h healing heartbleed li h bl d
play

H Healing Heartbleed li H bl d Vulnerability Mitigation with - PowerPoint PPT Presentation

Apr 14, 2023 •99 likes •640 views

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir

  1. H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet ‐ wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman

  2. Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman 21st Usenix Security Symposium (Sec ’12), August 2012 ( ’ ) ZMap: Fast Internet ‐ Wide Scanning and Its Security Applications Zakir Durumeric, Eric Wustrow, and J. Alex Halderman 22nd Usenix Security Symposium (Sec ’13), August 2013 Analysis of the HTTPS Certificate Ecosystem Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman Based on Basedon 13th Internet Measurement Conference (IMC ’13), October 2013 joint work: An Internet ‐ Wide View of Internet ‐ Wide Scanning Zakir Durumeric, Michael Bailey, and J. Alex Halderman 23rd USENIX Security Symposium (Sec ’14), August 2014 Zippier ZMap: Internet ‐ Wide Scanning at 10Gbps David Adrian, Zakir Durumeric, Gulshan Singh, and J. Alex Halderman David Adrian, Zakir Durumeric, Gulshan Singh, and J. Alex Halderman 8th USENIX Workshop on Offensive Technologies (WOOT ’14), August 2014 The Matter of Heartbleed Zakir Durumeric, James Kasten, J. Alex Halderman, Michael Bailey, Frank Li, Zakir Durumeric, James Kasten, J. Alex Halderman, Michael Bailey, Frank Li, Nicholas Weaver, Bernhard Amann, Jethro Beekman, Mathias Payer, and Vern Paxson. In submission.

  3. The Internet The Internet

  5. Carna Carna botnet botnet Internet Census 2012 Internet Census 2012

  6. Barriers to using Internet ‐ wide scans? g Census and Survey of the Visible Internet (2008) Census and Survey of the Visible Internet (2008) 3 months to complete ICMP census (2200 CPU ‐ hours) EFF SSL Observatory: A glimpse at the CA ecosystem (2010) 3 months on 3 Linux desktop machines (6500 CPU ‐ hours) Mining Ps and Qs: Widespread weak keys in network devices (2012) 25 hours acoss 25 Amazon EC2 Instances (625 CPU ‐ hours) 25 hours acoss 25 Amazon EC2 Instances (625 CPU ‐ hours) Carna botnet Internet Census (2012) 420,000 usurped hosts

  7. What if...? What if Internet ‐ wide surveys didn’t require heroic effort? What if scanning the IPv4 address space took under an hour? What if we wrote a whole ‐ Internet scanner from scratch?

  9. an open ‐ source tool that can port scan the entire IPv4 address space from just one machine in under 45 minutes with 98% coverage in under 45 minutes with 98% coverage With ZMap, an Internet ‐ wide TCP SYN scan on port 443 is as easy as: $ sudo apt ‐ get install zmap $ zmap –p 443 –o results.csv found 34,132,693 listening hosts found 34,132,693 listening hosts 97% of gigabit Ethernet f b h (took 44m12s) linespeed (1200 x NMAP)

  10. Ethics of Active Scanning Considerations Impossible to request permission from all owners Impossible to request permission from all owners No IP ‐ level equivalent to robots exclusion standard Administrators may believe that they are under attack Administrators may believe that they are under attack Reducing Scan Impact Scan in random order to avoid overwhelming networks Signal benign nature over HTTP and w/ DNS hostnames Honor all requests to be excluded from future scans Be a good neighbor!

  11. ZMap Architecture Typical Port Scanners ZMap Approach Reduce state by scanning in batches Reduce state by scanning in batches Eliminate local per ‐ connection state Eliminate local per connection state ‐ Time lost due to blocking ‐ Fully asynchronous components ‐ Results lost due to timeouts ‐ No blocking except for network Track individual hosts and retransmit Shotgun scanning approach ‐ Most hosts will not respond ‐ Always send n probes per host Avoid flooding through timing Scan widely dispersed targets ‐ Time lost waiting ‐ Send as fast as network allows Utilize existing OS network stack Probe ‐ optimized network stack ‐ Not optimized for immense ‐ Bypass inefficiencies by number of connections generating Ethernet frames

  12. Addressing Probes How do we randomly scan addresses without excessive state? Scan hosts according to random permutation. Iterate over multiplicative group of integers modulo p.

