1. Security Problems in the TCP/IP Protocol Suite Presented by: Sandra Daniels, José Nieves, Debbie Rasnick, Gary Tusing

2. Article by: S. M. Bellovin AT&T Bell Laboratories April, 1989

3. TCP/IP Protocol Suite Widely used Widely used Developed under DOD Developed under DOD Serious security flaws Serious security flaws

4. Topics to be Discussed Problems and defenses Problems and defenses Handshake sequence numbers Handshake sequence numbers Routing Routing Authentication Authentication Service protocols Service protocols Comprehensive defenses Comprehensive defenses Conclusion Conclusion

6. TCP Sequence Number TCP Handshake C → S: SYN (ISNc) C → S: SYN (ISNc) S → C: SYN (ISNs), ACK (ISNc) S → C: SYN (ISNs), ACK (ISNc) C → S: ACK (ISNs) C → S: ACK (ISNs) C → S: data C → S: data And/or And/or S → C: data S → C: data

7. Mechanism ISNs variable incremented by constant (once per second) and by half that amount each time a connection is initiated. ISNs a number precisely the round-trip between the client and server ISNs variable incremented by constant (once per second) and by half that amount each time a connection is initiated. ISNs a number precisely the round-trip between the client and server ISNs predictable, can be guessed by intruder ISNs predictable, can be guessed by intruder No authentication except IP address No authentication except IP address

8. Problem ISNs not true random number ISNs not true random number Easy to calculate or predict Easy to calculate or predict Can be used to spoof trusted host Can be used to spoof trusted host Easy and cheap for Intruder Easy and cheap for Intruder

9. 1 Defenses Don’t use netstat protocol Don’t use netstat protocol Generate ISNs some other way Generate ISNs some other wayRandomization Use cryptographic algorithm with key Randomize increments instead of basing them on predictable or measurable factor Randomize increments instead of basing them on predictable or measurable factor

10. Defenses (cont.) USE DES to generate ISNs USE DES to generate ISNs Good Logging Good Logging Alerting mechanisms Alerting mechanisms

12. Routing ISSUES Routing mechanisms can be abused Routing mechanisms can be abused Denial of Service – confusing routing tables Denial of Service – confusing routing tables Source Routing Source Routing Reverse the TCP route on a request (if one is used). Reverse the TCP route on a request (if one is used). The attacker may be able to identify an IP address and network in the source domain, the first step gaining control of a host The attacker may be able to identify an IP address and network in the source domain, the first step gaining control of a host POSSIBLE DEFENSES Hard to defend Hard to defend Possibilities: Possibilities: Local net rejects all external packets claiming to be from the local net (not practical and extreme) Analyze source route and accept it only if trusted gateways are listed (again, hardly practical)

13. RIP Attacks ISSUES RIP – Routing Information Protocol (widely used) RIP – Routing Information Protocol (widely used) Routing information received is often unchallenged Routing information received is often unchallenged Intruder can send bogus routing information and thus re-direct packets to a non- trusted entity, network, or host (impersonating) Intruder can send bogus routing information and thus re-direct packets to a non- trusted entity, network, or host (impersonating) Hard to authenticate RIP packets Hard to authenticate RIP packets Bogus routing information disseminates to other routers Bogus routing information disseminates to other routers POSSIBLE DEFENSES Establishing a “paranoid” gateway Establishing a “paranoid” gateway One that filters packets based on source or destination address only, not on the route Would have to make RIP more skeptical of the routes that the router is willing to accept

14. EGP ISSUES Protocol for communications between core routers Protocol for communications between core routers Impersonation of a real gateway when such is down is not hard with this routing protocol Impersonation of a real gateway when such is down is not hard with this routing protocol Broadcast a route directing others to an offline router, while impersonating that router Broadcast a route directing others to an offline router, while impersonating that router POSSIBLE DEFENSES Always make exterior gateways be on the core network so that attacker has a harder time impersonating the offline router Always make exterior gateways be on the core network so that attacker has a harder time impersonating the offline router

