evaluating network security using internet wide
play

Evaluating Network Security Using Internet-wide Measurements Oliver - PowerPoint PPT Presentation

Mar 16, 2024 •317 likes •877 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday 24 th May, 2019 Chairman: Prof. Dr. Jrg

  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday 24 th May, 2019 Chairman: Prof. Dr. Jörg Ott Examiners: Prof. Dr.-Ing. Georg Carle Prof. Anja Feldmann, Ph. D.

  2. Motivation 2

  3. Motivation 3

  4. Motivation 3

  5. Motivation 3

  6. Motivation The Internet • Internet measurements can be leveraged to empirically assess security of • protocols, • devices, • implementations, and • configurations • Vast IPv6 address space poses big challenge for Internet measurements 4

  7. Motivation The Internet • Internet measurements can be leveraged to empirically assess security of • protocols, • devices, • implementations, and • configurations • Vast IPv6 address space poses big challenge for Internet measurements Goals • Improve measurement methodology for Internet-wide security measurements • IPv4 and IPv6 • Empirically assess security of three different protocols • HTTPS • BACnet • IPMI 4

  8. Research questions 5

  9. Research questions RQ I RQ II RQ III RQ IV RQ V 6

  10. Research questions RQ I: How can we perform Internet-scale IPv6 measurements? ZMapv6 goscanner RQ II RQ III RQ IV RQ V 6

  11. Research questions RQ I: How can we perform Internet-scale IPv6 measurements? ZMapv6 goscanner RQ II: How biased are address sources for IPv6 hitlists? Passive sources Active sources Biases in sources IPv6 Hitlist Service RQ III RQ IV RQ V 6

  12. Research questions RQ I: How can we perform Internet-scale IPv6 measurements? goscanner ZMapv6 RQ II: How biased are address sources for IPv6 hitlists? Passive sources Active sources Biases in sources IPv6 Hitlist Service RQ III: Are HTTPS servers still vulnerable to MitM attacks? Certificate security HTTPS security RQ IV RQ V 6

  13. Research questions RQ I: How can we perform Internet-scale IPv6 measurements? ZMapv6 goscanner RQ II: How biased are address sources for IPv6 hitlists? Passive sources Active sources Biases in sources IPv6 Hitlist Service RQ III: Are HTTPS servers still vulnerable to MitM attacks? Certificate security HTTPS security RQ IV: Are BACnet devices vulnerable to amplification attacks? Deployment Amplification Notification RQ V 6

  14. Research questions RQ I: How can we perform Internet-scale IPv6 measurements? ZMapv6 goscanner RQ II: How biased are address sources for IPv6 hitlists? Passive sources Active sources Biases in sources IPv6 Hitlist Service RQ III: Are HTTPS servers still vulnerable to MitM attacks? Certificate security HTTPS security RQ IV: Are BACnet devices vulnerable to amplification attacks? Deployment Amplification Notification RQ V: Are IPMI devices vulnerable to MitM attacks? Deployment TLS security 6

  15. Research questions RQ I: How can we perform Internet-scale IPv6 measurements? Chapter 3 ZMapv6 goscanner RQ II: How biased are address sources for IPv6 hitlists? Chapter 4 Passive sources Active sources Biases in sources IPv6 Hitlist Service RQ III: Are HTTPS servers still vulnerable to MitM attacks? Chapter 5 Certificate security HTTPS security RQ IV: Are BACnet devices vulnerable to amplification attacks? Chapter 6 Deployment Amplification Notification RQ V: Are IPMI devices vulnerable to MitM attacks? Chapter 7 Deployment TLS security 6

  16. Research questions RQ I: How can we perform Internet-scale IPv6 measurements? Chapter 3 ZMapv6 goscanner RQ II: How biased are address sources for IPv6 hitlists? Chapter 4 Passive sources Active sources Biases in sources IPv6 Hitlist Service RQ III: Are HTTPS servers still vulnerable to MitM attacks? Chapter 5 Certificate security HTTPS security RQ IV: Are BACnet devices vulnerable to amplification attacks? Chapter 6 Deployment Amplification Notification RQ V: Are IPMI devices vulnerable to MitM attacks? Chapter 7 Deployment TLS security 6

