network attacks i
play

Network Attacks I Yongdae Kim KAIST Two Planes Data Plane: Actual - PowerPoint PPT Presentation

Aug 15, 2022 •237 likes •751 views

Network Attacks I Yongdae Kim KAIST Two Planes Data Plane: Actual data delivery Control Plane To support data delivery (efficiently, reliably, and etc.) Routing information exchange In some sense, every protocol except data

  1. Network Attacks I Yongdae Kim KAIST

  2. Two Planes  Data Plane: Actual data delivery  Control Plane ▹ To support data delivery (efficiently, reliably, and etc.) ▹ Routing information exchange ▹ In some sense, every protocol except data delivery is considered to be control plane protocols  Example network ▹ Peer-to- peer network, Cellular network, Internet, … 1

  3. Misconfigurations and Redirection  1997: AS7007  2008: Pakistan Youtube ▹ Claimed shortest path to the ▹ decided to block Youtube whole Internet ▹ One ISP advertised a small part of ▹ Causing Internet Black hole YouTube's (AS 36561) network  2004: TTNet (AS9121)  2010: China ▹ Claimed shortest path to the ▹ 15% of whole Internet traffic was whole Internet routed through China for 18 minutes ▹ Lasted for several hours ▹ including .mil and .gov domain  2006: AS27056  2011: China ▹ "stole" several important prefixes ▹ All traffic from US iPhone to on the Internet Facebook ▹ From Martha Stewart Living to ▹ routed through China and Korea The New York Daily News

  4. AS, BGP and the Internet  AS (Autonomous System) ▹ Core AS: High degree of connectivity ▹ Fringe AS: very low degrees of connectivity, sitting at the outskirts of the Internet ▹ Transit AS: core ASes, which agree to forward traffic to and from other Ases  BGP (Border Gateway Protocol) ▹ the de facto standard routing protocol spoken by routers connecting different ASes. ▹ BGP is a path vector routing algorithm, allowing routers to maintain a table of AS paths to every destination. ▹ uses policies to preferentially use certain AS paths in favor.

  5. 1.0.0.0/8 A DST: 1.0.0.0/8 Path: A DST: 1.0.0.0/8 DST: 1.0.0.0/8 Path: B, A C Path: C, A B DST: 1.0.0.0/8 DST: 1.0.0.0/8 Path: D, B, A Path: E, C, A D E

  6. 1.0.0.0/8 A DST: 1.0.0.0/8 DST: 1.0.0.0/8 DST: 1.0.0.0/8 Path: B, A C Path: C, A Path: B, C, A B DST: 1.0.0.0/8 DST: 1.0.0.0/8 DST: 1.0.0.0/8 DST: 1.0.0.0/8 Path: D, B, A Path: D, C, A Path: E, B, A Path: E, C, A D E

  7. 1.0.0.0/8 A DST: 1.0.0.0/8 DST: 1.0.0.0/8 DST: 1.0.0.0/8 Path: B, A C Path: C, A Path: B, C, A B DST: 1.0.0.0/8 DST: 1.0.0.0/8 DST: 1.0.0.0/8 DST: 1.0.0.0/8 Path: D, B, A Path: E, B, A Path: D, C, A Path: E, C, A D E

  8. Hijacking Bitcoin: Routing Attacks on Cryptocurrencies Maria Apostolaki, Aviv Zohar, Laurent Vanbever ETH Zurich, The Hebrew University, ETH Zurich Geunwoo Lim KAIST

  9. Various Attacks  Many attacks are discovered belonging to consensus and mining pool ▹ Double spending ▹ Selfish mining ▹ BWH attack ▹ FAW attack  But consensus and mining pool is only a fraction of blockchain system  One of the major part of blockchain is network, easily think about P2P system. 8

  10. Network component 9

  11. AS and ISP  Autonomous System ▹ Set of same routing policy with same administrator ▹ Distinguished by ASN ▹ The reason why we use AS is many » Independence of routing policy » Security issue » Minimization of routing traffic  Internet Service Provider ▹ Company which provide internet service ▹ SKT, KT, LG U+ 10

  12. BGP  Border Gateway Protocol ▹ Standardized exterior gateway protocol (EGP) ▹ Path vector protocol ▹ BGP have many security issue because of these three vulnerabilities » Do not have enough mechanism for message integrity, freshness, authentication, etc » Do not have any authority about Network Layer Reachability Information announcement » Do not have authentication process about path announced by other ASes 11

  13. 12

  14. Attack Scenario (partition) 13

  15. Attack Scenario (partition) 14

  16. Attack Scenario (partition) 15

  17. Attack Scenario (partition) 16

  18. Attack Scenario (partition) 17

  19. Attack Scenario (partition) 18

  20. Attack Scenario (partition) 19

  21. Attack Scenario (partition) 20

  22. Attack Scenario (partition) 21

  23. Attack Scenario (partition) 22

  24. Attack Scenario (partition) 23

  25. Attack Scenario (partition) 24

  26. Attack Scenario (partition) 25

  27. Attack Scenario (partition) 26

  28. Attack Scenario (partition) 27

  29. Attack Scenario (partition) 28

  30. Attack Scenario (delay)  Before describe delay attack, there are three phase of gossiping blocks ▹ INV: Initiate message which containing the hash of the announced block ▹ GETDATA: If the hash value is appropriate, requesting message of block data ▹ BLOCK: Response message of GETDATA which contains every information of whole block  After GETDATA message, the requester waits 20 minutes for arriving BLOCK message  The delay attack has two type ▹ Intercepting outgoing traffic ▹ Intercepting incoming traffic 29