15. ICMP ISSUES The Internet Control Message Protocol is used for echo requests from remote hosts (connectivity) The Internet Control Message Protocol is used for echo requests from remote hosts (connectivity) ICMP attacks are difficult because of ICMP packet’s simplicity ICMP attacks are difficult because of ICMP packet’s simplicity Yet, ICMP packets can be used to: Yet, ICMP packets can be used to: Redirect routes (such as with RIP) Redirect routes (such as with RIP) DoS attacks DoS attacks POSSIBLE DEFENSES Again, “paranoia” Again, “paranoia” Restrict routing changes to specified connections, not in response to ICMP Redirect messages Restrict routing changes to specified connections, not in response to ICMP Redirect messages Check that an ICMP packet is tied up to a particular connection only Check that an ICMP packet is tied up to a particular connection only

16. Authentication Server Used instead of address-based authentication Used instead of address-based authentication Nothing more than a Trusted Host that will mediate our connections and establish trusted identities Nothing more than a Trusted Host that will mediate our connections and establish trusted identities Should not rely solely on TCP/IP for authentication; should use some other algorithm Should not rely solely on TCP/IP for authentication; should use some other algorithm

18. Services Within the Suite Finger Finger Email Email POP POP PCMAIL PCMAIL DNS DNS FTP FTP SNMP SNMP Remote Booting Remote Booting

19. Finger Problem: Gives away too much information to hackers Problem: Gives away too much information to hackers Solution: Disable service Solution: Disable service

20. POP Problem: Conventional passwords are vulnerable Problem: Conventional passwords are vulnerable Solution: One-time passwords using cryptographic key Solution: One-time passwords using cryptographic key

21. PCMAIL Problem: Same as POP, but also supports password-change command with unencrypted passwords Problem: Same as POP, but also supports password-change command with unencrypted passwords Solution? Solution?

22. DNS Problem: Sequence number attack leading to spying on traffic/capturing passwords Problem: Sequence number attack leading to spying on traffic/capturing passwords Solution: Run domain servers on highly secure machines and use authentication on domain server responses Solution: Run domain servers on highly secure machines and use authentication on domain server responses

23. DNS cont… Problem: Recursive zone transfer requests to download entire database Problem: Recursive zone transfer requests to download entire database Solution: Employ “refused” error code for any requests from unidentified servers Solution: Employ “refused” error code for any requests from unidentified servers Also, Kerberos tickets can be used to authenticate DNS queries Also, Kerberos tickets can be used to authenticate DNS queries

24. FTP Problem: Use of simple passwords for authentication Problem: Use of simple passwords for authentication Solution: One-time passwords Solution: One-time passwords Problem: Anonymous FTP Problem: Anonymous FTP Solution: Be careful with sensitive data (such as encrypted passwords) Solution: Be careful with sensitive data (such as encrypted passwords)

25. SNMP Problem: In the wrong hands, can divulge too much information Problem: In the wrong hands, can divulge too much information Solution: Protect this service (through authentication) Solution: Protect this service (through authentication)

26. Remote Booting Problem: Boot process can be subverted and new kernel with altered protection mechanism can be substituted Problem: Boot process can be subverted and new kernel with altered protection mechanism can be substituted Solution: Ensure boot machine uses random number for UDP source port and use 4-byte transaction ID Solution: Ensure boot machine uses random number for UDP source port and use 4-byte transaction ID

27. Trivial Attacks ARP ARP TFTP TFTP Reserved Ports Reserved Ports

29. Comprehensive Defenses Authentication Authentication Encryption Encryption Trusted Systems Trusted Systems

30. Authentication One of the overall problems is TCP/IP reliance on IP source address for authentication One of the overall problems is TCP/IP reliance on IP source address for authentication Too easy to spoof IP address Too easy to spoof IP address Needs some form of cryptographic authentication Needs some form of cryptographic authentication Needham-Schroeder algorithm Needham-Schroeder algorithm

