Intro To Secure Comm. Exercise 6

Problem A vendor wishes to incorporate the following:  Upon any login/change the vendor updates the cookie Cookie(SessionTime||{Item||Price}) What kind of attacks may be done? What kind of attackers may do it? How does SSL help protect against certain attacks/adversaries?

Solution The interrogative adversary may easily change the cookie. The attacks may be  extending the session time indefinitely  Changing products’ prices SSL may prevent sniffing/active adversaries from intercepting the cookies and/or changing them while they’re transmitted

Problem The following is a cookie based login process  User Login to server, provide user/password  Server Set Cookie(username||h(password)) The login process is protected with SSL. The rest sessions are not. Against what types of adversaries is this scheme effective?

Solution This scheme is immune to spoofing attacks, as no spoofer can generate the cookie This scheme is immune to sniffing attacks as the secret is not sent in the clear. However, active adversaries may do replay attacks after the initial login. How may you defend against active adversaries? Dictionary attacks are still possible, use SALT against them.

Solution (2) The simplest thing would be to protect the entire client-server protocol using SSL. Developing a proprietary protocol may lead to more complex client-side applications.

Problem The following identifier is put into a cookie after user logon (to identify the session)  Cookie(GlobalId++) What types of adversaries may attack this scheme? What is the attack?

Solution The interrogative adversary may attack this easily. The attack would be to guess the sequence number of another session. Since this uses sequential numbers it is quite easy. How will you mend this flaw?  Use cryptographic randomness PRF(GlobalId||Date)

IP-SEC

Scenario An organization connects to the Internet from multiple offices, and is concerned about:  Denial of service attacks from the Internet  Protect data on few key applications (mostly web) from unauthorized exposure  Efficiency and cost of solution The organization considers employing IPSec as a solution

Problem When is IPSec not able to secure the connection under the previous conditions

Solution IPSec connections may not be reliable when an attack is orchestrated from inside the network (where IP sec is not utilized) Using IPSec in tunnel mode enables such an attack from inside the network when a virus/worm attacks the computers.

Problem Few companies create extranet (shared VPN over Internet) using IP-sec. How can they (securely and efficiently)…  Prevent network attacker from counting CEO- to-CEO messages  Prevent insiders from eavesdropping on CEO- to-CEO messages

Solution Assuming  CEO1:  CEO2: Use both transport mode and tunnel mode IPSec. First use Transport mode IPSec  CEO1 SP : To CEO2 -> Encrypt Transport Mode  CEO2 SP : To CEO1 -> Encrypt Transport Mode

Solution Second, use IPSec tunnel mode between routers such that ALL messages are encrypted using tunnel mode (no differentiation between CEO messages and users’ messages) This way, messages between CEOs are protected from being noticed from the internet (this is because the messages are designated to the routers) Inside the network, the messages are still encrypted.

Scenario

Problem The company enables IPSec in tunnel mode between each branch of the company. Users are allowed to browse the internet freely. How can a virus expose information sent from branch A to B?

Solution By sniffing the network, the virus can sniff packets sent between the branches. The virus can then send the information to a host located on the internet. Since the information between the branches is sent on the clear (until it reaches the VPN host) it is easily viewed.

Attack explenation Say computer A from office A send information to computer B in office B. The virus sniffs the network and gets a hold of the message. The virus sends the message using a connection to the internet, to an internet host.

Problem What if the routers are configured only to allow secured IPSec communication?  i.e. no internet forwarding. Is the attack viable now?

Solution YES!!! Through subliminal channels, the virus can communicate with the sniffer  Through timings  Through length of packets In conjunction with the SPI field.  Assuming the SPI is different than other programs.  The eavesdropper can then identify the messages from the virus and identify them using timings/length of packets.

Problem (Test Question) חברה מעונינת להבטיח מספר יישומים קריטיים (משכורות, כח אדם, דו"חות מכירות) מפני תוקף חיצוני או פנימי. ההנחה היא שהתוקף עלול להשתלט על מחשב אחד או מחשבים מעטים, ובפרט מניחים שלא יוכל להשתלט על שרתים (שמאובטחים היטב) אלא רק על תחנות עבודה. מעונינים למנוע מהתוקף, אפילו אם הוא שולט על מחשב אחד שנמצא ברשת מקומית מסוימת, מלחשוף או לשנות הודעות בין מחשבים ברשת שאינם נשלטים על ידיו ובין אחד משרתי היישומים הקריטיים. מוצע להגן ע"י שימוש ב-IP-sec בשיטת ESP ומצב Transport, בין כל תחנת עבודה לבין השרתים שמריצים את אותם שירותים קריטיים.  הראה שפתרון זה עשוי שלא למנוע התקפה, ותוקף ששולט במחשב אחד ברשת עלול להיות מסוגל להתחזות לשרת היישום הקריטי. רמז: שרתים אחרים ברשת, שאינם מריצים את היישומים הקריטיים, אינם מריצים IP-sec.

Solution The key idea is that only application servers are protected with IPSec. What about DNS servers? (or any other naming servers) The following attack may happen  ADV takes control over some computer (a client/DNS) which are not protected.  ADV changes DNS record to point to the controlled computer  When the application needs to transmit information, it transmits to the wrong IP thus not protecting the data with IPSec.  The application is UNAWARE of it.