  31. Attack Scenario (delay) 30

  32. Attack Scenario (delay) 31

  33. Attack Scenario (delay) 32

  34. Attack Scenario (delay) 33

  35. Attack Scenario (delay) 34

  36. Attack Scenario (delay) 35

  37. Attack Scenario (delay) 36

  38. Attack Scenario (delay) 37

  39. Attack Scenario (delay) 38

  40. Attack Scenario (delay) 39

  41. Attack Scenario (delay) 40

  42. Attack Scenario (delay) 41

  43. Attack Scenario(delay) 42

  44. Attack Scenario(delay) 43

  45. Attack Scenario(delay) 44

  46. How Vulnerable Is Bitcoin To Routing Attacks  A few ASes host most of the Bitcoin nodes  A few ASes naturally intercept the majority of the Bitcoin traffic  >90% of Bitcoin nodes are vulnerable to BGP hijacking ▹ 93% of all prefixes hosting Bitcoin nodes are shorter than /24 45

  47. How Vulnerable Is Bitcoin To Routing Attacks  Diverting Bitcoin traffic via BGP is fast (takes < 2 minutes)  Hijacking < 100 prefixes is enough to isolate ~50% of Bitcoin mining power 46

  48. Short-term Countermeasures  Increase the diversity of node connections ▹ More connected, harder to attack like multihomed  Monitor round-trip time (RTT) ▹ The RTT towards hijacked destinations increases during the attack  Embrace churn ▹ To refresh their connections  Prefer peers hosted in the same AS and in /24 prefixes ▹ Note that network ignores about more than /24 prefix matching connection 47

  49. Long-term Countermeasures  Encrypt Bitcoin Communication and/or adopt MAC ▹ Cannot modify the contents and authenticate sender  Use distinct control and data channels ▹ Currently, Bitcoin traffic is easily identifiable by filtering on the default port(8333) ▹ Using randomized TCP port, it will force the AS-level adversary to maintain state to keep track of these ports.  Request a block on multiple connections 48

  50. Follow-up Paper  SABRE: Protecting Bitcoin against Routing Attacks ▹ Make transparent relay network protecting Bitcoin client from routing attacks by providing them with an extra secure channel 49

  51. Questions? 50

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to penetrate a network by using wireless or evading WLAN access control measures, like AP MAC filters and 802.1X port access controls. Type of Attack

184 views • 7 slides
Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network Coding Based Systems Vahid N. Talooki, University of Aveiro, Portugal Network Coding (NC) allows intermediate nodes not only to store and forward

307 views • 4 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
Overview Network and Server Goal of Security Control Attacks and Penetration Phases of

Overview Network and Server Goal of Security Control Attacks and Penetration Phases of

Overview Network and Server Goal of Security Control Attacks and Penetration Phases of Control Methods of Taking Control Common Points of Attack Multifront Attacks Chapter 12 Auditing to Recognize Attacks Malicious

535 views • 7 slides
Networking Attacks: Link-, IP-, and TCP-layer attacks Network Security Prof. Haojin Zhu

Networking Attacks: Link-, IP-, and TCP-layer attacks Network Security Prof. Haojin Zhu

Networking Attacks: Link-, IP-, and TCP-layer attacks Network Security Prof. Haojin Zhu Materials adopted from Prof. David Wagner 2019 General Communication Security Goals: CIA Confidentiality: No one can read our data / communication

876 views • 60 slides
CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage, David Wagner, and Nick Weaver Threat Modeling for Network Attacks Basic security goals:

804 views • 31 slides
Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet

Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet

CS 134 Winter 2018 Lecture 16 Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet service Autonomous system (AS) is a provider (ISP) collection of IP networks under control local network of a single

769 views • 54 slides
CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020

CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020

CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020 Material from Nadia Heninger, Stefan Savage, David Wagner, and Nick Weaver Threat modeling for network attacks Basic security goals:

1.11k views • 39 slides
CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020

CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020

CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020 Material from Nadia Heninger, Stefan Savage, David Wagner, and Nick Weaver Threat Modeling for Network Attacks Basic security goals:

585 views • 36 slides
Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet

Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet

Lecture 17 CS 134 Spring 2019 Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet service Autonomous system (AS) is a provider (ISP) local network collection of IP networks under control of a

643 views • 25 slides
Attacks in SDN Domains Kostas Giotis , Maria Apostolaki, Vasilis Maglaris IEEE/IFIP Network

Attacks in SDN Domains Kostas Giotis , Maria Apostolaki, Vasilis Maglaris IEEE/IFIP Network

NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA SCHOOL OF ELECTRICAL &amp; COMPUTER ENGINEERING NETWORK MANAGEMENT &amp; OPTIMAL DESIGN LABORATORY (NETMODE) A Reputation-based Collaborative Schema for the Mitigation of Distributed Attacks in SDN

631 views • 9 slides
TCP/IP: sniffing, ARP attacks, IP fragmentation Network Security Lecture 3 Recap and overview

TCP/IP: sniffing, ARP attacks, IP fragmentation Network Security Lecture 3 Recap and overview

TCP/IP: sniffing, ARP attacks, IP fragmentation Network Security Lecture 3 Recap and overview Last time Today TCP/IP Attacks IP Sniffing Ethernet Spoofing ARP Hijacking (ARP) Tools/libraries Libnet,

729 views • 37 slides
Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk Gaastra Supervisor: Vincent Van Mieghem, Deloitte 3 July, 2018 MSc Security and Network Engineering University of Amsterdam Introduction I2P -

720 views • 37 slides
Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Network Security Model Header attacks Protocol Attacks

597 views • 25 slides
Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka

Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka

Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka Savola Introduction Describes a view of ISP backbone network attacks Lots of folks in IETF and elsewhere had quite different ideas whats out

529 views • 9 slides
Network Forensics and Next Generation Internet Attacks Moderated by: Moheeb Rajab Background

Network Forensics and Next Generation Internet Attacks Moderated by: Moheeb Rajab Background

Network Forensics and Next Generation Internet Attacks Moderated by: Moheeb Rajab Background singers: Jay and Fabian 1 Agenda Questions and Critique of Timezones paper Extensions Network Monitoring (recap) Post-Mortem Analysis

666 views • 40 slides
Information meeting on Ipad/Tablets. 5 th February 2018. Programme Schools experience to date

Information meeting on Ipad/Tablets. 5 th February 2018. Programme Schools experience to date

Information meeting on Ipad/Tablets. 5 th February 2018. Programme Schools experience to date and proposal for this year and the future. Presentation by teachers: Ms Fogarty, Mr. McGinn. Students View: Alex OFarrell.

466 views • 25 slides
Prepping for Ransomware in 2017 Risks change, and so should you. THM Group &amp; Infrascale

Prepping for Ransomware in 2017 Risks change, and so should you. THM Group &amp; Infrascale

Prepping for Ransomware in 2017 Risks change, and so should you. THM Group &amp; Infrascale ABOUT THM GROUP Providing custom end-to-end voice &amp; data solu4ons At a Glance Key Focus Founded: 20 years ago HQ: Barrie, Ontario Businesses

691 views • 38 slides
Ross Young #GoogleEdu Googles mission is to organize the worlds information and make it

Ross Young #GoogleEdu Googles mission is to organize the worlds information and make it

Ross Young #GoogleEdu Googles mission is to organize the worlds information and make it universally accessible and useful. 3 Google confidential | Do not distribute The best of Google, for educators and students. Google Apps Google

874 views • 33 slides
Nandeeshwar.B CDAC Hyderabad 29.04.2020 Why Security ? &quot; The olden phrase is always

Nandeeshwar.B CDAC Hyderabad 29.04.2020 Why Security ? &quot; The olden phrase is always

Nandeeshwar.B CDAC Hyderabad 29.04.2020 Why Security ? &quot; The olden phrase is always golden... Prevention is Better than Cure.&quot; Desktop Security BIOS Settings BIOS (Basic Input / Output System) Settings Computers BIOS is

842 views • 68 slides
Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott

Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott

Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott Wakelin 4/27/2004 1 Road Map Road Map Project Goals and Overview Project Status Network Infrastructure ISP Topology ISP

554 views • 30 slides
Resilience of the Domain Name System: A case study for .nl Lars Bade | Radboud University

Resilience of the Domain Name System: A case study for .nl Lars Bade | Radboud University

Resilience of the Domain Name System: A case study for .nl Lars Bade | Radboud University Nijmegen, SIDN 21 March 2016, ICT.Open Agenda 1. Research question 2. Domain Name System 3. Methodology &amp; Results 4. Conclusion 5. Time for asking

525 views • 38 slides
Simulating Routing Schemes on Large- Scale Topologies Luc Hogie (INRIA, Fr), Dimitri

Simulating Routing Schemes on Large- Scale Topologies Luc Hogie (INRIA, Fr), Dimitri

Simulating Routing Schemes on Large- Scale Topologies Luc Hogie (INRIA, Fr), Dimitri Papadimitriou (A-L Bell Labs, Be), Issam Tahiri (INRIA, Fr), Frederic Majorczyk (Univ.Bordeaux/LaBRI, Fr) IEEE PADS Workshop Atlanta Georgia Tech. May

741 views • 28 slides
Glo lobal Routing Security and it its im impact on Policy Development Aftab Siddiqui Senior

Glo lobal Routing Security and it its im impact on Policy Development Aftab Siddiqui Senior

February 2019 Glo lobal Routing Security and it its im impact on Policy Development Aftab Siddiqui Senior Manager, Internet Technology siddiqui@isoc.org Lets understand the problem.. What is the connection between routing security

346 views • 19 slides

More recommend