surreptitious communication
play

Surreptitious Communication CS 161 - Computer Security Profs. Vern - PowerPoint PPT Presentation

Mar 05, 2023 •361 likes •690 views

Surreptitious Communication CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 26, 2010

  1. Surreptitious Communication CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 26, 2010

  2. Steganography • Transmitting hidden messages using a known communication channel – Or hiding extra data inside known storage • Goal: Sneak past a reference monitor (“warden”) • Examples? – Zillions: tattooed heads of slaves, least-significant bits of image pixels, extra tags in HTML documents, … – All that’s necessary is agreement between writer of message & reader of message • Security? – Brittle: relies on security-by-obscurity • Warden can extract/block messages if they know the trick

  3. Covert Channels • Communication between two parties that uses a hidden (secret) channel • Goal: evade reference monitor inspection entirely – Warden doesn’t even realize communication is possible • Example: suppose (unprivileged) process A wants to send 128 bits of secret data to (unprivileged) process B … – But can’t use pipes, sockets, signals, or shared memory; and can only read files, can’t write them

  4. Covert Channels, con’t • Method #1: A syslog ’s data, B reads via /var/log/… • Method #2: select 128 files in advance. A opens for read only those corresponding to 1-bit’s in secret. – B recovers bit values by inspecting access times on files • Method #3: divide A ’s running time up into 128 slots. A either runs CPU-bound - or idle - in a slot depending on corresponding bit in the secret. B monitors A ’s CPU usage. • Method #4: Suppose A can run 128 times. Each time it either exits after 2 seconds (0 bit) or after 30 seconds (1 bit). • Method #5: … – There are zillions of Method #5’s!

  5. Covert Channels, con’t • Defenses? • As with steganography, #1 challenge is identifying the mechanisms • Some mechanisms can be very hard to completely remove – E.g., duration of program execution • Fundamental issue is the covert channel’s capacity – Bits (or bit-rate) that adversary can obtain using it • Crucial for defenders to consider their threat model

  6. Side Channels • Inferring information meant to be hidden / private by exploiting how system is structured – Note: unlike for steganography & covert channels, here we do not assume a cooperating sender / receiver • Can be difficult to recognize because often system builders “abstract away” seemingly irrelevant elements of system structure • Side channels can arise from physical structure …

  8. Side Channels • Inferring information meant to be hidden / private by exploiting how system is structured – Note: unlike for steganography & covert channels, here we do not assume a cooperating sender / receiver • Can be difficult to recognize because often system builders “abstract away” seemingly irrelevant elements of system structure • Side channel can arise from physical structure … – … or higher-layer abstractions

  9. /* ¡Returns ¡true ¡if ¡the ¡password ¡from ¡the ¡* ¡user, ¡'p', ¡matches ¡the ¡correct ¡master ¡* ¡password. ¡*/ bool ¡check_password(char ¡*p) { static ¡char ¡*master_pw ¡= ¡"T0p$eCRET"; int ¡i; for(i=0; ¡p[i] ¡&& ¡master_pw[i]; ¡++i) if(p[i] ¡!= ¡master_pw[i]) return ¡FALSE; /* ¡Ensure ¡both ¡strings ¡are ¡same ¡len. ¡*/ return ¡p[i] ¡== ¡master_pw[i]; }

  10. Inferring Password via Side Channel • Suppose the attacker’s code can call check_password many times (but not millions) – But attacker can’t breakpoint or inspect the code • How could the attacker infer the master password using side channel information? • Consider layout of p in memory: ... if(check_password(p)) wildGUe$s BINGO(); ...

