Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ethernet Network Systems Security

Published byDerek Edwards Modified over 6 years ago

Similar presentations

Presentation on theme: "Ethernet Network Systems Security"— Presentation transcript:

1 Ethernet Network Systems Security
Mort Anvari

2 Ethernet Most widely used LAN technology Low cost and high flexibility
Versions of different speed: 10Mbps, 100Mbps, Gigabit Use globally unique media access control (MAC) address (hardware address) for every interface card 9/28/2004

3 Use of Hardware Address
Need an address to send a message to receiver on same Ethernet IP address is not usable because network layer does not listen to wire Use hardware address to identify receiver’s interface Need to resolve receiver’s hardware address from receiver’s IP address 9/28/2004

4 Address Resolution Protocol
Protocol maps each IP address to corresponding hardware address in subnetwork For computer i to get hardware address of computer j, i broadcasts a rqst message with IP address of j to the subnetwork rqst(ipa.j) i default router Internet switch r j 9/28/2004

5 Address Resolution If j sees a rqst message from i with its IP address, j sends a rply message with its IP address and hardware address to i rply(ipa.j,hda.j) i default router Internet switch r j 9/28/2004

6 Functions of ARP Three functions of ARP Resolving IP addresses
Supporting dynamic assignment of addresses Detecting destination failures 9/28/2004

7 ARP Spoofing Attack To stop traffic from i to j, an adversary sends to i a spoofed rply message with IP address of j and a non-existent hardware address i default router Internet switch r j A rply(ipa.j,hda.x) 9/28/2004

8 Another ARP Spoofing Attack
To stop traffic from i to default router r, an adversary sends to i a spoofed rply message with IP address of r and its own hardware address i default router Internet switch r j A rply(ipa.r,hda.A) 9/28/2004

9 Countering ARP Spoofing Attacks
Proposed solutions include ARPWATCH and static ARP caches ARPWATCH monitors transmission of rqst and rply messages over Ethernet and check them against a database of (IP addr, hardware addr) pairings Static ARP cache stores permanent (IP addr, hardware addr) pairings of trusted hosts to avoid sending rqst and rply messages over Ethernet 9/28/2004

10 Insufficiencies of Proposed Solutions
ARPWATCH does not support dynamic assignment of IP addresses Static ARP caches does not support dynamic assignment of IP addresses and detection of destination failures 9/28/2004

11 Need for Secure Address Resolution
When a computer receives a message m, it needs to determine whether m was indeed sent by claimed source, or was inserted, modified, or replayed by an adversary Use secure address resolution protocol between each computer and a secure server 9/28/2004

12 Architecture of Secure Address Resolution Protocol
9/28/2004

13 Adversary The adversary can perform three types of actions to disrupt communication between server s and any computer h[i] on the Ethernet Message loss Message modification Message replay 9/28/2004

14 Secure Address Resolution Protocol
Use three mechanisms to counter adversary actions timeouts to counter message loss shared secrets to counter message modification nonces to counter message replay 9/28/2004

15 Invite-Accept Protocol
Periodically, server s sends out an invt message to every computer on Ethernet Every up computer is required to send back an acpt message including its IP address and hardware address s updates its address database according to received acpt messages 9/28/2004

16 Invite-Accept Protocol
s  h[0..n-1]: invt(nc, md) where md=MD(nc;scr[0])||MD(nc;scr[1])||…||MD(nc;scr[n-1]) h[i]  s: acpt(nc, ipa[i], hda[i], d) where d=MD(nc;ipa[i];hda[i];scr[i]) 9/28/2004

17 Request-Reply Protocol
When a computer needs to resolve a destination’s hardware address, it sends a rqst message to server s If destination’s hardware address is still valid, s sends back a rply message with address information If destination’s hardware address is not valid anymore, s sends back a rply message with no address information 9/28/2004

18 Request-Reply Protocol
h[i]  s: rqst(nc, ipa[j], d) where d=MD(nc;ipa[j];scr[i]) If found, s  h[i]: rply(nc, ipa[j], hda[j], d) where d=MD(nc;ipa[j];hda[j];scr[i]) If not found, s  h[i]: rply(nc, ipa[j], 0, d) where d=MD(nc;ipa[j];0;scr[i]) 9/28/2004

19 Extensions Four extensions of secure address resolution protocol
Insecure address resolution Backup server System diagnosis Address resolution across multiple Ethernets 9/28/2004

20 Next Class IPsec Authentication Header (AH)
Encapsulation Security Payload (ESP) key management 9/28/2004

Download ppt "Ethernet Network Systems Security"

Similar presentations

A Client Side Defense against Address Resolution Protocol (ARP) Poisoning George Mason University INFS 612, Spring 2013 Group #3 (C. Blair, N. Eisele,

A Client Side Defense against Address Resolution Protocol (ARP) Poisoning George Mason University INFS 612, Spring 2013 Group #3 (C. Blair, N. Eisele,
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Address Resolution Protocol.

CISCO NETWORKING ACADEMY Chabot College ELEC Address Resolution Protocol.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
 As defined in RFC 826 ARP consists of the following messages ■ ARP Request ■ ARP Reply.

 As defined in RFC 826 ARP consists of the following messages ■ ARP Request ■ ARP Reply.
CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.

CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.
Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.

Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 8 Address Resolution Protocol.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 8 Address Resolution Protocol.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
IP Routing: an Introduction. Quiz 0-31 32-63 64-95 96-127 128-159 160-191 192-223 224-255.

IP Routing: an Introduction. Quiz
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 3 Address Resolution Protocol (ARP)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 3 Address Resolution Protocol (ARP)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Exploring the Packet Delivery Process Chapter 1 - 6.

Exploring the Packet Delivery Process Chapter
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.
Examining TCP/IP.

Examining TCP/IP.

Similar presentations

Ads by Google