  13. Validating Responses How do we validate responses without local per ‐ target state? Encode secrets into mutable fields of probe packets that will have recognizable effect on responses. receiver sender Ethernet length data MAC address MAC address sender receiver IP V IHL … data IP address IP address sender receiver sequence ack. TCP … data port port number number

  14. Validating Responses How do we validate responses without local per ‐ target state? Encode secrets into mutable fields of probe packets that will have recognizable effect on responses. receiver sender Ethernet length data MAC address MAC address sender receiver IP V IHL … data IP address IP address sender receiver sequence ack. TCP … data port port number number

  15. Packet Transmission and Receipt How do we make processing probes easy and fast? 1. ZMap Framework handles the hard work 1. ZMap Framework handles the hard work 2 . Probe Modules fill in packet details, interpret responses 3. Output Modules allow follow ‐ up or further processing Configuration, Probe Packet Tx Addressing, Generation (raw socket) and Timing Output Response Packet Rx Handler Interpretation (libpcap)

  16. Scan Rate How fast is too fast? No meaningful correlation between speed and response rate. Slower scanning does not reveal additional hosts.

  17. Scan Rate – 10 Gbps? How fast is too fast?

  18. Scan Rate – 10 Gbps? How fast is too fast? Our network finally starts to drop off Our network finally starts to drop off after about 3 Mpps (about 2 Gbps)

  19. ZMap vs. Nmap Averages for scanning 1 million random hosts: D Duration i E Est. Internet I Normalized Coverage (mm:ss) Wide Scan Nmap (1 probe) 81.4% 24:12 62.5 days Nmap (2 probes) 97.8% 45:03 116.3 days ZMap (1 probe) 98.7% 00:10 1:09:35 ZMap (2 probes) 100.0% 00:11 2:12:35 ZMap can scan more than 1300 times faster than the most aggressive ZMap can scan more than 1300 times faster than the most aggressive Nmap default configuration (“insane”) Surprisingly, ZMap also finds more results than Nmap

  20. ZMap: Applications We did > 300 Internet ‐ wide scans over 2 years (> 1 trillion probes). Please ignore probes from 141.212.121.0/24. It’s just our desktop. What else can researchers do with ZMap? Track Adoption of Defenses Track Adoption of Defenses • Fine ‐ grained analysis of HTTPS ecosystem. HTTPS ecosystem. > 100 full scans over a year • Many vulnerabilities! • 10% growth in HTTPS sites % h 23% among Alexa Top 1 M. • Historical data useful for tracking botnets and APTs.

  21. ZMap: Applications We did > 300 Internet ‐ wide scans over 2 years (> 1 trillion probes). Please ignore probes from 141.212.121.0/24. It’s just our desktop. What else can researchers do with ZMap? Detect Service Disruptions Detect Service Disruptions Areas with >30% decrease in listening hosts, port 443 October 29–31, 2013

  22. ZMap: Applications We did > 300 Internet ‐ wide scans over 2 years (> 1 trillion probes). Please ignore probes from 141.212.121.0/24. It’s just our desktop. What else can researchers do with ZMap? Expose Vulnerable Hosts Expose Vulnerable Hosts • Took < 4 hours to code and run UPnP discovery scan, 150 SLOC. UPnP discovery scan, 150 SLOC. • Found 3.34 million devices vulnerable to HD Moore’s attacks. • Compromise possible with a single UDP packet!