  17. RQ II: How biased are address sources for IPv6 hitlists? 7

  18. RQ II: How biased are address sources for IPv6 hitlists? Motivation • IPv6 address space too large to perform brute-force measurements • Assemble lists of IPv6 target addresses: IPv6 hitlists 8

  19. RQ II: How biased are address sources for IPv6 hitlists? Motivation • IPv6 address space too large to perform brute-force measurements • Assemble lists of IPv6 target addresses: IPv6 hitlists Measurements & analyses • Passive and active measurements • Empirical analysis of different types of biases • Weekly patterns • Different host populations • Different number of addresses • Over-representation of certain prefixes 8

  20. RQ II: How biased are address sources for IPv6 hitlists? IPv6 hitlist passive sources: new IPv6 addresses per day % of unique IPs per day that are new 100 100 90 90 80 80 70 70 60 60 50 50 40 40 30 30 Weekend Weekend Weekend Weekend IXP 20 20 10 MWN 10 0 0 3 4 5 6 7 8 9 0 1 2 3 4 5 6 0 0 0 0 0 1 1 1 1 1 0 0 1 1 - - - - - - - - - - - - - - 9 9 9 9 9 9 9 9 9 9 9 9 9 9 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - - - - - - - - 5 5 5 5 5 5 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 2 2 2 2 2 2 Date 9

  21. RQ II: How biased are address sources for IPv6 hitlists? IPv6 hitlist passive sources: new IPv6 addresses per day % of unique IPs per day that are new 100 100 90 90 80 80 70 70 60 60 50 50 40 40 30 30 Weekend Weekend Weekend Weekend IXP 20 20 10 MWN 10 0 0 3 4 5 6 7 8 9 0 1 2 3 4 5 6 0 0 0 0 0 1 1 1 1 1 0 0 1 1 - - - - - - - - - - - - - - 9 9 9 9 9 9 9 9 9 9 9 9 9 9 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - - - - - - - - 5 5 5 5 5 5 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 2 2 2 2 2 2 Date • Large share of new addresses each day hints at privacy extensions 9

  22. RQ II: How biased are address sources for IPv6 hitlists? IPv6 hitlist passive vs. active sources: Hamming weight distribution 42 N (31.5, 15.75) 40 Frequency [%] 10 8 6 4 2 0 0 10 20 30 40 50 60 Number of IID bits set to '1' (IXP) 10

  23. RQ II: How biased are address sources for IPv6 hitlists? IPv6 hitlist passive vs. active sources: Hamming weight distribution 42 N (31.5, 15.75) 40 Frequency [%] 10 8 6 4 2 0 0 10 20 30 40 50 60 Number of IID bits set to '1' (IXP) 42 N (31.5, 15.75) 40 Frequency [%] 10 8 6 4 2 0 0 10 20 30 40 50 60 Number of IID bits set to '1' (Traceroute) 10

  24. RQ II: How biased are address sources for IPv6 hitlists? IPv6 hitlist passive vs. active sources: Hamming weight distribution 42 N (31.5, 15.75) 40 Frequency [%] 10 8 6 4 2 0 0 10 20 30 40 50 60 Number of IID bits set to '1' (IXP) 42 N (31.5, 15.75) 40 Frequency [%] 10 8 6 4 2 0 0 10 20 30 40 50 60 Number of IID bits set to '1' (Traceroute) • Different host populations: clients at IXP (privacy extensions) vs. routers (manually as- signed addresses) 10

  25. RQ II: How biased are address sources for IPv6 hitlists? IPv6 hitlist active sources: Cumulative address runup 60 M Domainlists 50 M DNS ANY CT 40 M AXFR Bitnodes 30 M RIPE Atlas Traceroute 20 M 10 M 8 0 2 2 4 0 1 1 0 0 - - - - - 7 7 7 8 8 1 1 1 1 1 0 0 0 0 0 2 2 2 2 2 11

