Presentation is loading. Please wait.

Presentation is loading. Please wait.

Class 16 Deniable Authentication CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Published byDarcy Butler Modified over 8 years ago

Similar presentations

Presentation on theme: "Class 16 Deniable Authentication CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman"— Presentation transcript:

1 Class 16 Deniable Authentication CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S14/

2 Administrative stuff Office hours moved on Monday – Will be 3 – 4:30 Quiz today (last 15 minutes)

3 Anonymous Web Browsing Low latency Low to medium throughput Server does not know client Provides sender unlinkability – Have to be careful about authentication No default end-to-end confidentiality (SSL) NOT secure against global adversary

4 File Sharing Medium to high latency Medium throughput Default end-to-end confidentiality(-ish) Default content confidentiality(-ish) Secure against global adversary? Is our adversary model the same?

5 Censorship Resistance ?? latency ?? throughput Default end-to-end confidentiality? Default content confidentiality? Secure against global adversary? Who is our adversary? – What are they willing to do?

6 ISP Anonymity ISP AS1 AS2 Anonymizing Network

7 ISP Censorship Resistance ISP AS1 AS2 Anonymizing Network Membership Concealing Network

8

9 Tor and Bridges

10 Multiple Join/Bootstrap Attack A, B, C D, E, F Join Never let nodes re-join/get more contacts!

11 Harvesting Attack Never contact anyone except neighbors!

12 Confirmation Attack Yes Are you in the secret network? Never respond to anyone except neighbors!

13 secret Covert Auth. !! Hi? Hi! XX Hi? ?? !!??

14 secret?? BridgeSPA Bridges

15 Ongoing problems SilentKnock MitM vulnerability Bridge TLS distinguishability Other solutions? – TCP fragmentation, apparently – obfsproxy

16 SilentKnock Software has exploitable bugs (!) Firewalls can not protect services that should be externally accessible Can we prevent unauthorized users from accessing the service? Can we prevent them from even detecting the service?

17 Problem Overview BUG X Big evil untrusted Internet

18 TCP 3-way handshake Server SYN (25) SYN-ACK Client SMTP (port 25) Web (port 80) Mail software ACK (25) Data (25)

19 What is Port Knocking? Server SYN (666) SYN (777) SYN (888) SYN (25) SYN-ACK Client SMTP (closed) Web (port 80) Mail software SYN (25) Code: 666, 777, 888 Code: 666, 777, 888 SMTP (port 25)

20 Covert Authentication Dining Freemasons: – Alice is able to authenticate to Bob using a shared secret without Mallory being aware that an authentication took place – Bob is unaware that Alice tries to authenticate if Bob does not share a secret with Alice

21 Problem Statement Design a port knocking system that provides – Authentication – Replay protection – Non-detection – Practical implementation – Formal threat model – Provable security

22 Security of Port Knocking Computationally bounded adversary may: – observe many authenticated sessions – arbitrarily inject, delete, and reorder messages Cannot distinguish a port knocking client/server pair from those using ordinary TCP/IP, plus some out-of-band authentication mechanism E. Vasserman, N. Hopper, J. Laxson, and J. Tyra – SilentKnock: practical, provably undetectable authentication

23 Security Definition Hidden world (implementation) Plausible world (ideal security) SC A Queue SC A keyed

24 Implementation Overview “Simulate” shared signaling by steganographically embedding a MAC into TCP SYN packet Application-transparent proxies: – sknockproxy (client) automatically detects “protectable” streams – sknockd (server) decodes/verifies embedded MAC Userspace implementation

25 System Overview ClientServer

26 Packet Filter Hooks sknockd – Listen for SYN, FIN, RST – Passively examines only those packets sknockproxy – Listen for all packets going to given IP/port pair – Modifies all packets in stream of interest Server-optimized

27 Steganographic Embedding Linux 2.6 TCP SYN packet header with embedded MAC

28 Timestamp Encoding Details Only get to modify lowest byte Must delay packet dispatch Re-transmitted SYN packets must have the same sequence number but different timestamp – Re-encode retransmitted packets and delay dispatch again

29 Replay Protection Two-field counter (C 1 || C 2 ) C 1 = C 2 = 0 at first server connection De-synchronization can occur if SYN or SYN-ACK is lost Auto-resynchronization using timed counter field

30 Optimizations MAC pre-computation for first connection Background MAC computations for future connections (not yet implemented) – Counter values and passwords are known for future connections, can AES-encrypt them while waiting for connection – Can even store in config file!

31 sknockd Timing Results ExperimentSSH onlysknockdwithout commit Average response time (μs) 242.86 ± 8.59 389.33 ± 13.36 295.44 ± 8.64 Slowdown factor 11.601.22

32 Known Limitations Only protects start of connection (TCP hijacking still possible) Limited MAC size Identity binding: IP addresses Distinguishability by packet-modifying adversary

33 Key Exchange Password/key Client OS/TCP implementation Counter increment time SYN retransmit maximum

34 Questions? Reading discussion

Download ppt "Class 16 Deniable Authentication CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman"

Similar presentations

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.

Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Time Passes, Security Changes… Christian Huitema Monday, August 1, 2005 IETF, Application Area Meeting.

Time Passes, Security Changes… Christian Huitema Monday, August 1, 2005 IETF, Application Area Meeting.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Similar presentations

Ads by Google