  23. Tracking the Scanners Data from large darknet allow us to see scans as they happen. Both researchers and attackers using scanning to spot vulnerable hosts. B Backdoor on kd TCP/32764 December 2013 43 large scans, starting within 24 hours: Shodan, Rapid7, academics, bullet ‐ proof hosting

  24. Broken Cryptographic Keys Why are a large fraction of hosts sharing cryptographic keys? Port 443 (HTTPS) Port 22 (SSH) Live Hosts Live Hosts 12.8 M 12 8 M 10.2 M 10 2 M Distinct RSA public keys 5.6 M 3.8 M Distinct DSA public keys Distinct DSA public keys 6 241 6,241 2 8 M 2.8 M

  25. Broken Cryptographic Keys Why are a large fraction of hosts sharing cryptographic keys?

  27. Factorable Cryptographic Keys Public key modulus N = pq . Factoring N reveals the private key. y pq g p y Factoring 1024 ‐ bit RSA not known to be feasible. However… if two RSA moduli share a prime factor in common, N 1 = pq 1 N 2 = pq 2 gcd( N 1 , N 2 ) = p ( ) Outside observer can factor both with GCD algorithm. Time to factor Time to calculate GCD 768 ‐ bit RSA modulus: for 1024 ‐ bit RSA moduli: 15  s 2 5 2.5 calendar years l d 15

  28. Computing pairwise GCDs Computing pairwise GCDs

  29. Efficiently computing pairwise GCDs Efficiently computing pairwise GCDs

  30. What happens when we GCD all the keys? What happens when we GCD all the keys?

  31. Private keys for 0.5% of all TLS hosts!? 1% of SSH hosts!?

  32. … only two of the factored certificates were signed by a CA, and both are expired. The web pages aren’t active. Look at subject information for certificates:

  33. Why do we find vulnerable keys? Why do we find vulnerable keys?

  34. Linux random number generators Linux random number generators

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Title: Healing Class 103 Week 1 Healing 103 Week 1 Jesus Healing Individuals Part 5

Title: Healing Class 103 Week 1 Healing 103 Week 1 Jesus Healing Individuals Part 5

Title: Healing Class 103 Week 1 Healing 103 Week 1 Jesus Healing Individuals Part 5 &quot;How Does Healing Come?&quot; Acts 10:38 how God anointed Jesus of Nazareth with the Holy Spirit and with power, who went about doing good and healing

188 views • 3 slides
The Healing Journey (Healing from within) Alastair Cunningham OCI/PMH/UHN OCI/PMH/UHN Healing:

The Healing Journey (Healing from within) Alastair Cunningham OCI/PMH/UHN OCI/PMH/UHN Healing:

The Healing Journey (Healing from within) Alastair Cunningham OCI/PMH/UHN OCI/PMH/UHN Healing: the relief of suffering External means Internal means - Western medicine (remove Psychological and spiritual Psychological and spiritual the

1.08k views • 30 slides
Optimal Healing Environments A Key Component of Your Personal Resiliency Plan Personal Healing

Optimal Healing Environments A Key Component of Your Personal Resiliency Plan Personal Healing

Optimal Healing Environments A Key Component of Your Personal Resiliency Plan Personal Healing Capacity Everyone has an inherent healing capacity You can increase your bodys ability to heal by making small changes in your daily life

801 views • 45 slides
Heartbleed Presented by Duc Tran Agenda Background TLS OpenSSL TLS

Heartbleed Presented by Duc Tran Agenda Background TLS OpenSSL TLS

Heartbleed Presented by Duc Tran Agenda Background TLS OpenSSL TLS Heartbeat Extension The Hearbleed Bug Whos Vulnerable Demo Why its bad Protections Background What is Transport

562 views • 17 slides
Fatma Zaidi ALI 268: The Healing Art of Aromatherapy Aromatic plants have been used since the

Fatma Zaidi ALI 268: The Healing Art of Aromatherapy Aromatic plants have been used since the

Healing with the Art of Aromatherapy Fatma Zaidi ALI 268: The Healing Art of Aromatherapy Aromatic plants have been used since the dawn of humanity for healing. Today we are blessed to have access to high quality essential oils that represent

922 views • 16 slides
The Heartbleed Bug and Attack Background: the Heartbeat Protocol TLS/SSL protocols provide a

The Heartbleed Bug and Attack Background: the Heartbeat Protocol TLS/SSL protocols provide a

The Heartbleed Bug and Attack Background: the Heartbeat Protocol TLS/SSL protocols provide a secure channel between two communicating applications TLS/SSL is widely used Heartbeat extension: implement keep-alive feature of TLS.

