high speed high security cryptography encrypting and
play

High-speed high-security cryptography: encrypting and - PDF document

Jun 26, 2023 •529 likes •1.48k views

High-speed high-security cryptography: encrypting and authenticating the whole Internet D. J. Bernstein University of Illinois at Chicago wget -m -k -I / \ secspider.cs.ucla.edu cd secspider.cs.ucla.edu awk /GREEN.*GREEN.*GREEN.*Yes/

  1. High-speed high-security cryptography: encrypting and authenticating the whole Internet D. J. Bernstein University of Illinois at Chicago

  2. wget -m -k -I / \ secspider.cs.ucla.edu cd secspider.cs.ucla.edu awk ’ /GREEN.*GREEN.*GREEN.*Yes/ { split($0,x,/<TD>/) sub(/<\/TD>/,"",x[5]) print x[5] } ’ ./*--zone.html \ | sort -u | wc -l

  3. A brief history of DNSSEC server deployment: 1993.11: DNSSEC design begins.

  4. A brief history of DNSSEC server deployment: 1993.11: DNSSEC design begins. 2008.07: Kaminsky announces apocalypse, saves the world.

  5. A brief history of DNSSEC server deployment: 1993.11: DNSSEC design begins. 2008.07: Kaminsky announces apocalypse, saves the world. ✮ New focus on DNSSEC.

  6. A brief history of DNSSEC server deployment: 1993.11: DNSSEC design begins. 2008.07: Kaminsky announces apocalypse, saves the world. ✮ New focus on DNSSEC. 2009.08.09: 941 IP addresses worldwide are running DNSSEC servers.

  7. A brief history of DNSSEC server deployment: 1993.11: DNSSEC design begins. 2008.07: Kaminsky announces apocalypse, saves the world. ✮ New focus on DNSSEC. 2009.08.09: 941 IP addresses worldwide are running DNSSEC servers. 2010.12.24: 2536 IP addresses worldwide are running DNSSEC servers.

  8. What is DNSSEC?

  9. What is DNSSEC? Is it a lock for the Internet?

  10. What is DNSSEC? Is it a lock for the Internet? Or is it more like this?

  11. What is DNSSEC? Is it a lock for the Internet? Or is it more like this? Let’s see what DNSSEC can do as an amplification tool for denial-of-service attacks.

  12. Make list of DNSSEC domains: ( cd secspider.cs.ucla.edu awk ’ /^Zone <STRONG>/ { z = $2 sub(/<STRONG>/,"",z) sub(/<\/STRONG>/,"",z) } /GREEN.*GREEN.*GREEN.*Yes/ { split($0,x,/<TD>/) sub(/<\/TD>/,"",x[5]) print x[5],z,rand() }’ ./*--zone.html ) | sort -k3n \ | awk ’{print $1,$2}’ \ > SERVERS

  13. For each domain: Try query, estimate DNSSEC amplification. while read ip z do dig +dnssec +ignore +tries=1 \ +time=1 any "$z" "@$ip" | \ awk -v "z=$z" -v "ip=$ip" ’{ if ($1 != ";;") next if ($2 != "MSG") next if ($3 != "SIZE") next if ($4 != "rcvd:") next est = (22+$5)/(40+length(z)) print est,ip,z }’ done < SERVERS > AMP

  14. For each DNSSEC server, find domain estimated to have maximum DNSSEC amplification: sort -nr AMP | awk ’{ if (seen[$2]) next if ($1 < 30) next print $1,$2,$3 seen[$2] = 1 }’ > MAXAMP head -1 MAXAMP wc -l MAXAMP Output: 95.6279 156.154.102.26 fi. 2326 MAXAMP

  15. Can that really be true? ❃ 2000 DNSSEC servers around the Internet, each providing ❃ 30 ✂ amplification of incoming UDP packets?

  16. Can that really be true? ❃ 2000 DNSSEC servers around the Internet, each providing ❃ 30 ✂ amplification of incoming UDP packets? Let’s verify this. Choose quiet test machines on two different networks (without egress filters). e.g. Sender: 1.2.3.4. Receiver: 5.6.7.8.

  17. Run network-traffic monitors on 1.2.3.4 and 5.6.7.8. On 1.2.3.4, set response address to 5.6.7.8, and send 1 query/second: ifconfig eth0:1 \ 5.6.7.8 \ netmask 255.255.255.255 while read est ip z do dig -b 5.6.7.8 \ +dnssec +ignore +tries=1 \ +time=1 any "$z" "@$ip" done < MAXAMP >/dev/null 2>&1

  18. I sustained 51 ✂ amplification of actual network traffic in a US-to-Europe experiment on typical university computers.