31. Needham-Schroeder algorithm Relies on each host sharing a key with an authentication server Relies on each host sharing a key with an authentication server Versions exists for both private-key and public-key cryptosystems Versions exists for both private-key and public-key cryptosystems Host wanting to communicate request key from authentication server & passes a sealed version along to destination Host wanting to communicate request key from authentication server & passes a sealed version along to destination At conclusion of dialog, each side has verified id of other At conclusion of dialog, each side has verified id of other

32. Needham-Schroeder algorithm Allows pre-authenticated connections that are safe Allows pre-authenticated connections that are safe DNS provides ideal base for authentication systems DNS provides ideal base for authentication systems Key distribution responses must be authenticated and/or encrypted Key distribution responses must be authenticated and/or encrypted

33. Encryption Can defend against most problems Can defend against most problems Disadvantages: Disadvantages: Expensive Expensive Slow Slow Hard to administer Hard to administer Uncommon in civilian sector Uncommon in civilian sector

34. Encryption Two types: Two types: Link Level including Link Level including Multi-points link encryption Multi-points link encryption End-to-end encryption End-to-end encryption Major benefits Major benefits Implied authentication they provide Implied authentication they provide Provide privacy Provide privacy

35. Link Level Encryption Encrypting each packet as it leaves the host Encrypting each packet as it leaves the host Excellent to protect confidentiality Excellent to protect confidentiality Works well against physical intrusion Works well against physical intrusion Weaknesses: Weaknesses: Broadcast packets are difficult to secure Broadcast packets are difficult to secure Implies trust of gateways Implies trust of gateways

36. Blacker Front End (BFE) A multi-point link encryption device for TCP/IP A multi-point link encryption device for TCP/IP Looks to host as an X.25 DDN interface Looks to host as an X.25 DDN interface Sits between host and actual DDN line Sits between host and actual DDN line Receives call with new destination, contacts Access Control Center for permission and Key Distribution Center for cryptographic keys Receives call with new destination, contacts Access Control Center for permission and Key Distribution Center for cryptographic keys

37. BFE If local host is denied permission to talk to remote host, appropriate diagnostic code is returned If local host is denied permission to talk to remote host, appropriate diagnostic code is returned Special Emergency Mode when link to KDS or ACC is not working Special Emergency Mode when link to KDS or ACC is not working Permission checking can protect against DNS attacks Permission checking can protect against DNS attacks Totally unauthorized host does not receive sensitive data Totally unauthorized host does not receive sensitive data

38. BFE Also translates original “Red” IP address to encrypted “Black” address using a translation table supplied by ACC Also translates original “Red” IP address to encrypted “Black” address using a translation table supplied by ACC Foils traffic analysis which are bane of all multi-point link encryption Foils traffic analysis which are bane of all multi-point link encryption

39. End-to-end encryption Above the TCP level Above the TCP level To secure conversations regardless of number of hops To secure conversations regardless of number of hops Or quality of links Or quality of links Appropriate for centralized network management applications Appropriate for centralized network management applications Key distribution/management greater problem (more pairs involved) Key distribution/management greater problem (more pairs involved)

40. End-to-end encryption Encryption and decryption done before initiation or after termination of TCP processing, host level software must handle translations resulting in extra overhead for each conversation Encryption and decryption done before initiation or after termination of TCP processing, host level software must handle translations resulting in extra overhead for each conversation Vulnerable to denial of service attacks Vulnerable to denial of service attacks

41. Trusted Systems Hosted and routers rated B2 or higher immune to attacks described here Hosted and routers rated B2 or higher immune to attacks described here C2 level systems are susceptible C2 level systems are susceptible B1 are vulnerable to some but not all attacks B1 are vulnerable to some but not all attacks

42. Conclusions 1. Relying on IP source address for Authentication is dangerous 2. Second broad class of problems deals with sequence number attacks (unpredictable and unseen) 3. Hosts should not be giving away information gratuitously (finger and netstat) 4. Intelligent use of default routes 5. Use verifiable point-to-point routing protocols instead of broadcast-based routing 6. Network control mechanisms must be guarded