  26. RQ II: How biased are address sources for IPv6 hitlists? IPv6 hitlist active sources: Cumulative address runup 60 M Domainlists 50 M DNS ANY CT 40 M AXFR Bitnodes 30 M RIPE Atlas Traceroute 20 M 10 M 8 0 2 2 4 0 1 1 0 0 - - - - - 7 7 7 8 8 1 1 1 1 1 0 0 0 0 0 2 2 2 2 2 • Many addresses from domainlists, CT, and traceroutes • Rapid increase of traceroute addresses due to CPE routers 11

  27. 2001:0db8:0407:8000: 0 151:2900:77e9:03a8 2001:0db8:0407:8000: 1 5ab:3855:92a0:2341 16 branches (random IPs) 2001:0db8:0407:8000::/64 2001:0db8:0407:8000: e aae:cb10:9321:ba76 2001:0db8:0407:8000: f 693:2443:915e:1d2e RQ II: How biased are address sources for IPv6 hitlists? Taxonomy • Alias: another address of the same host • Aliased prefix: whole prefix bound to the same host • Bias: some hosts overrepresented due to aliased prefixes 12

  28. RQ II: How biased are address sources for IPv6 hitlists? Taxonomy • Alias: another address of the same host • Aliased prefix: whole prefix bound to the same host • Bias: some hosts overrepresented due to aliased prefixes Aliased prefix detection 2001:0db8:0407:8000: 0 151:2900:77e9:03a8 2001:0db8:0407:8000: 1 5ab:3855:92a0:2341 16 branches (random IPs) 2001:0db8:0407:8000::/64 2001:0db8:0407:8000: e aae:cb10:9321:ba76 2001:0db8:0407:8000: f 693:2443:915e:1d2e 12

  29. RQ II: How biased are address sources for IPv6 hitlists? Detected aliased prefixes 13

  30. RQ II: How biased are address sources for IPv6 hitlists? Detected aliased prefixes • Only 3.2 % of prefixes are aliased • But 46.6 % of addresses are in aliased prefixes → bias 13

  31. RQ II: How biased are address sources for IPv6 hitlists? 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The Internet as a whole is poorly CS 239 measured Advanced Topics in Network And, hence, poorly understood Security No existing network-wide

354 views • 4 slides
Evaluating Network Security using Internet Measurements Oliver Gasser Tuesday 23 rd May, 2017

Evaluating Network Security using Internet Measurements Oliver Gasser Tuesday 23 rd May, 2017

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security using Internet Measurements Oliver Gasser Tuesday 23 rd May, 2017 Chair of Network Architectures and Services

900 views • 54 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
ZMap and its Security Applications Zakir Durumeric Eric Wustrow J. Alex Halderman University

ZMap and its Security Applications Zakir Durumeric Eric Wustrow J. Alex Halderman University

Fast Internet-Wide Scanning ZMap and its Security Applications Zakir Durumeric Eric Wustrow J. Alex Halderman University of Michigan ZMap: Fast Internet-Wide Scanning and its Security Applications Internet-Wide Network Studies Previous

655 views • 32 slides
Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet

Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet

Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet Connectivity MANET/NEMO integration IPv6 Support on MANET MANET on the Internet Where can MANET be deployed in our daily life?

564 views • 27 slides
NETWORKING AND THE INTERNET COMS W1001 Introduction to Information Science Boyi Xie 2

NETWORKING AND THE INTERNET COMS W1001 Introduction to Information Science Boyi Xie 2

1 NETWORKING AND THE INTERNET COMS W1001 Introduction to Information Science Boyi Xie 2 Todays Topics Network Fundamentals The Internet The World Wide Web Internet Protocols Security 3 Network Classifications Size

687 views • 25 slides
WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a

WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a

WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a Global View the Internet is an evolving open system no central point, no typical network or user complexity everywhere: topology, usage

608 views • 13 slides
Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining

Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining

Fast Internet-Wide Scanning, ZMap Weak Keys and the HTTPS Certificate Ecosystem Zakir Durumeric Michael Bailey University of Michigan ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

491 views • 46 slides
OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers Cryptography Network security System security Web security (recap) Protection File systems implement a protection system Who