  11. Spread p across different memory pages: wildGUe$s Arrange for this page to be paged out If master password doesn’t start with ‘w’, then loop exits on first iteration ( i=0 ): for(i=0; ¡p[i] ¡&& ¡master_pw[i]; ¡++i) if(p[i] ¡!= ¡master_pw[i]) return ¡FALSE; If it does start with ‘w’, then loop proceeds to next iteration, generating a page fault that the caller can observe

  12. T0p$eCRET ? No page Ajunk.... fault No page Bjunk.... fault … Page Tjunk.... fault! No page TAunk.... fault No page TBunk.... fault … Page T0unk.... fault! Fix? No page T0Ank.... fault …

  13. bool ¡check_password2(char ¡*p) { static ¡char ¡*master_pw ¡= ¡"T0p$eCRET”; int ¡i; bool ¡is_correct ¡= ¡TRUE; for(i=0; ¡p[i] ¡&& ¡master_pw[i]; ¡++i) if(p[i] ¡!= ¡master_pw[i]) is_correct ¡= ¡FALSE; ¡ if(p[i] ¡!= ¡master_pw[i]) is_correct ¡= ¡FALSE; return ¡is_correct; } Note: still leaks length of master password

  14. Side Channels in Web Surfing • Suppose Alice is surfing the web and all of her traffic is encrypted • Eve can observe the presence of Alice’s packets but can’t read their contents or destination • How can Eve deduce that Alice is visiting FoxNews (say)?

  16. Eve “fingerprints” web sites based on the specific sizes of the items used to build them

  17. Side Channels in Web Surfing • Suppose Alice is surfing the web and all of her traffic is encrypted • Eve can observe the presence of Alice’s packets but can’t read their contents or destination • How can Eve deduce that Alice is visiting FoxNews (say)? • What about inferring what terms Alice is searching on?

  19. 102 chars. 125 chars. 107 chars. 136 chars. 101 chars. 102 chars.

  20. Exploiting Side Channels For Stealth Scanning • Can attacker using system A scan the server of victim V to see what services V runs … • … without V being able to learn A ’s IP address? • Seems impossible: how can A receive the results of probes A sends to V , unless probes include A ’s IP address for V ’s replies?

  21. IP Header Side Channel 4-bit 8-bit 4-bit 16-bit Total Length (Bytes) Header Type of Service Version Length (TOS) 3-bit 16-bit Identification 13-bit Fragment Offset Flags 8-bit Time to 8-bit Protocol 16-bit Header Checksum Live (TTL) ID field is supposed to be 32-bit Source IP Address unique per IP packet. 32-bit Destination IP Address One easy way to Payload do this: increment it each time system sends a new packet.

  22. SYN-ACK

  23. UI Side Channel Snooping • Scenario: Ann the Attacker works in a building across the street from Victor the Victim. Late one night Ann can see Victor hard at work in his office, but can’t see his CRT display, just the glow of it on his face. • How might Ann snoop on what Victor’s display is showing?

  25. CRT display is made up of an array of phosphor pixels 640x480 (say)

  26. Electron gun sweeps across row of pixels, illuminating each that should be lit one after the other

  27. When done with row, proceeds to next. When done with screen, starts over.

  28. Thus, if image isn’t changing, each pixel is periodically illuminated at its own unique time

  29. Illumination is actually short-lived (100s of nsec).

  30. Photomultiplier + high-precision timing + deconvolution to remove noise

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

U U U U U U U- U - - communication - - - - - communication communication communication communication communication communication communication Korea Mobile Market Trend for Convergence & Ubiquitous Communication 2004.

400 views • 16 slides
Session 12 Assessing and Developing Communication SECTION 4: 1 Communication Communication

Session 12 Assessing and Developing Communication SECTION 4: 1 Communication Communication

Session 12 Assessing and Developing Communication SECTION 4: 1 Communication Communication assessment of communication during everyday events to see which is the most effective communication method of verbal communication

536 views • 9 slides
Vermont Communication Support Project Communication Support In and Out of the Courtroom

Vermont Communication Support Project Communication Support In and Out of the Courtroom

Vermont Communication Support Project Communication Support In and Out of the Courtroom Disability, Communication & Accommodations COMMUNICATION COMMUNI NICATI TION Commu mmuni nication Commun unic icatio ion Communication

654 views • 24 slides
Keep Communication Going Please download the Keep Communication Going Worksheet and Handouts 1

Keep Communication Going Please download the Keep Communication Going Worksheet and Handouts 1

Keep Communication Going Please download the Keep Communication Going Worksheet and Handouts 1 before beginning this class. Keep Communication Going (APR 2013) Principles of Communication Communication is . . . A process by which

509 views • 7 slides
Session 11 Early Communication Development SECTION 4: 1 Communication Communication in its

Session 11 Early Communication Development SECTION 4: 1 Communication Communication in its

Session 11 Early Communication Development SECTION 4: 1 Communication Communication in its widest sense Make a list of all the different ways in which we communicate with each other speech, gesture, touching, pointing..

