CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

A Client Side Defense against Address Resolution Protocol (ARP) Poisoning George Mason University INFS 612, Spring 2013 Group #3 (C. Blair, N. Eisele,
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Chapter 5 Network Security Protocols in Practice Part I
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 8 Address Resolution Protocol.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Chapter 19 Binding Protocol Addresses (ARP) Chapter 20 IP Datagrams and Datagram Forwarding.
Overview of simple LANs. Networking basics: LAN TCP/IP is the protocol used in the Internet and dominates the internet and transport layers The subnet.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Ethernet, ARP.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Network Layer (Part IV). Overview A router is a type of internetworking device that passes data packets between networks based on Layer 3 addresses. A.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Protocol Headers Pre DA SA 0800h … version H L 6 TCP Header Data FCS
Exploring the Packet Delivery Process Chapter
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.
Examining TCP/IP.
Address Resolution Protocol(ARP) By:Protogenius. Overview Introduction When ARP is used? Types of ARP message ARP Message Format Example use of ARP ARP.
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
CMPT 471 Networking II Address Resolution IPv4 ARP RARP 1© Janice Regan, 2012.
CSCE 715: Network Systems Security
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
CS 447 Networks and Data Communication ARP (Address Resolution Protocol) for the Internet Department of Computer Science Southern Illinois University Edwardsville.
ARP Spoofing Attacks Dr. Neminath Hubballi IIT Indore © Neminath Hubballi.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Chapter 19 Binding Protocol Addresses (ARP) A frame transmitted across a physical network must contain the hardware address of the destination. Before.
IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Kyung Hee University Chapter 8 ARP(Address Resolution Protocol)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Ethernet Network Fundamentals – Chapter 9.
CSIT 220 (Blum)1 ARP Based on Computer Networks and Internets (Comer)
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Mapping IP Addresses to Hardware Addresses Chapter 5.
Ethernet Network Systems Security Mort Anvari. 9/28/20042 Ethernet Most widely used LAN technology Low cost and high flexibility Versions of different.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 Binding Protocol Addresses (ARP ). 2 Resolving Addresses Hardware only recognizes MAC addresses IP only uses IP addresses Consequence: software needed.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
ADDRESS MAPPING ADDRESS MAPPING The delivery of a packet to a host or a router requires two levels of addressing: logical and physical. We need to be able.
Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
1 Address Resolution Protocol (ARP). 2 Overview 3 Need for Address Translation Note: –The Internet is based on IP addresses –Local area networks use.
Behrouz A. Forouzan TCP/IP Protocol Suite, 3rd Ed.
IPSecurity.
Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP)
Chapter 8 ARP(Address Resolution Protocol)
SECURING NETWORK TRAFFIC WITH IPSEC
ARP and RARP Objectives Chapter 7 Upon completion you will be able to:
Network Architecture Introductory material
Computer Networks 9/17/2018 Computer Networks.
Net 323: NETWORK Protocols
Address Resolution Protocol (ARP)
CSCE 715: Network Systems Security
Review of Important Networking Concepts
Ethernet Network Systems Security
Address Resolution Protocol (ARP)
1 ADDRESS RESOLUTION PROTOCOL (ARP) & REVERSE ADDRESS RESOLUTION PROTOCOL ( RARP) K. PALANIVEL Systems Analyst, Computer Centre Pondicherry University,
Networking Essentials For Firewall-1 Administrators
Computer Networks ARP and RARP
Presentation transcript:

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina

02/18/20092 Network Security Designs After discussion of cryptographic tools, we turn to look at various network security designs at different layers in protocol stack Link layer – secure address resolution Network layer – IPsec, hop integrity Transport layer – SSL/TLS Application layer – Kerberos, X.509 certificate, firewall design

02/18/20093 Ethernet Most widely used LAN technology Low cost and high flexibility Versions of different speed: 10Mbps, 100Mbps, Gigabit Use globally unique media access control (MAC) address (hardware address) for every interface card

