Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Problems in the TCP/IP Protocol Suite S.M. Bellovin Presented By, Sammer Zai 23-09-2014 Computer Vision and Pattern Recognition Laboratory, Hanyang.

Published byVirginia Short Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Problems in the TCP/IP Protocol Suite S.M. Bellovin Presented By, Sammer Zai 23-09-2014 Computer Vision and Pattern Recognition Laboratory, Hanyang."— Presentation transcript:

1 Security Problems in the TCP/IP Protocol Suite S.M. Bellovin Presented By, Sammer Zai 23-09-2014 Computer Vision and Pattern Recognition Laboratory, Hanyang University

2 Overview TCP/IP and their associated protocols were designed without any security consideration in mind. This paper was written in 1989. It gave the security perspective on TCP/IP protocols in the early days. It acted as a wake up call for network researchers, listing many security vulnerabilities.

3 Overview Bellovin takes a critical look at each of the components of the TCP/IP protocol suite. From the network layer (e.g. routing) to the application layer. He discusses (potentially) exploitable flaws in each, and – where possible – defenses against them.

4 TCP Sequence Number Prediction Initially described by Morris in 1985. Exploits predictability in ISN generation as a “foot in the door.”

5 SYNs ACKs and ISN’s TCP sessions are established with a three-way handshake. C -> S: SYN(ISN C ) S -> C: SYN(ISN S ), ACK(ISN C ) C -> S: ACK(ISN S ) If the ISNs generated by a host are predictable, the other end- point need not see the SYN response to successfully establish a TCP session. If an adversary can establish a TCP session without seeing the response packets, they can “fly blind”.

6 Proposed Defense If an attacker can accurately measure and predict the round-trip time, any scheme that increments linearly can be compromised with some effort. So, the ISN should be randomized. Bellovin suggests using DES in ECB mode, encrypting the value of a simple counter. An additional defense involves good logging and alerting mechanism. Timing measurement techniques would involve attempted TCP connections. Spoofing an active host will eventually generate unusual types of RST packets.

7 Source Routing Giving a packet an explicit path to follow to a destination. If the target uses the inverse of the supplied route as the return path, it permits address spoofing. Note that even if the target ignores the inverse path, if you can predict an ISN, you can still address spoof.

8 Proposed Defense Bellovin suggests that “the best idea would be for gateways into the local net to reject external packets that claim to be from the local net.” But points out that sometimes this is not practical for arbitrary wide-area topologies. He then suggests that such topologies should be avoided.

9 RIP RIP (Routing Information Protocol) is a broadcast based routing protocol – used to propagate routing information on local networks. Typically, the information received is unchecked.

10 Poisoning Routing Tables: RIP Two attack modes are discussed: Host impersonation – this would cause all the packets destined for that host to be sent to intruder’s machine. “Man-In-The-Middle” – diverting packets for inspection and forwarding them on via source-routing.

11 Proposed Defense Bellovin suggests two approaches: Skepticism In most scenarios, it is useful to “be strict about what you generate and be lenient about what you accept”. Cryptographic Authentication For a broadcast protocol like RIP, this requires pervasive PKI.

12 Proposed Defense Bellovin makes an interesting aside: “Good log generation would help, but it is hard to distinguish a genuine intrusion from the routing instability that can accompany a gateway crash.” This is a hard problem in general – and the focus of modern IDS systems.

13 Authentication Server Many hosts run an authentication server – which will, given a port, return the effective user id of the process attached to that port. This request involves a second TCP connection – so it can help prevent ISN and source routing attacks.

14 Who Do You Trust? The trouble is that you still need to trust the information coming back from identd if the host is compromised or untrustworthy, this “authentication” is meaningless. Risks: All hosts are not competent to run authentication servers. Authentication message itself can be compromised by routing table attacks. If the target host is down, a variant on the TCP sequence number attack may be used.

15 Proposed Defense TCP itself is not adequate. User should use a more secure means of validation, such as Needham Schroeder algorithm.

16 Application Protocols Bellovin also enumerates issues with several “standard” services: DNS FTP Authentication Anonymous FTP Remote Boot

17 DNS DNS provides for a distributed database mapping host names to IP addresses. Interference with the proper operation of DNS can mount a variety of attacks such as denial of service and password collection. A combined attack on the domain system and the routing mechanism can be a great damage.

18 Domain servers should only run on highly secure machines. Authentication techniques on domain server must be used. Proposed Defense

19 FTP Like nearly all protocols of it’s day, FTP transmits authentication secrets in plaintext over an insecure channel. Bellovin mentions one-time passwords: A user was issued a device/program for generating the next password given a challenge.

20 Anonymous FTP Bellovin said that; “Some implementations of FTP require creation of a partial replica of the directory tree” The idea was to put anonymous FTP in a restricted environment. Unfortunately, often administrators mis- configured the system, causing information leaks.

21 Remote Boot Booting up a client machine from the server. “thin clients” – they were diskless, and so needed to load their kernel over the network during bootstrap. Two schemes were common: RARP with TFTP BOOTP with TFTP

22 RARP/TFTP RARP = ARP (Address Resolution Protocol) run in reverse. Rather than asking what MAC address maps to IP address xxx.xxx.xxx.xxx, it asked: what IP address maps to MAC address xx:xx:xx:xx:xx:xx TFTP allowed file transfer without authentication.

23 The Trust of a Child The potential for misadventure should be obvious. If I can compromise the boot process, I can install my own kernel.

24 BOOTP BOOTP is a protocol that gives the information to a diskless device. It uses UDP protocol. BOOT adds a “random” transaction ID to prevent an attacker from blindly replying to a booting machine. Trouble is – it’s hard to be random when the machine is booting – it’s a very deterministic process.

25 Comprehensive Defenses Authentication Encryption

26 Authentication Needham Schroeder – which requires that each participating host share a key with an authentication server. DNS provides an ideal base for authentication system.

27 Encryption Bellovin discussed both link-level and end-to-end encryption. Link-level encryption End-to-end encryption

28 Conclusions Relying on the IP source address for authentication is extremely dangerous. Hosts should not give away knowledge gratuitously. Network control mechanisms are dangerous and must be guarded.

29

Download ppt "Security Problems in the TCP/IP Protocol Suite S.M. Bellovin Presented By, Sammer Zai 23-09-2014 Computer Vision and Pattern Recognition Laboratory, Hanyang."

Similar presentations

CCNA1 v3 Module 9 v3 CCNA 1 Module 9 JEOPARDY K. Martin Galo Valencia.

CCNA1 v3 Module 9 v3 CCNA 1 Module 9 JEOPARDY K. Martin Galo Valencia.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
Controlling access with packet filters and firewalls.

Controlling access with packet filters and firewalls.
Security Problems in the TCP/IP Protocol Suite S.M. Bellovin Computer Communications Review; April 1989.

Security Problems in the TCP/IP Protocol Suite S.M. Bellovin Computer Communications Review; April 1989.
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 2: Internet Protocols.

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 2: Internet Protocols.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Subnetting.

Subnetting.
1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.

1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Network Layer (Part IV). Overview A router is a type of internetworking device that passes data packets between networks based on Layer 3 addresses. A.

Network Layer (Part IV). Overview A router is a type of internetworking device that passes data packets between networks based on Layer 3 addresses. A.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet

Similar presentations

Ads by Google