  19. I sustained 51 ✂ amplification of actual network traffic in a US-to-Europe experiment on typical university computers. Attacker sending 10Mbps can trigger 500Mbps flood from the DNSSEC drone pool, taking down typical site.

  20. I sustained 51 ✂ amplification of actual network traffic in a US-to-Europe experiment on typical university computers. Attacker sending 10Mbps can trigger 500Mbps flood from the DNSSEC drone pool, taking down typical site. Attacker sending 200Mbps can trigger 10Gbps flood, taking down very large site.

  21. I sustained 51 ✂ amplification of actual network traffic in a US-to-Europe experiment on typical university computers. Attacker sending 10Mbps can trigger 500Mbps flood from the DNSSEC drone pool, taking down typical site. Attacker sending 200Mbps can trigger 10Gbps flood, taking down very large site. Want even more: 100Gbps? Tell people to install DNSSEC!

  22. Cryptographic failure patterns Alice and Bob are communicating. Eve is eavesdropping. Alice and Bob have several standard security goals: Confidentiality despite espionage. Maybe Eve wants to acquire data. Integrity despite corruption. Maybe Eve wants to change data. Availability despite sabotage. Maybe Eve wants to destroy data.

  23. Failure pattern #1: “The attacker isn’t sniffing our network packets so we’re secure.” Example of this “security”: Typical HTTP user cookies.

  24. Failure pattern #1: “The attacker isn’t sniffing our network packets so we’re secure.” Example of this “security”: Typical HTTP user cookies.

  25. Failure pattern #2: “The attacker isn’t forging network packets so we’re secure.” Examples of this “security”: ✎ TCP checking IP address. ✎ DNS checking IP address. ✎ New: Tcpcrypt.

  26. Failure pattern #2: “The attacker isn’t forging network packets so we’re secure.” Examples of this “security”: ✎ TCP checking IP address. ✎ DNS checking IP address. ✎ New: Tcpcrypt. “Compare this tcpdump output, which appears encrypted ✿ ✿ ✿ with the cleartext packets you would see without tcpcryptd running. ✿ ✿ ✿ Active attacks are much harder as they require listening and modifying network traffic.”

  27. Failure pattern #3: “We detect corrupt data so we’re secure.”

  28. Failure pattern #3: “We detect corrupt data so we’re secure.” What about confidentiality? DNSSEC encrypts nothing, and broadcasts private DNS names (such as acadmedpa.org.br ). dnscurve.org/nsec3walker.html

  29. Failure pattern #3: “We detect corrupt data so we’re secure.” What about confidentiality? DNSSEC encrypts nothing, and broadcasts private DNS names (such as acadmedpa.org.br ). dnscurve.org/nsec3walker.html What about availability? Eve destroys an SSH connection or an HTTPS connection or a DNSSEC lookup by forging one packet. Eve uses the DNSSEC drones to amplify DDoS attacks.

  30. Failure pattern #4: “The attacker doesn’t control these trusted third parties so we’re secure.”

  31. Failure pattern #4: “The attacker doesn’t control these trusted third parties so we’re secure.” Are the HTTPS certificate authorities all trustworthy?

  32. Failure pattern #4: “The attacker doesn’t control these trusted third parties so we’re secure.” Are the HTTPS certificate authorities all trustworthy? Is the DNS root trustworthy?

  33. Failure pattern #5: “We’re cryptographically protecting ❳ so we’re secure.”

  34. Failure pattern #5: “We’re cryptographically protecting ❳ so we’re secure.” Is ❳ the complete communication from Alice to Bob, all the way from Alice to Bob?

  35. Failure pattern #5: “We’re cryptographically protecting ❳ so we’re secure.” Is ❳ the complete communication from Alice to Bob, all the way from Alice to Bob? Often ❳ doesn’t reach Bob.

  36. Failure pattern #5: “We’re cryptographically protecting ❳ so we’re secure.” Is ❳ the complete communication from Alice to Bob, all the way from Alice to Bob? Often ❳ doesn’t reach Bob. Example: Bob views Alice’s web page on his Android phone. Phone asked hotel DNS cache for web server’s address. Eve forged the DNS response! DNS cache checked DNSSEC but the phone didn’t.

  37. Often ❳ isn’t Alice’s data.

  38. Often ❳ isn’t Alice’s data. “.ORG becomes the first open TLD to sign their zone with DNSSEC ✿ ✿ ✿ Today we reached a significant milestone in our effort to bolster online security for the .ORG community. We are the first open generic Top-Level Domain to successfully sign our zone with Domain Name Security Extensions (DNSSEC). To date, the .ORG zone is the largest domain registry to implement this needed security measure.”

