Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 774 Advanced Network Security

Published byChristopher Sperling Modified over 9 years ago

Similar presentations

Presentation on theme: "CSC 774 Advanced Network Security"— Presentation transcript:

1 CSC 774 Advanced Network Security
Topic 2.2 Hash-Based Primitives CSC 774 Dr. Peng Ning

2 Outline Absolute basics Primitives based on hash functions
Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Pseudo random functions; traditional key distribution techniques Primitives based on hash functions One-way hash chain, Merkle hash tree, client puzzles, Bloom filters Secret sharing ID-based cryptography Secret handshake Rabin’s fingerprinting and information dispersal algorithms CSC 774 Dr. Peng Ning

3 Ki=F(Ki+1), F: hash function
One-Way Hash Chain Used for many network security applications Example: S/Key Good for authentication of the hash values commitment Ki=F(Ki+1), F: hash function K4 F K3 K2 K1 K0 Kn= R CSC 774 Dr. Peng Ning

4 Merkle Hash Tree A binary tree over data values
For authentication purpose The root is the commitment of the Merkle tree Known to the verifier. Example To authenticate k2, send (m2, m3,m01,m47) Verify m07= h(h(m01||h(f(k2)||m3)||m47) CSC 774 Dr. Peng Ning

5 Bloom Filters It’s used to verify that some data is not in the database (mismatch) List of bad credit card numbers Useful when the data consumes a very small portion of search space A bloom filter is a bit string n hash functions that map the data into n bits in the bloom filter CSC 774 Dr. Peng Ning

6 A Simple Example Check for 22: Check for 51
Use a bloom filter of 16 bits h1(key) = key mod 16 h2(key) = key mod Insert numbers 27, 18, 29 and 28 1 1 1 1 1 1 1 Check for 22: H1(22) = 6, h2(22) = 10 (not in filter) Check for 51 H1(51) = 3, h2(51) = 11 (false positive) CSC 774 Dr. Peng Ning

7 Probability of False Positives
Consider a m-bit Bloom filter with k hash functions Exercise CSC 774 Dr. Peng Ning

8 Client Puzzles Juels and Brainard client puzzle construction
Use pre-image of crypto hash functions See T02.2.x-ClientPuzzles.ppt Aura, Nikander, and Leiwo client puzzle construction Use special image of crypto hash functions CSC 774 Dr. Peng Ning

9 New Client Puzzle Outsourcing Techniques for DoS Resistance
Brent Waters, Ari Juels, J. Alex Halderman and Edward W. Felten CSC 774 Dr. Peng Ning

10 Motivation Client puzzle mechanism can become the target of DoS attacks Servers have to validate solutions which require resources Puzzles must be solved online User time is more important than CPU time CSC 774 Dr. Peng Ning

11 Properties of the Proposed Solution
The creation of puzzles is outsourced to a secure entity, the bastion Creates puzzle with no regard to which server is going to use them Verifying puzzle solutions is a table lookup Clients can solve puzzles offline ahead of time A puzzle solution gives access to a virtual channel for a short time period CSC 774 Dr. Peng Ning

12 Puzzle Properties Unique puzzle solutions
Each puzzle has a unique solution Per-channel puzzle distribution Puzzles are unique per each (server, channel, time period) triplet Per-channel puzzle solution If a client has a solution for one channel, he can calculate a solution for another server with the same channel easily CSC 774 Dr. Peng Ning

13 G: A group of prime numbers with generator g. Pick rc,t  Zq
ac,t  [rc,t, (rc,t + l) mod q] Let gc,t = gf’(a) , puzzle c,t = (gc,t, rc,t) Bastion c,t for all channels c,t Pub: Y1 Server Virtual Channels Priv: X1 Enumerate l values to solve ac,t Take the easy way Solution is c,t = Y1f’(a) c,t = gc,tX1 CSC 774 Dr. Peng Ning

14 Pub: Y1 Server 1 Pub: Y2 Priv: X1 Pub: Y3 c,t = gc,tX1 Server 2
Virtual Channels Pub: Y3 c,t = gc,tX1 Server 2 Server 1: c,t = Y1f’(a) Priv: X2 Virtual Channels Server 2: c,t = Y2f’(a) c,t = gc,tX2 Server 3: c,t = Y3f’(a) Server 3 Priv: X3 Virtual Channels c,t = gc,tX3 CSC 774 Dr. Peng Ning

15 System Description Solutions for puzzles are only valid for the time period t. (Order of minutes) Client: During Ti, download puzzles for Ti+1 and solve Check to see if server has a public key If so append puzzle solutions to messages Server: During Ti, download and solve all puzzles for Ti+1 If server is under attack only accept requests that have valid tokens Checking puzzle solution is a simple table lookup CSC 774 Dr. Peng Ning

16 Communication Client uses option field in TCP SYN to relay the token
Only the first 48 bits of the solution is used The server determines the virtual channel Server limits new connection per channel Public key: Y Puzzle index: c Token: c,t Token: c,t+1 Virtual Channels c CSC 774 Dr. Peng Ning

17 Resilience Against Attacks
2.1 GHz Pentium can process 1024-bit DH key in 3.7ms. With 5% recourse it can populate tokens for 16,000 virtual channels. If s=2, every client can solve at least one puzzle and half of them can solve at least two If attacker has 50 zombie machines, it can create 2*50*2 = 200 puzzle solutions occupying 1.25% of the channels Probability of a benign user not getting a normal channel <.625% CSC 774 Dr. Peng Ning

18 Experiment Puzzle checking (table lookup) is implemented at kernel lvl
After the routing and before the packet reaches higher level protocols like TCP Simulate conventional puzzles by replacing the lookup code with a SHA-1 hash computation Simulate syncookies by allowing Linux to send an ACK packet back CSC 774 Dr. Peng Ning

19 CSC 774 Dr. Peng Ning

Download ppt "CSC 774 Advanced Network Security"

Similar presentations

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories.

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories.
Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Similar presentations

Ads by Google