ASes O. Gasser — Evaluating Network Security using Internet Measurements 13

  14. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Amplification attacks Amplifier Amplifier Network Network Small Large requests response with spoofed to victim IP address Victim Victim Attacker Attacker O. Gasser — Evaluating Network Security using Internet Measurements 14

  15. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: O. Gasser — Evaluating Network Security using Internet Measurements 15

  16. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: BACnet → UDP-based � O. Gasser — Evaluating Network Security using Internet Measurements 15

  17. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: BACnet → UDP-based � • No authentication: O. Gasser — Evaluating Network Security using Internet Measurements 15

  18. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: BACnet → UDP-based � • No authentication: BACnet → No handshake necessary � O. Gasser — Evaluating Network Security using Internet Measurements 15

  19. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: BACnet → UDP-based � • No authentication: BACnet → No handshake necessary � • Amplification: O. Gasser — Evaluating Network Security using Internet Measurements 15

  20. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks? • Connectionless: BACnet → UDP-based � • No authentication: BACnet → No handshake necessary � • Amplification: BACnet → ? O. Gasser — Evaluating Network Security using Internet Measurements 15

  21. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet: Amplification factor • About 14k BACnet devices misusable as amplifier • Request same property multiple times within one request • Amplification factor similar to DNS Open Resolver • Operators write really detailed location information into BACnet devices O. Gasser — Evaluating Network Security using Internet Measurements 16

  22. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet: Amplification factor • About 14k BACnet devices misusable as amplifier • Request same property multiple times within one request • Amplification factor similar to DNS Open Resolver • Operators write really detailed location information into BACnet devices • Hwy 57; Located in the silver box on the electrical pole in front of Grove Primary Care Clinic. Pole 123 O. Gasser — Evaluating Network Security using Internet Measurements 16

  23. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks! • Connectionless: BACnet → UDP-based � • No authentication: BACnet → No handshake necessary � • Amplification: O. Gasser — Evaluating Network Security using Internet Measurements 17

  24. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet + Amplification attacks! • Connectionless: BACnet → UDP-based � • No authentication: BACnet → No handshake necessary � • Amplification: BACnet → Freely choose combination of requested properties � O. Gasser — Evaluating Network Security using Internet Measurements 17

  25. Chair of Network Architectures and Services Department of Informatics Technical University of Munich BACnet: Lessons learned • Never attach your BACnet device to the public Internet • Direct threats: Information leakage, surveillance,. . . • Indirect threats: Misused as amplifier • Notify affected parties via CERTs O. Gasser — Evaluating Network Security using Internet Measurements 18

  26. Chair of Network Architectures and Services Department of Informatics Technical University of Munich IPv6 measurements • IPv6 adoption 3 ≈ 15% • Vast address space • Brute-force scanning approach infeasible • Smart address selection needed 3 https://www.google.com/intl/en/ipv6/statistics.html O. Gasser — Evaluating Network Security using Internet Measurements 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday 24 th May, 2019 Chairman: Prof. Dr. Jrg

877 views • 55 slides
Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The Internet as a whole is poorly CS 239 measured Advanced Topics in Network And, hence, poorly understood Security No existing network-wide

354 views • 4 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
A summary of security-related network measurements. David Malone Maynooth University.

A summary of security-related network measurements. David Malone Maynooth University.

A summary of security-related network measurements. David Malone Maynooth University. 2017-09-11 15:15:00 Network Measurement Results Internet Measurement Conference (IMC), Passive and Active Measurement Conference (PAM), Traffic

812 views • 12 slides
Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High

Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High

Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High Quality Path- Discover network trends, find paths Building network models oriented Network Measurement Run experiments using models and

209 views • 4 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet

In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet

Chair of Network Architectures and Services Department of Informatics Technical University of Munich In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements Oliver Gasser, Benjamin Hof, Max

531 views • 39 slides
Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH

Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH

Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH Zrich Imagine a building or structure that represents the Internet The Internet The Internet is perceived to be like the pyramids: monumental

776 views • 19 slides
Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison

Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison

Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison Telco/Internet Comparison Internet Telephone System no central authority central authority end systems in control network in control

1.07k views • 59 slides
Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group,

Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group,

Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group, ETH Zrich Worst Internet Security Problems? Malware (worms, viruses, etc.) Spyware Ransomware APT HTTP-based attacks Spam,

424 views • 17 slides
Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof.

Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof.

Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof. Raluca Ada Popa Feb 27, 2018 Some slides credit David Wagner Announcements Midterm grades released Regrades: Read the follow-ups on the

1.75k views • 156 slides
Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on

Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on

Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on Fire! Lack of sovereignty Frequent outages https://downdetector.com Constant DDoS attacks https://www.digitalattackmap.com

730 views • 48 slides
Macro- and Microscopic Analysis of the Internet Economy from Network Measurements Jakub Mikians

Macro- and Microscopic Analysis of the Internet Economy from Network Measurements Jakub Mikians

Introduction Macroscopic view: Interdomain Traffic Matrix Microscopic view: Price Discrimination Conclusions and Further Work Contributions Backup Macro- and Microscopic Analysis of the Internet Economy from Network Measurements Jakub Mikians

1.04k views • 78 slides
Introduction to Network Security Chapter 3 The Internet Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 3 The Internet Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 3 The Internet Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics The Internet Addressing Client Server Routing Dr. Doug Jacobson - Introduction to 2 Network

940 views • 24 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Introduction to Speaker Diarization Dr. Gerald Friedland International Computer Science

Introduction to Speaker Diarization Dr. Gerald Friedland International Computer Science

Introduction to Speaker Diarization Dr. Gerald Friedland International Computer Science Institute Berkeley, CA friedland@icsi.berkeley.edu Monday, May 21, 12 Speaker Diarization... tries to answer the question: who spoke when?

1.92k views • 141 slides
Do You See What I See? Differential Treatment of Anonymous Users Sheharbano Khattak (University

Do You See What I See? Differential Treatment of Anonymous Users Sheharbano Khattak (University

Do You See What I See? Differential Treatment of Anonymous Users Sheharbano Khattak (University of Cambridge) David Fifield (UC Berkeley) Sadia Afroz (ICSI) Mobin Javed (UC Berkeley) Srikanth Sundaresan (ICSI) Vern Paxson (UC Berkeley,

540 views • 49 slides
Following the Packets: A Walk Through Bros Internal Processing Pipeline Robin Sommer

Following the Packets: A Walk Through Bros Internal Processing Pipeline Robin Sommer

Following the Packets: A Walk Through Bros Internal Processing Pipeline Robin Sommer robin@icir.org Corelight, Inc. International Computer Science Institute Lawrence Berkeley National Laboratory Outline Bros Architecture & Data

896 views • 44 slides
RESPITE: Tandem & multistream research Dan Ellis International Computer Science Institute,

RESPITE: Tandem & multistream research Dan Ellis International Computer Science Institute,

RESPITE: Tandem & multistream research Dan Ellis International Computer Science Institute, Berkeley CA <dpwe@icsi.berkeley.edu> Outline 1 Tandem & LVCSR 2 Mutual information for multistream design 3 Other multistream work at

251 views • 13 slides
Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two

Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two

Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two Six Labs working on DARPA Brandeis This talk goes over work from UCB 1 Install-time permissions A ccept all or dont use the app at all. No

944 views • 77 slides
File Systems: Allocation Issues, Naming, and Performance CS 111 Operating Systems Peter Reiher

File Systems: Allocation Issues, Naming, and Performance CS 111 Operating Systems Peter Reiher

File Systems: Allocation Issues, Naming, and Performance CS 111 Operating Systems Peter Reiher Lecture 14 CS 111 Page 1 Fall 2015 Outline Allocating and managing file system free space File naming and directories File volumes

806 views • 61 slides
Applied Bayesian Nonparametrics 3. Infinite Hidden Markov Models Tutorial at CVPR 2012 Erik

Applied Bayesian Nonparametrics 3. Infinite Hidden Markov Models Tutorial at CVPR 2012 Erik

Applied Bayesian Nonparametrics 3. Infinite Hidden Markov Models Tutorial at CVPR 2012 Erik Sudderth Brown University Work by E. Fox, E. Sudderth, M. Jordan, & A. Willsky AOAS 2011: A Sticky HDP-HMM with Application to Speaker Diarization

664 views • 40 slides
Computer Communication Networks Introduction IECE / ICSI 416 Spring 2020 Prof. Dola Saha 1

Computer Communication Networks Introduction IECE / ICSI 416 Spring 2020 Prof. Dola Saha 1

Computer Communication Networks Introduction IECE / ICSI 416 Spring 2020 Prof. Dola Saha 1 Introductions Instructor Prof. Dola Saha, PhD University of Colorado Boulder http://www.albany.edu/faculty/dsaha/

139 views • 12 slides

More recommend