Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2.2 Hash-Based Primitives.

Similar presentations


Presentation on theme: "Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2.2 Hash-Based Primitives."— Presentation transcript:

1 Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2.2 Hash-Based Primitives

2 Computer Science CSC 774Dr. Peng Ning2 Outline Primitives based on cryptographic hash functions –One-way hash chain –Merkle hash tree –Client puzzles Bloom filters –Based on a different type of hash functions

3 Computer Science CSC 774Dr. Peng Ning3 K i =F(K i+1 ), F: hash function K4K4 F K3K3 F K2K2 F K1K1 F K0K0 F K n = R F commitment One-Way Hash Chain Used for many network security applications –Example: S/Key Good for authentication of the hash values

4 Computer Science CSC 774Dr. Peng Ning4 Merkle Hash Tree A binary tree over data values –For authentication purpose The root is the commitment of the Merkle tree –Known to the verifier. Example –To authenticate k 2, send (m 2, m 3,m 01,m 47 ) –Verify m 07 = h(h(m 01 ||h(f(k 2 )||m 3 )||m 47 )

5 Computer Science CSC 774Dr. Peng Ning5 Bloom Filters It’s used to verify that some data is not in the database (mismatch) –List of bad credit card numbers –Useful when the data consumes a very small portion of search space A bloom filter is a bit string k hash functions that map the data into n bits in the bloom filter

6 Computer Science CSC 774Dr. Peng Ning6 A Simple Example Use a bloom filter of 16 bits –H1(key) = key mod 16 –H2(key) = key mod Insert numbers 27, 18, 29 and Check for 22: –H1(22) = 6, H2(22) = 10 (not in filter) Check for 51 –H1(51) = 3, H2(51) = 11 (false positive)

7 Computer Science CSC 774Dr. Peng Ning7 Probability of False Positives Consider an m-bit Bloom filter with k hash functions –After inserting n elements –Exercise

8 Computer Science CSC 774Dr. Peng Ning8 Client Puzzles Juels and Brainard client puzzle construction –Use pre-image of crypto hash functions –See T02.2.x-ClientPuzzles.ppt Aura, Nikander, and Leiwo client puzzle construction –Use special image of crypto hash functions

9 Computer Science CSC 774Dr. Peng Ning9 Client Puzzles w/ Special Images of Hash Functions C  S: Hello S  C: N S C  S: C, N S, N C, X S: verify h(C, N S, N C, X) has k leading zero’s

10 Computer Science CSC 774Dr. Peng Ning10 Client Puzzles w/ Special Images of Hash Functions (Cont’d) Exercise –What’s the expected cost of finding a puzzle solution? –Compare with the pre-image based puzzle construction.

11 Computer Science CSC 774Dr. Peng Ning11 New Client Puzzle Outsourcing Techniques for DoS Resistance Brent Waters, Ari Juels, J. Alex Halderman and Edward W. Felten

12 Computer Science CSC 774Dr. Peng Ning12 Motivation Client puzzle mechanism can become the target of DoS attacks –Servers have to validate solutions which require resources Puzzles must be solved online –User time is more important than CPU time

13 Computer Science CSC 774Dr. Peng Ning13 Properties of the Proposed Solution The creation of puzzles is outsourced to a secure entity, the bastion –Creates puzzle with no regard to which server is going to use them Verifying puzzle solutions is a table lookup Clients can solve puzzles offline ahead of time A puzzle solution gives access to a virtual channel for a short time period

14 Computer Science CSC 774Dr. Peng Ning14 Puzzle Properties Unique puzzle solutions –Each puzzle has a unique solution Per-channel puzzle distribution –Puzzles are unique per each (server, channel, time period) triplet Per-channel puzzle solution –If a client has a solution for one channel, he can calculate a solution for another server with the same channel easily

15 Computer Science CSC 774Dr. Peng Ning15 Priv: X 1 RouterPub: Y 1 Virtual Channels Bastion G: A group of prime numbers with generator g. Pick r c,t  Z q a c,t  [r c,t, (r c,t + l) mod q] Let g c,t = g f’(a), puzzle  c,t = (g c,t, r c,t )  c,t  c,t for all channels Enumerate l values to solve a c,t Solution is  c,t = Y 1 f’(a) Take the easy way  c,t = g c,t X1

16 Computer Science CSC 774Dr. Peng Ning16 Priv: X 1 Server 1 Pub: Y 1 Virtual Channels Server 1:  c,t = Y 1 f’(a)  c,t = g c,t X1 Server 2:  c,t = Y 2 f’(a) Server 3:  c,t = Y 3 f’(a) Priv: X 2 Server 2 Virtual Channels  c,t = g c,t X2 Priv: X 3 Server 3 Virtual Channels  c,t = g c,t X3 Pub: Y 2 Pub: Y 3

17 Computer Science CSC 774Dr. Peng Ning17 System Description Solutions for puzzles are only valid for the time period t. (Order of minutes) Client: –During T i, download puzzles for T i+1 and solve –Check to see if server has a public key –If so append puzzle solutions to messages Server: –During T i, download and solve all puzzles for T i+1 –If server is under attack only accept requests that have valid tokens –Checking puzzle solution is a simple table lookup

18 Computer Science CSC 774Dr. Peng Ning18 Communication Public key: Y Puzzle index: c Token:  c,t Token:  c,t+1 c Client uses option field in TCP SYN to relay the token Only the first 48 bits of the solution is used The server determines the virtual channel Server limits new connection per channel Virtual Channels

19 Computer Science CSC 774Dr. Peng Ning19 Resilience Against Attacks 2.1 GHz Pentium can process 1024-bit DH key in 3.7ms. With 5% recourse it can populate tokens for 16,000 virtual channels. If s=2, every client can solve at least one puzzle and half of them can solve at least two –If attacker has 50 zombie machines, it can create 2*50*2 = 200 puzzle solutions occupying 1.25% of the channels –Probability of a benign user not getting a normal channel <.625%

20 Computer Science CSC 774Dr. Peng Ning20 Experiment Puzzle checking (table lookup) is implemented at kernel lvl After the routing and before the packet reaches higher level protocols like TCP Simulate conventional puzzles by replacing the lookup code with a SHA-1 hash computation Simulate syncookies by allowing Linux to send an ACK packet back

21 Computer Science CSC 774Dr. Peng Ning21


Download ppt "Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2.2 Hash-Based Primitives."

Similar presentations


Ads by Google