02/18/20094 Use of Hardware Address Need an address to send a message to receiver on same Ethernet IP address is not usable because the data link does not recognize IP address Use hardware address to identify receiver’s interface Need to resolve receiver’s hardware address from receiver’s IP address

02/18/20095 Address Resolution Protocol ARP maps each IP address to corresponding hardware address in subnetwork For computer i to get hardware address of computer j, i broadcasts a rqst message with IP address of j to the subnetwork Internet i j r default router switch rqst(ipa.j)

02/18/20096 Address Resolution If j sees a rqst message from i with its IP address, j sends a rply message with its IP address and hardware address to i Internet i j r default router switch rply(ipa.j,hda.j)

02/18/20097 Functions of ARP Three functions of ARP Resolving IP addresses Supporting dynamic assignment of addresses Detecting destination failures

02/18/20098 ARP Spoofing Attack To stop traffic from i to j, an adversary sends to i a spoofed rply message with IP address of j and a non-existent hardware address Internet i j A r default router switch rply(ipa.j,hda.x)

02/18/20099 Another ARP Spoofing Attack To stop traffic from i to default router r, an adversary sends to i a spoofed rply message with IP address of r and its own hardware address Internet i j A r default router switch rply(ipa.r,hda.A)

02/18/ Countering ARP Spoofing Attacks Proposed solutions include ARPWATCH and static ARP caches ARPWATCH monitors transmission of rqst and rply messages over Ethernet and check them against a database of (IP addr, hardware addr) pairings Static ARP cache stores permanent (IP addr, hardware addr) pairings of trusted hosts to avoid sending rqst and rply messages over Ethernet

02/18/ Insufficiencies of Proposed Solutions ARPWATCH does not support dynamic assignment of IP addresses Static ARP caches does not support dynamic assignment of IP addresses and detection of destination failures

02/18/ Need for Secure Address Resolution When a computer receives a message m, it needs to determine whether m was indeed sent by claimed source, or was inserted, modified, or replayed by an adversary Use secure address resolution protocol between each computer and a secure address resolution server

02/18/ Architecture of Secure Address Resolution Protocol

02/18/ Adversary Adversary can perform three types of actions to disrupt communication between server s and any computer h[i] on the Ethernet Message loss Message modification Message replay

02/18/ Secure Address Resolution Protocol Use three mechanisms to counter adversarial actions timeouts to counter message loss shared secrets to counter message modification nonces to counter message replay

02/18/ Invite-Accept Protocol Periodically, server s sends out an invt message to every computer on Ethernet Every up computer is required to send back an acpt message including its IP address and hardware address s updates its address database according to received acpt messages

02/18/ Invite-Accept Protocol s  h[0..n-1]: invt(nc, md) where md=MD(nc;scr[0])||MD(nc;scr[1])||…||MD(nc;scr[n-1]) h[i]  s: acpt(nc, ipa[i], hda[i], d) where d=MD(nc;ipa[i];hda[i];scr[i])

02/18/ Request-Reply Protocol When a computer needs to resolve a destination’s hardware address, it sends a rqst message to server s If destination’s hardware address is still valid, s sends back a rply message with address information If destination’s hardware address is not valid anymore, s sends back a rply message with no address information

02/18/ Request-Reply Protocol h[i]  s: rqst(nc, ipa[j], d) where d=MD(nc;ipa[j];scr[i]) If found, s  h[i]: rply(nc, ipa[j], hda[j], d) where d=MD(nc;ipa[j];hda[j];scr[i]) If not found, s  h[i]: rply(nc, ipa[j], 0, d) where d=MD(nc;ipa[j];0;scr[i])

02/18/ Extensions Four extensions of secure address resolution protocol Insecure address resolution Backup server System diagnosis Address resolution across multiple Ethernets

02/18/ Next Class IPsec Authentication Header (AH) Encapsulation Security Payload (ESP) key management Read Chapter 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.