196 views • 8 slides
OpenSSL after HeartBleed Tim Hudson Cryptsoft, OpenSSL Team Rich Salz Akamai Technologies,

OpenSSL after HeartBleed Tim Hudson Cryptsoft, OpenSSL Team Rich Salz Akamai Technologies,

OpenSSL after HeartBleed Tim Hudson Cryptsoft, OpenSSL Team Rich Salz Akamai Technologies, OpenSSL Team The most important date April 3, 2014 LinuxCon/Europe 2016 2 The most important date April 3, 2014 HeartBleed Re-key the

755 views • 34 slides
Self Healing in Streaming Systems #UW Database Day Dec 2nd, 2016 Karthik Ramasamy

Self Healing in Streaming Systems #UW Database Day Dec 2nd, 2016 Karthik Ramasamy

Self Healing in Streaming Systems #UW Database Day Dec 2nd, 2016 Karthik Ramasamy Twi/er @karthikz 2 What is self healing? A self healing system adapts itself as their environmental condi8ons

638 views • 36 slides
Listening: the radical act of healing Helen Walley

Listening: the radical act of healing Helen Walley

Listening: the radical act of healing Helen Walley Acorn Chris5an Healing Founda5on Regional staff member for the Midlands The gift of being a good

308 views • 16 slides
Towards a sustainable solution to open source sustainability Tobie Langel, Principal, UnlockOpen

Towards a sustainable solution to open source sustainability Tobie Langel, Principal, UnlockOpen

Towards a sustainable solution to open source sustainability Tobie Langel, Principal, UnlockOpen The Heartbleed Bug Heartbleed bug impact ! 4.5 MILLION The number of US patient records whose confidentiality was compromised. &quot; $500

887 views • 39 slides
Questions to Answer Systems Approach to the Exam 1. What are expected healing rates for DFU with

Questions to Answer Systems Approach to the Exam 1. What are expected healing rates for DFU with

4/8/2017 Approach to Non-healing Approach to Non-healing Diabetic Foot Ulcers Diabetic Foot Ulcers Gary M. Rothenberg, DPM, CDE, CWS The University of Michigan Medical School Clinical Assistant Professor Department of Internal Medicine

506 views • 5 slides
The Matter of Heartbleed IMC 2014 Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro

The Matter of Heartbleed IMC 2014 Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro

The Matter of Heartbleed IMC 2014 Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicholas Weaver, David Adrian, Vern Paxson, Michael Bailey, J. Alex Halderman U.C. Berkeley CS294-105 Fall 2014 1

705 views • 17 slides
Testing TLS Hubert Kario Quality Engineer 24-10-2015 2014 Heartbleed 24-10-2015 3/55

Testing TLS Hubert Kario Quality Engineer 24-10-2015 2014 Heartbleed 24-10-2015 3/55

Testing TLS Hubert Kario Quality Engineer 24-10-2015 2014 Heartbleed 24-10-2015 3/55 OpenSSL CCS bug 24-10-2015 4/55 gotofail 24-10-2015 5/55 Certifjcate handling 24-10-2015 6/55 CVE-2014-6321 in schannel a.k.a. Winshock

774 views • 55 slides
Healing &amp; Transformation (TRHT) Campus Centers The Truth, Racial Healing &amp; Transformation

Healing &amp; Transformation (TRHT) Campus Centers The Truth, Racial Healing &amp; Transformation

Advancing Racial Equity through Truth, Racial Healing &amp; Transformation (TRHT) Campus Centers The Truth, Racial Healing &amp; Transformation (TRHT) Effort Launched by the W.K. Kellogg Foundation in 2016, TRHT is a national and community

349 views • 24 slides
Healing Practices in BIPOC Communities It Is Time For Us To Become The Owners Of The Tools Of Our

Healing Practices in BIPOC Communities It Is Time For Us To Become The Owners Of The Tools Of Our

1 Healing Practices in BIPOC Communities It Is Time For Us To Become The Owners Of The Tools Of Our Own Healing!!! #HealingForTheVillage Melanie Funchess 2 Giving Honor to the Ancestors on whose Backs we stand for bringing us this far on

729 views • 18 slides
Col olou ours s of of Gr Grief ief an and Hea d Healing: ling: A Worksho A Wo shop p

