Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ethernet Network Systems Security Mort Anvari. 9/28/20042 Ethernet Most widely used LAN technology Low cost and high flexibility Versions of different.

Published byOswald Haynes Modified over 9 years ago

Similar presentations

Presentation on theme: "Ethernet Network Systems Security Mort Anvari. 9/28/20042 Ethernet Most widely used LAN technology Low cost and high flexibility Versions of different."— Presentation transcript:

1 Ethernet Network Systems Security Mort Anvari

2 9/28/20042 Ethernet Most widely used LAN technology Low cost and high flexibility Versions of different speed: 10Mbps, 100Mbps, Gigabit Use globally unique media access control (MAC) address (hardware address) for every interface card

3 9/28/20043 Use of Hardware Address Need an address to send a message to receiver on same Ethernet IP address is not usable because network layer does not listen to wire Use hardware address to identify receiver’s interface Need to resolve receiver’s hardware address from receiver’s IP address

4 9/28/20044 Address Resolution Protocol Protocol maps each IP address to corresponding hardware address in subnetwork For computer i to get hardware address of computer j, i broadcasts a rqst message with IP address of j to the subnetwork Internet i j r default router switch rqst(ipa.j)

5 9/28/20045 Address Resolution If j sees a rqst message from i with its IP address, j sends a rply message with its IP address and hardware address to i Internet i j r default router switch rply(ipa.j,hda.j)

6 9/28/20046 Functions of ARP Three functions of ARP Resolving IP addresses Supporting dynamic assignment of addresses Detecting destination failures

7 9/28/20047 ARP Spoofing Attack To stop traffic from i to j, an adversary sends to i a spoofed rply message with IP address of j and a non-existent hardware address Internet i j A r default router switch rply(ipa.j,hda.x)

8 9/28/20048 Another ARP Spoofing Attack To stop traffic from i to default router r, an adversary sends to i a spoofed rply message with IP address of r and its own hardware address Internet i j A r default router switch rply(ipa.r,hda.A)

9 9/28/20049 Countering ARP Spoofing Attacks Proposed solutions include ARPWATCH and static ARP caches ARPWATCH monitors transmission of rqst and rply messages over Ethernet and check them against a database of (IP addr, hardware addr) pairings Static ARP cache stores permanent (IP addr, hardware addr) pairings of trusted hosts to avoid sending rqst and rply messages over Ethernet

10 9/28/200410 Insufficiencies of Proposed Solutions ARPWATCH does not support dynamic assignment of IP addresses Static ARP caches does not support dynamic assignment of IP addresses and detection of destination failures

11 9/28/200411 Need for Secure Address Resolution When a computer receives a message m, it needs to determine whether m was indeed sent by claimed source, or was inserted, modified, or replayed by an adversary Use secure address resolution protocol between each computer and a secure server

12 9/28/200412 Architecture of Secure Address Resolution Protocol

13 9/28/200413 Adversary The adversary can perform three types of actions to disrupt communication between server s and any computer h[i] on the Ethernet Message loss Message modification Message replay

14 9/28/200414 Secure Address Resolution Protocol Use three mechanisms to counter adversary actions timeouts to counter message loss shared secrets to counter message modification nonces to counter message replay

15 9/28/200415 Invite-Accept Protocol Periodically, server s sends out an invt message to every computer on Ethernet Every up computer is required to send back an acpt message including its IP address and hardware address s updates its address database according to received acpt messages

16 9/28/200416 Invite-Accept Protocol s  h[0..n-1]: invt(nc, md) where md=MD(nc;scr[0])||MD(nc;scr[1])||…||MD(nc;scr[n-1]) h[i]  s: acpt(nc, ipa[i], hda[i], d) where d=MD(nc;ipa[i];hda[i];scr[i])

17 9/28/200417 Request-Reply Protocol When a computer needs to resolve a destination’s hardware address, it sends a rqst message to server s If destination’s hardware address is still valid, s sends back a rply message with address information If destination’s hardware address is not valid anymore, s sends back a rply message with no address information

18 9/28/200418 Request-Reply Protocol h[i]  s: rqst(nc, ipa[j], d) where d=MD(nc;ipa[j];scr[i]) If found, s  h[i]: rply(nc, ipa[j], hda[j], d) where d=MD(nc;ipa[j];hda[j];scr[i]) If not found, s  h[i]: rply(nc, ipa[j], 0, d) where d=MD(nc;ipa[j];0;scr[i])

19 9/28/200419 Extensions Four extensions of secure address resolution protocol Insecure address resolution Backup server System diagnosis Address resolution across multiple Ethernets

20 9/28/200420 Next Class IPsec Authentication Header (AH) Encapsulation Security Payload (ESP) key management

Download ppt "Ethernet Network Systems Security Mort Anvari. 9/28/20042 Ethernet Most widely used LAN technology Low cost and high flexibility Versions of different."

Similar presentations

A Client Side Defense against Address Resolution Protocol (ARP) Poisoning George Mason University INFS 612, Spring 2013 Group #3 (C. Blair, N. Eisele,

A Client Side Defense against Address Resolution Protocol (ARP) Poisoning George Mason University INFS 612, Spring 2013 Group #3 (C. Blair, N. Eisele,
Chapter 5 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the operation of the Ethernet sublayers.

Chapter 5 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the operation of the Ethernet sublayers.
Switching & Operations. Address learning Forward/filter decision Loop avoidance Three Switch Functions.

Switching & Operations. Address learning Forward/filter decision Loop avoidance Three Switch Functions.
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
 As defined in RFC 826 ARP consists of the following messages ■ ARP Request ■ ARP Reply.

 As defined in RFC 826 ARP consists of the following messages ■ ARP Request ■ ARP Reply.
Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.

Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 8 Address Resolution Protocol.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 8 Address Resolution Protocol.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
IP Routing: an Introduction. Quiz 0-31 32-63 64-95 96-127 128-159 160-191 192-223 224-255.

IP Routing: an Introduction. Quiz
Overview of simple LANs. Networking basics: LAN TCP/IP is the protocol used in the Internet and dominates the internet and transport layers The subnet.

Overview of simple LANs. Networking basics: LAN TCP/IP is the protocol used in the Internet and dominates the internet and transport layers The subnet.
© Janice Regan, CMPT 128, 2007-2012 0 CMPT 371 Data Communications and Networking Ethernet, ARP.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Ethernet, ARP.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Network Layer (Part IV). Overview A router is a type of internetworking device that passes data packets between networks based on Layer 3 addresses. A.

Network Layer (Part IV). Overview A router is a type of internetworking device that passes data packets between networks based on Layer 3 addresses. A.
Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.

Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 3 Address Resolution Protocol (ARP)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 3 Address Resolution Protocol (ARP)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google