  39. What did .org actually sign? 2010.12.25 test: Look up wikipedia.org . The response has a signed statement “There might be names with hashes between hh91kmqm332a7m6egn74ln9afi3fgk84 , hheprfsv14o44rv9pgcndkt4thnraomv but we haven’t signed any of those names. Sincerely, .org ” Plus an unsigned statement “The wikipedia.org servers are 208.80.152.130, 208.80.152.142, 91.198.174.4.”

  40. Often ❳ is horribly incomplete.

  41. Often ❳ is horribly incomplete. Example: ❳ is a server address, with a DNSSEC signature. What Alice is sending to Bob are web pages, email, etc. Those aren’t the same as ❳ !

  42. Often ❳ is horribly incomplete. Example: ❳ is a server address, with a DNSSEC signature. What Alice is sending to Bob are web pages, email, etc. Those aren’t the same as ❳ ! Alice can use HTTPS to protect her web pages ✿ ✿ ✿ but then what attack is stopped by DNSSEC?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

High-speed high-security cryptography on ARMs Daniel J. Bernstein Research Professor, University

High-speed high-security cryptography on ARMs Daniel J. Bernstein Research Professor, University

High-speed high-security cryptography on ARMs Daniel J. Bernstein Research Professor, University of Illinois at Chicago Professor, Cryptographic Implementations, Technische Universiteit Eindhoven Tanja Lange Professor, Coding and Cryptology,

288 views • 17 slides
High-speed cryptography, Crypto performance problems part 1: often lead users to reduce

High-speed cryptography, Crypto performance problems part 1: often lead users to reduce

High-speed cryptography, Crypto performance problems part 1: often lead users to reduce elliptic-curve formulas cryptographic security levels or give up on cryptography. Daniel J. Bernstein University of Illinois at Chicago &amp; Example 1

1.55k views • 138 slides
High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is

High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is

1 2 High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is University of Illinois at Chicago &amp; much slower than it could be. Technische Universiteit Eindhoven Is software applied to much data? with

1.17k views • 115 slides
Jasmin: High-Assurance and High-Speed Cryptography Jos Bacelar Almeida Manuel Barbosa Gilles

Jasmin: High-Assurance and High-Speed Cryptography Jos Bacelar Almeida Manuel Barbosa Gilles

Jasmin: High-Assurance and High-Speed Cryptography Jos Bacelar Almeida Manuel Barbosa Gilles Barthe Arthur Blot Benjamin Grgoire Vincent Laporte Tiago Oliveira Hugo Pacheco Benedick Schmidt Pierre-Yves Strub CCS17 2017-11-02

440 views • 31 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &amp;

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &amp;

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &amp; Approaches Security: Challenges &amp; Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363

High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363

High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363 more elliptic-curve formulas; uses Weierstrass curves field arithmetic in Jacobian coordinates Daniel J. Bernstein to provide the fastest

2.15k views • 187 slides
High-speed cryptography, Cryptographers part 3: more cryptosystems Working

High-speed cryptography, Cryptographers part 3: more cryptosystems Working

High-speed cryptography, Cryptographers part 3: more cryptosystems Working systems Daniel J. Bernstein Cryptanalytic University of Illinois at Chicago &amp; algorithm designers Technische Universiteit Eindhoven Unbroken

1.49k views • 145 slides
High-speed cryptography for mobile devices D. J. Bernstein University of Illinois at Chicago,

High-speed cryptography for mobile devices D. J. Bernstein University of Illinois at Chicago,

High-speed cryptography for mobile devices D. J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven Picture credits: geeky-gadgets.com ; Star Trek The Internet of Things Andrew Myers, Stanford Report, 2011.02.11:

543 views • 36 slides
High-speed cryptography, part 3: more cryptosystems Daniel J. Bernstein University of Illinois

High-speed cryptography, part 3: more cryptosystems Daniel J. Bernstein University of Illinois

High-speed cryptography, part 3: more cryptosystems Daniel J. Bernstein University of Illinois at Chicago &amp; Technische Universiteit Eindhoven Cryptographers Working systems Cryptanalytic algorithm designers Unbroken

739 views • 44 slides
High-speed cryptography, DNSSEC, and DNSCurve D. J. Bernstein University of Illinois at Chicago

High-speed cryptography, DNSSEC, and DNSCurve D. J. Bernstein University of Illinois at Chicago

High-speed cryptography, DNSSEC, and DNSCurve D. J. Bernstein University of Illinois at Chicago NSF ITR0716498 Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address, makes

924 views • 61 slides
Is he ever going to quit? 1 High power, high speed and high linearity photodiode for

Is he ever going to quit? 1 High power, high speed and high linearity photodiode for