295 views • 7 slides
Lab 2 Group Communication Desired group communication Multicast communication Andreas

Lab 2 Group Communication Desired group communication Multicast communication Andreas

Overview Introduction to group communication Lab 2 Group Communication Desired group communication Multicast communication Andreas Larsson Group membership service 2009-02-04 DSII: Group Comm. 2 A Distributed System in

415 views • 6 slides
71 www.AgriMoon.Com Communication Skills In this type, the speaker is provided with seven

71 www.AgriMoon.Com Communication Skills In this type, the speaker is provided with seven

Communication Skills Module 4. Oral communication and organizational skills Lesson 15 IMPROMPTU PRESENTATION AND EXTEMPORE 15.1 Introduction Though oral communication happens to be a part of basic communication skills (which has been already

692 views • 8 slides
Communication Saves Lives Communication in healthcare Communication is essential to healthcare

Communication Saves Lives Communication in healthcare Communication is essential to healthcare

Communication Saves Lives Communication in healthcare Communication is essential to healthcare delivery Research has shown that ineffective communication among healthcare professionals is one of the leading causes of medical errors and

388 views • 19 slides
Communication Major Because communication is a vital social phenomenon, the mission of the

Communication Major Because communication is a vital social phenomenon, the mission of the

Communication Major Because communication is a vital social phenomenon, the mission of the communication program at the University of Connecticut is to study and teach about communication with areas of specialization including interpersonal,

642 views • 15 slides
Effective Communication STOR 390 04/11/17 Effective communication will make better at whatever

Effective Communication STOR 390 04/11/17 Effective communication will make better at whatever

Effective Communication STOR 390 04/11/17 Effective communication will make better at whatever you are doing Final project grade Communication is context dependent Audience Medium Content Time Purpose Differing types of audiences

1.06k views • 67 slides
2. Knowledge Representation and Communication Part 2 Part 2: ems (SMA-UPC) Agent Communication

2. Knowledge Representation and Communication Part 2 Part 2: ems (SMA-UPC) Agent Communication

2. Knowledge Representation and Communication Part 2 Part 2: ems (SMA-UPC) Agent Communication Javier Vzquez-Salceda q Multiagent Syste SMA-UPC https://kemlg.upc.edu Communication Why agent communication? In order to solve

517 views • 19 slides
EFFECTIVE COMMUNICATION UITLIZING COMMUNICATION TO INCREASE EFFECTIVNESS Thursday, April 26,

EFFECTIVE COMMUNICATION UITLIZING COMMUNICATION TO INCREASE EFFECTIVNESS Thursday, April 26,

EFFECTIVE COMMUNICATION UITLIZING COMMUNICATION TO INCREASE EFFECTIVNESS Thursday, April 26, 2018 APWA Northern California Chapter Communication and Writing Seminar Learning Objectives 4 key tools for effective communication: Get to the

545 views • 17 slides
PART 1 PROFESSIONAL COMMUNICATION COMMUNICATION Minor CE 1 thing in advance To enlarge the

PART 1 PROFESSIONAL COMMUNICATION COMMUNICATION Minor CE 1 thing in advance To enlarge the

Marketing the power of communication & temptation PART 1 PROFESSIONAL COMMUNICATION COMMUNICATION Minor CE 1 thing in advance To enlarge the ability of the student to create, write and execute a communicationplan. COMMUNICATION Minor

646 views • 47 slides
Interprocess Communication Primitives Message Passing: issues Communication

Interprocess Communication Primitives Message Passing: issues Communication

CPSC-662 Distributed Computing Interprocess Communication Interprocess Communication Primitives Message Passing: issues Communication Schemes Reading: Colouris, Chapter 4 Interprocess Communication (IPC) communicate by

372 views • 6 slides
Leadership Using Effective Communication L eader eadership ship = = Using communication t

Leadership Using Effective Communication L eader eadership ship = = Using communication t

Leadership Using Effective Communication L eader eadership ship = = Using communication t Using communication to achie achieve desired outco e desired outcomes. es. Wh Why is communication y is communication central t central to leader

