Protocol-Independent Adaptive Replay of Application Dialog Authors: Vern Paxson, Nicholas C. Weaver, Randy H. Katz Published At: 13th Annual Network and.

Slides:

Advertisements

Similar presentations

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

Advertisements

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)

Nassau Community College

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.

BOOTP and DHCP Shivkumar Kalyanaraman Rensselaer Polytechnic Institute

Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,

Module 7: Configuring TCP/IP Addressing and Name Resolution.

1 Dynamic Host Configuration Protocol (DHCP) Relates to Lab 7. Module about dynamic assignment of IP addresses with DHCP.

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

PACKET ANALYSIS WITH WIRESHARK DHCP, DNS, HTTP Chanhyun park.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

TCP/IP: Basics1 User Datagram Protocol (UDP) Another protocol at transport layer is UDP. It is Connectionless protocol i.e. no need to establish & terminate.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Allocating IP Addressing by Using Dynamic Host Configuration Protocol (DHCP)

CIS 3360: Internet: Network Layer Introduction Cliff Zou Spring 2012.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.

IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Christopher Kruegel University of California Engin Kirda Institute Eurecom Clemens Kolbitsch Thorsten Holz Secure Systems Lab Vienna University of Technology.

Mapping Internet Sensors with Probe Response Attacks Authors: John Bethencourt, Jason Franklin, Mary Vernon Published At: Usenix Security Symposium, 2005.

Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.

IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

Module 2: Allocating IP Addressing by Using Dynamic Host Configuration Protocol (DHCP)

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 22 PHILLIPA GILL - STONY BROOK U.

Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.

Allocating IP Addressing by Using Dynamic Host Configuration Protocol.

Peer to Peer Network Design Discovery and Routing algorithms

COS 420 Day 15. Agenda Finish Individualized Project Presentations on Thrusday Have Grading sheets to me by Friday Group Project Discussion Goals & Timelines.

(ITI310) By Eng. BASSEM ALSAID SESSIONS 9: Dynamic Host Configuration Protocol (DHCP)

ARP ‘n RARP. The Address Resolution Protocol (ARP) is a request sent out by a computer to find another computer’s MAC address. It already knows the IP.

DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

1 Kyung Hee University Chapter 11 User Datagram Protocol.

BAI513 - PROTOCOLS DHCP BAIST – Network Management.

Author : Lynn Choi, Hyogon Kim, Sunil Kim, Moon Hae Kim Publisher/Conf : IEEE/ACM TRANSACTIONS ON NETWORKING Speaker : De yu Chen Data :

Security Data Transmission and Authentication Lesson 9.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

3. END-TO-END PROTOCOLS (PART 1) Rocky K. C. Chang Department of Computing The Hong Kong Polytechnic University 22 March

Network Processing Systems Design

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

POLYGRAPH: Automatically Generating Signatures for Polymorphic Worms

CS590B/690B Detecting Network Interference (Fall 2016)

Prepared By : Pina Chhatrala

Chris Meullion Preston Burden Dwight Philpotts John C. Jones-Walker

Introduction to Networking

Introducing To Networking

Allocating IP Addressing by Using Dynamic Host Configuration Protocol

CS4470 Computer Networking Protocols

46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.

Lecture 4a Mobile IP 1.

Presentation transcript:

Protocol-Independent Adaptive Replay of Application Dialog Authors: Vern Paxson, Nicholas C. Weaver, Randy H. Katz Published At: 13th Annual Network and Distributed System Security Symposium, Feb 2006 Presented By: Anvita Priyam

Overview Intent of the Paper RolePlayer, Its properties and goals Mechanism Evaluation Weaknesses Suggestions for improvement

Application Dialog Refers to recorded instance of an application session Two main entities > Initiator- host that starts a session > Responder- The entity which the initiator contacts

Why do we need Replay?? Different attacks exploiting the same vulnerability often conduct same application dialog. When developing new security mechanism repeat attacks to evaluate the system’s response.

RolePlayer A system which mimics both client and server sides of the session. It uses examples of an application session

Key Properties Operates in application-independent fashion Does not require specifics of the application that it mimics Uses byte-stream alignment algorithms Heuristically determines and adjusts IP addresses, ports, cookies and length fields

Goals Protocol Independence > so that it works transparently Minimal training > uses only a small number of examples Automation > correct operation without manual intervention

Basic Idea Locates the dynamic fields in an application data unit (ADU) Adjusts them as necessary before sending the ADUs

Types of Dynamic Fields Endpoint-address: hostnames, IP addresses, port numbers Length: length of ADU/subsequent dynamic field Cookie: session specific opaque data e.g. transaction id Argument: domain name, destination directory Don’t care: opaque fields appearing in only one side of the dialog

Work of RolePlayer Preparation > first searches for end-point addresses & argument fields > then for length fields and cookie fields Replay > first searches for new values of dynamic fields > then updates them with new values

Service Protocol Discovery (SPD)

SPD cont’d Requests have seven fields: LEN-0: holds length of message TYPE: message type (1->request, 2->response) SID: session identifier (server echoes in response) LEN-1: Length of HOSTNAME LEN-2: Length of SERVICE Responses have five: LEN-0, TYPE & SID are same LEN-1: Length of IP-port field

Preparation Stage

Replay Stage NO Yes SEND RECEIVE NO YES Start Replay Next Packet? Finish Replay Send or Rcv? Rcv Packet Last Packet? Find Dynamic Fields in ADU First Packet? Send Packet Update Dynamic Fields in ADU

Test Environment Isolated testbed, set of nodes running on VMWare Workstation Both Windows XP Professional, Fedora Core 3 images were used RolePlayer ran in the Linux host system

Evaluation

Weaknesses Its coverage is not universal Can not accommodate protocols with time-dependent states Protocols using cryptographic authentication/encrypted traffic are out of league Adversary can detect its presence through the unchanged dynamic fields It can be detected due to inconsistency b/w OS of application & RolePlayer.

Suggestions Randomize certain dynamic fields Manipulate packet headers to match expected operating OS. Identify & test additional, complex application protocols.