Is he ever going to quit? 1 High power, high speed and high linearity photodiode for NextGen-VLA antenna project Qinglong Li, Andreas Beling, Joe C. Campbell University of Virginia, Charlottesville, VA 22904 Outline High power photodiode

746 views • 25 slides
High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma

High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma

Preliminaries FPGA Implementation Results, Comparisons and Conclusions High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma Skytt a Helsinki University of Technology Department of Signal

528 views • 36 slides
High-speed cryptography Daniel J. Bernstein University of Illinois at Chicago &amp; Technische

High-speed cryptography Daniel J. Bernstein University of Illinois at Chicago &amp; Technische

1 High-speed cryptography Daniel J. Bernstein University of Illinois at Chicago &amp; Technische Universiteit Eindhoven with some slides from: Tanja Lange Technische Universiteit Eindhoven 2 Do we care about speed? Almost all software is

1.36k views • 44 slides
High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing

High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing

High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address, makes an SMTP connection, sends

617 views • 40 slides
Britain's New High Speed Railway Carole Bardell, Head of Health, Safety and Security, HS2 Ltd 12

Britain's New High Speed Railway Carole Bardell, Head of Health, Safety and Security, HS2 Ltd 12

Britain's New High Speed Railway Carole Bardell, Head of Health, Safety and Security, HS2 Ltd 12 th March 2018 Aims for Today Get you up to speed on: HS2 Phase One The way we work; Safe at heart and The Supply Chain Standard

464 views • 29 slides
Hardware Acceleration: An Essential Part of Cyber Security in High-Speed Networks Ji

Hardware Acceleration: An Essential Part of Cyber Security in High-Speed Networks Ji

Hardware Acceleration: An Essential Part of Cyber Security in High-Speed Networks Ji Novotn Pavel eleda Radek Krej novotny@ics.muni.cz celeda@ics.muni.cz krejci@liberouter.org DeepSec In-Depth Security Conference 2010

652 views • 52 slides
Time Synchronization Security Chaudhry Tanmay Agenda Time Synchronization Protocols?

Time Synchronization Security Chaudhry Tanmay Agenda Time Synchronization Protocols?

Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Time Synchronization Security Chaudhry Tanmay Agenda Time Synchronization Protocols? Security Concerns Network Time Protocol

413 views • 13 slides
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner

T-79.194 Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner presentation by Maarit Hietalahti Helsinki University of Technology Laboratory for Theoretical Computer Science

298 views • 14 slides
Network Security Protocols: Analysis methods and standards John Mitchell Stanford University

Network Security Protocols: Analysis methods and standards John Mitchell Stanford University

Network Security Protocols: Analysis methods and standards John Mitchell Stanford University Joint work with many students, postdocs, collaborators TRUST : Team for Research in Ubiquitous Secure Technologies NSF Science and Technology Center

536 views • 40 slides
Where is the FEEB? The Effectiveness of Instruction Set Randomization Ana Sovarel, David Evans

Where is the FEEB? The Effectiveness of Instruction Set Randomization Ana Sovarel, David Evans

Where is the FEEB? The Effectiveness of Instruction Set Randomization Ana Sovarel, David Evans and Nathanael Paul Presented by Sandra Rueda CSE 598A - Spring 2007 - Sandra Rueda Page 1 Code Injection Attacks High level description:

246 views • 20 slides
Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647

Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647

Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647 Advanced Topics in Wireless Networks Our focus: MANETs Multi-hop routing: unicast multicast infrastructure access Our focus: MANETs

894 views • 26 slides
Chapter 8 Intrusion Detection Classes of Intruders -- Cyber Criminals Individuals or

Chapter 8 Intrusion Detection Classes of Intruders -- Cyber Criminals Individuals or

Chapter 8 Intrusion Detection Classes of Intruders -- Cyber Criminals Individuals or members of an organized crime group with a goal of financial reward Their activities may include: Identity theft Theft of financial

771 views • 44 slides
Evaluating the impact of eDoS attacks to cloud facilities Gian-Luca Dei Rossi 1 Mauro Iacono 2

Evaluating the impact of eDoS attacks to cloud facilities Gian-Luca Dei Rossi 1 Mauro Iacono 2

Evaluating the impact of eDoS attacks to cloud facilities Gian-Luca Dei Rossi 1 Mauro Iacono 2 Andrea Marin 1 1 Universit` a Ca Foscari Venezia 2 Seconda Universit` a di Napoli November 18, 2015 The setting Nowadays the use of cloud computing

454 views • 30 slides
Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro,

Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro,

Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro, P. Pace, A. Parise, L. Molina Valdiviezo Universit` a della Calabria D.I.M.E.S 87036 Rende(CS) - Italy Email: a.furfaro@unical.it A. Furfaro

510 views • 18 slides

More recommend