800 views • 30 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir

640 views • 53 slides
Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH

Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH

Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH Zrich Imagine a building or structure that represents the Internet The Internet The Internet is perceived to be like the pyramids: monumental

776 views • 19 slides
Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison

Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison

Network Security Network Security Adolfo Rodriguez CPS 214 Telco/Internet Comparison Telco/Internet Comparison Internet Telephone System no central authority central authority end systems in control network in control

1.07k views • 59 slides
INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the

INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the

INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the collection of huge network that is accessible to everyone and everywhere across the world. It connects millions of computers together globally,

338 views • 8 slides
Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group,

Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group,

Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group, ETH Zrich Worst Internet Security Problems? Malware (worms, viruses, etc.) Spyware Ransomware APT HTTP-based attacks Spam,

424 views • 17 slides
NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia

NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia

Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia (partly based on joint work with

1.29k views • 76 slides
Neural Entity Linking on Technical Service Tickets Nadja Kurz, Felix Hamann, Adrian Ulges

Neural Entity Linking on Technical Service Tickets Nadja Kurz, Felix Hamann, Adrian Ulges

Neural Entity Linking on Technical Service Tickets Nadja Kurz, Felix Hamann, Adrian Ulges felix.hamann@hs-rm.de 6/25/2020 Knowledge Management Documentation is scarce and heterogeneous Laser- diode Scanning Device Am Verleimteil

512 views • 12 slides
Inter-domain Role Mapping and Least Privilege Liang Chen Jason Crampton Information Security

Inter-domain Role Mapping and Least Privilege Liang Chen Jason Crampton Information Security

Inter-domain Role Mapping and Least Privilege Liang Chen Jason Crampton Information Security Group, Royal Holloway, University of London 12th ACM Symposium on Access Control Models and Technologies IDRM and Least Privilege Introduction

458 views • 18 slides
Remarks on 2PI formalisms and the fRG Functional Renormalization from quantum gravity and

Remarks on 2PI formalisms and the fRG Functional Renormalization from quantum gravity and

Remarks on 2PI formalisms and the fRG Functional Renormalization from quantum gravity and dark energy to ultracold atoms and condensed matter Heidelberg, March 10, 2017 Based on work done in collaboration with J. Pawlowski and U. Reinosa A

585 views • 15 slides
KAM Tori Are No More Than Sticky Rome, 58 February 2019 David Sauzin, CNRS IMCCE UMR 8028

KAM Tori Are No More Than Sticky Rome, 58 February 2019 David Sauzin, CNRS IMCCE UMR 8028

KAM Tori Are No More Than Sticky Rome, 58 February 2019 David Sauzin, CNRS IMCCE UMR 8028 Observatoire de Paris PSL Research University 1/13 Theorem (B.Fayad-D.S. 2018) 2/13 Theorem (B.Fayad-D.S. 2018) For any N 3, the

1.81k views • 111 slides
Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation

Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation

Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation and a Widely Usable Kernel Tracer April 9th, 2009 Mathieu Desnoyers, cole Polytechnique de Montral 1 > Plan Presenter Tracing

539 views • 25 slides
scheduling 2 FCFS, RR, priority, SRTF 1 last time xv6 scheduler design separate scheduler

scheduling 2 FCFS, RR, priority, SRTF 1 last time xv6 scheduler design separate scheduler

scheduling 2 FCFS, RR, priority, SRTF 1 last time xv6 scheduler design separate scheduler thread disable interrupts while changing thread states threads versus processes thread: part on processor core xv6: each process has exactly one

1.12k views • 65 slides
Scheduling: metrics / FCFS+RR / SJF+SRTF 1 last time fjnish pipe / read / write read: wait till

Scheduling: metrics / FCFS+RR / SJF+SRTF 1 last time fjnish pipe / read / write read: wait till

Scheduling: metrics / FCFS+RR / SJF+SRTF 1 last time fjnish pipe / read / write read: wait till something available, then copy whats available multithreaded process xv6: only single-threaded processes thread: registers, program counter,

1.04k views • 76 slides

More recommend