| Title | A Look Back at “Security Problems in the TCP/IP Protocol Suite” [Link] | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Author | Steven M. Bellovin | bellovin@acm.org | |||||||||||||||||||||||||||||||||||||||||||||||||
| Publishing | 20th Annual Computer Security Application Conference “classic paper” (ACSAC)AT&T Labs – Research | Year | 2004 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Abstract | About fifteen years ago, I wrote a paper on security problems in the TCP/IP protocol suite, In particular, I focused on protocol-level issues, rather than implementation flaws. It is instructive to look back at that paper, to see where my focus and my predictions were accurate, where I was wrong, and where dangers have yet to happen. This is a reprint of the original paper, with added commentary. | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary | Security issues & Defenses
Comprehensive Defenses: Authentication, Encryption, Trusted Systems |
||||||||||||||||||||||||||||||||||||||||||||||||||
| Note | This paper covers a general idea of overall security problems in TCP/IP suite. It also provides a lot of references to see countermeasures of certain issues at a glance.This paper is based on what the author wrote original paper back in 1989. It reviews different types of protocol flaws itself and possible attacks from TCP sequence guessing, routing protocol issues to application layer protocols such as finger, POP3, SNMP, DNS, and FTP. Also he corrected wrong descriptions in previous paper if any as well as defense techniques and their limitations against such attacks. | ||||||||||||||||||||||||||||||||||||||||||||||||||
Tag: network
Attacks against SSL/TLS – BEAST/CRIME/BREACH
(a) BEAST (Browser Exploit Against SSL/TLS)
- By Juliano Rizzo and Thai Duong, 2011 @ ekoparty Security Conference in Buenos Aires, Argentina
- Decrypts secure cookies against CBC mode (i.e AES or 3DES) in TLSv1
<References>
Demo and description: http://vnhacker.blogspot.com/2011/09/beast.html
Paper: http://packetstormsecurity.com/files/download/105499/Beast-SSL.rar/
Proof of Concept with javascript: http://erlend.oftedal.no/blog/beast/
(b) CRIME (Compression Ratio Info-leak Made Easy)
- By Juliano Rizzo and Thai Duong, 2012 @ ekoparty Security Conference in Buenos Aires, Argentina
- leverages compression side-channel, recovers the HTTP request headers
- Injects partial chosen plaintext (CPA) into a victim’s requests + measures the size of encrypted traffic
- HTTP-level compression: gzip (RFC 1952), defalte (RFC 1951)
- Mitigated by disabling TLS/SPDY compression
<References>
1. Wiki: http://en.wikipedia.org/wiki/CRIME_(security_exploit)
2. Tor and BEAST: https://blog.torproject.org/blog/tor-and-beast-ssl-attack
3. Schneier’s Article: https://www.schneier.com/blog/archives/2011/09/man-in-the-midd_4.html
4. Generic attacks with compression: http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf
(c) BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext)
- By Angelo Prado, Neal Harris, and Yoel Gluck, 2013 @ Blackhat 2013
- CVE-2013-3587
- leverages compression, takes advantage of HTTP responses
- Mitigated by:Disabling HTTP compression
– Separating secrets from user input
– Randomizing secrets per request
– Masking secrets (effectively randomizing by XORing with a random secret per request)
– Protecting vulnerable pages with CSRF
– Length hiding (by adding random number of bytes to the responses)
– Rate-limiting the requests
<References>
1. Wiki: http://en.wikipedia.org/wiki/BREACH_(security_exploit)
2. Paper: http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf
3. PPT: http://breachattack.com/resources/BREACH%20-%20BH%202013%20-%20PRESENTATION.pdf
4. Source Code: https://github.com/nealharris/BREACH
BGP Security
You can download the slide: BGP Security
(This has been done as a part of homework in CSE508 in SBU CS.)