430 views • 27 slides
Interprocess Communication (IPC) The characteristics of protocols for communication between

Interprocess Communication (IPC) The characteristics of protocols for communication between

Interprocess Communication (IPC) The characteristics of protocols for communication between processes in a distributed system Exploring the Middleware Layers Applications, services RMI and RPC and Request Reply Protocol Marshalling and

883 views • 64 slides
NLP : 2017 6 26

NLP : 2017 6 26

NLP : 2017 6 26 What i is Machine Translation? 2017-06-15 2 To Topics MT history and NLP Intro. to NLP techniques

1.51k views • 88 slides
Plan Course requirements Motivation Resources for Computational Linguists Course

Plan Course requirements Motivation Resources for Computational Linguists Course

Plan Course requirements Motivation Resources for Computational Linguists Course plan WS 05/06 Topic assignments Intro Ivana Kruijff-Korbayov Magdalena Wolska 24 October 2005 WS05/06 Resources for CompLingsts

536 views • 5 slides
Look-a-likes How Internet Giants Reach the Most Relevant Audience at Scale Moran Gavish,

Look-a-likes How Internet Giants Reach the Most Relevant Audience at Scale Moran Gavish,

Look-a-likes How Internet Giants Reach the Most Relevant Audience at Scale Moran Gavish, Outbrain mgavish@outbrain.com Big Data Moscow, October-11 th -2018 Outbrains Mission: Helping people discover great content 3 +550M +250B 6000

684 views • 42 slides
CARBON TAX UNIVERSITY OF WASHINGTON | ENVIRONMENT 439 | WINTER 2017 AN INTRODUCTION TO THE

CARBON TAX UNIVERSITY OF WASHINGTON | ENVIRONMENT 439 | WINTER 2017 AN INTRODUCTION TO THE

ALLIE BULL. LYNN CHAFFEE. OLIVIA CLARK. MARIE JOHANSEN. SOONDUS JUNEJO. AN INTRODUCTION TO THE CARBON TAX UNIVERSITY OF WASHINGTON | ENVIRONMENT 439 | WINTER 2017 AN INTRODUCTION TO THE CARBON TAX TODAY'S AGENDA Health effects of CO2 How

860 views • 18 slides
Historic Goals A memex is a device in which an individual stores all his books, records, and

Historic Goals A memex is a device in which an individual stores all his books, records, and

10/27/10 Historic Goals A memex is a device in which an individual stores all his books, records, and communications, and Search Engines which is mechanized so that it may be consulted and with exceeding speed and flexibility. It is an

486 views • 7 slides
CS490W Web Search (I ) Luo Si Department of Computer Science Purdue University Slides from

CS490W Web Search (I ) Luo Si Department of Computer Science Purdue University Slides from

CS490W Web Search (I ) Luo Si Department of Computer Science Purdue University Slides from Manning, C., Raghavan, P. and Schtze, H. Usage of Web Search (iProspect Survey, 4/ 04, http:/ / www.iprospect.com/ premiumPDFs/

616 views • 30 slides
Disintermedia+on 2.0 Librarians and Systems Rory Litwin FIP February 5, 2010 University of

Disintermedia+on 2.0 Librarians and Systems Rory Litwin FIP February 5, 2010 University of

Disintermedia+on 2.0 Librarians and Systems Rory Litwin FIP February 5, 2010 University of Alberta SLIS Please Ask Ques+ons Please feel free to raise your hand as I am speaking, and I will call on you. It is okay if we stray from

327 views • 20 slides
ZONE TO WIN ORGANIZING TO COMPETE IN AN AGE OF DISRUPTION G o t o c o n A c c e l e r a

ZONE TO WIN ORGANIZING TO COMPETE IN AN AGE OF DISRUPTION G o t o c o n A c c e l e r a

ZONE TO WIN ORGANIZING TO COMPETE IN AN AGE OF DISRUPTION G o t o c o n A c c e l e r a t e L o n d o n , N o v 1 7 , 2 0 1 6 AGENDA The Challenge Catching the Next Wave A Crisis of Prioritization Zone Management

558 views • 17 slides

More recommend