Col olou ours s of of Gr Grief ief an and Hea d Healing: ling: A Worksho A Wo shop p

Col olou ours s of of Gr Grief ief an and Hea d Healing: ling: A Worksho A Wo shop p fo for Chil ildr dren en an and Fa Fami mili lies es Exp xplori loring ng Lo Loss an ss and Hea d Healing ling Colours of Grief and

713 views • 39 slides
Fixed-Target Program at STAR Daniel Cebra University of California, Davis Daniel Cebra Probing

Fixed-Target Program at STAR Daniel Cebra University of California, Davis Daniel Cebra Probing

Experimental Results on Hadron Production: Reviewing the AGS and the Fixed-Target Program at STAR Daniel Cebra University of California, Davis Daniel Cebra Probing dense baryonic matter with hadrons Slide 1 of 41 Slide 1 of 41 Daniel Cebra

1.07k views • 105 slides
Interactive Foreground Segmentation in Images and Videos Suyog Jain 1 Foreground Segmentation

Interactive Foreground Segmentation in Images and Videos Suyog Jain 1 Foreground Segmentation

2/9/2017 Interactive Foreground Segmentation in Images and Videos Suyog Jain 1 Foreground Segmentation Generate pixel level foreground masks for objects in a given image or video 2 1 2/9/2017 Why is Foreground Segmentation useful?

416 views • 25 slides
Paraphrasing HANDOUT 02 - ACADEMIC WRITING INTRODUCTION Writing an academic essay is one

Paraphrasing HANDOUT 02 - ACADEMIC WRITING INTRODUCTION Writing an academic essay is one

Sourced by M J Paraphrasing HANDOUT 02 - ACADEMIC WRITING INTRODUCTION Writing an academic essay is one assignment needed by students in higher educations. In higher education. Students are strongly prohibited to copy-paste others work such

504 views • 6 slides
Web 2.0 A Security Nightmare? SSL and Webapps Webmontag Karlsruhe, 29.5.2006 Hanno Bck,

Web 2.0 A Security Nightmare? SSL and Webapps Webmontag Karlsruhe, 29.5.2006 Hanno Bck,

Web 2.0 A Security Nightmare? SSL and Webapps Webmontag Karlsruhe, 29.5.2006 Hanno Bck, http://www.hboeck.de/ Web 2.0 for everyone? Web 2.0 applications should be available for the common user Blog in 1 minute, Get your own

254 views • 11 slides
Avit Kumar Bhowmik Institute for Environmental Sciences (Quantitative Landscape Ecology),

Avit Kumar Bhowmik Institute for Environmental Sciences (Quantitative Landscape Ecology),

Environmenta vironmental l Su Sust stainabili ainability ty Vs. s. Poli litical tical De Deci cisio sion: n: A Re Review iew of the e Ban angladesh gladesh Lea eather er Processing cessing In Industr dustry y Rel elocat

1.2k views • 26 slides
Dear Students We welcome you from the platform of Quality Enhancement Cell (QEC) As you know

Dear Students We welcome you from the platform of Quality Enhancement Cell (QEC) As you know

Dear Students We welcome you from the platform of Quality Enhancement Cell (QEC) As you know that feedback is a tool that helps us to identify our strengths and weaknesses and subsequently; we can head towards promoting quality culture in an

517 views • 27 slides
04. 04. Web Track cking tech chnologies: Br Browser

04. 04. Web Track cking tech chnologies: Br Browser

04. 04. Web Track cking tech chnologies: Br Browser fingerprinting Nataliia Bielova @nataliabielova September 18 th , 2018 Web Privacy course University of Trento

666 views • 44 slides
An Information-Theoretic Approach to Routing Scalability Gbor Rtvri, Dvid Szab, Andrs

An Information-Theoretic Approach to Routing Scalability Gbor Rtvri, Dvid Szab, Andrs

An Information-Theoretic Approach to Routing Scalability Gbor Rtvri, Dvid Szab, Andrs Gulys, Attila K orsi, Jnos Tapolcai Budapest Univ. of Technology and Economics Dept. of Telecomm. and Media Informatics

313 views • 14 slides

More recommend