There are two different kinds of routing protocols: one is for interior purpose – IGP (Interior Gateway Protocol) and the other is for exterior purpose – EGP (Exterior Gateway Protocol). A good example of IGP would be RIP(Routing Information Protocol), OSPF (Open Shortest Path First) which is the most widely used, and EIGRP (Enhanced Interior Gateway Routing Protocol) which is proprietary by Cisco. In EGP, BGP (Border Gateway Protocol) is now de facto standard adapted by the Internet.
First we need to define a couple of terminologies.
1. AS (Autonomous System): A set of computers and routers under a single administration
2. RIB (Routing Information Base): BGP routing entries (Adj-RIB-In, Loc-RIB, and Adj-RIB-Out)
3. BGP Attribute: Types to decide path vector algorithm
(Origin=1, AS_Path=2, Next_Hop=3, MED=4, Local_Pref=5, Atomic_Aggregate=6, Aggregator=7)
As of Feb. 2014, there are more than 500,000 BGP routing tables available. (Check http://bgp.potaroo.net/bgprpts/rva-index.html) You may also want to know current AS summary. (Check http://cidr-report.org/as2.0/) Each BGP speaker uses RIBs and BGP attributes and installs NLRI (or best path) according to the following mechanism. (If the preference ties, then it considers next attribute in order.)
Highest weight →Highest LOCAL-PREF → Originated Source → Shortest AS-PATH → Lowest Origin (IBGP < EBGP < incomplete) → Lowest MED → EBGP over IBGP → Lowest IGP Metric → Lowest Route ID → Lowest Originator ID
The following figure illustrates 4 main BGP messages: OPEN, KEEP-ALIVE, UPDATE, and NOTIFICATION. The communication among BGP speakers maintains unicast over 179/tcp.
Now, let’s briefly take a look at BGP vulnerabilities from two perspectives. By running over TCP, listening on port 179, BGP is subject to be vulnerable through all kinds of TCP attacks: IP Spoofing, TCP RST, TCP RST using ICMP, Session Hijacking, and various denial of service attacks including SYN flooding and so forth. These lead target router to drop the BGP session and both peers withdraw routes, causing disruption of network connection. An attacker takes advantage of eavesdropping, blackholing, and/or traffic analysis by changing routes as well.
On top of that, with respect to BGP attacks, fundamental vulnerabilities arise from no mechanism which has specified within BGP in order to (a) validate the authority of an AS and (b) to ensure the authenticity of the path attribute by an AS. This allows an adversary to route manipulation such as message relaying, insertion, deletion, and modification as well as route hijacking. BGP-oriented attacks include:
(1) Route Flapping: repetitive changes rapidly cause the BGP routing table to be withdrawn and then re-advertised
(2) Route Deaggregation: announcing more specific route UPDATE causes a huge number of updates, which makes router crash and shut down
(3) (Unallocated) Route Injection: sending out incorrect routing information or transmitting routes to “bogon” prefixes
Lastly, here are BGP attack countermeasures to mitigate corresponding threats above.
1. Use authentication mechanism
- Use access control list.
- Use BGP peer authentication: MD5(Routing Advertisement + Shared Key), IPSecif available
- Configure BGP to allow announcing only designated netblocks
- Disable BGP version negotiation to provide faster startup
- Announce only preconfigured list of networks
2. Configure route manipulation protection
- Use BGP graceful restart
- Use max prefix limits to avoid filling router tables
- Filter all bogonprefixes with ingress/egress filtering
- Do not allow over-specific prefixes
- Turn off fast external failover, called route flap damping
- Record peer changes
3. Use secure protocol
- Only allow peers to connect to port 179 in TCP
- Randomize sequence number (against spoofing and session hijacking)
- Consider deploying S-BGP or BGPSec
[References]
RFC 4271 -A Border Gateway Protocol 4 (BGP-4), which obsoletes RFC 1771, 1772
RFC 4272 -BGP Security Vulnerabilities Analysis
RFC 2439 –BGP Route Flap Damping
http://moo.cmcl.cs.cmu.edu/~dwendlan/routing/
http://www.cisco.com/web/about/security/intelligence/protecting_bgp.html