Upload
megan-hopkins
View
219
Download
0
Embed Size (px)
Citation preview
CS162 Section
Lecture 12
22.2
Digital Certificates
Alice
CertificateAuthority
{Alice, }
(offline) identity verification
E({ , Alice}, Kverisign_private)
Digital certificate
D(E({ , Alice}, Kverisign_private), Kverisign_public) = {Alice, }
• How do you know is Alice’s public key?• Main idea: trusted authority signing binding between Alice and
its private key
Bob
22.3
Passwords
• Password check: SHA(password-entered) and check against stored SHA(true-password). Password not stored in plaintext. If obtain password-hash file, can try to crack password. SHA: given SHA(true-password), very hard to find x such that SHA(x)=SHA(true-password)
• Dictionary attack: 10^4 words in dictionary, 10^8 guesses/second All two-word combinations (case insensitive) in one second
• Salt: Precompute SHA(dictionary) for faster search. Related: SHA(apple) matches *any* user with “apple” password. Salt Instead of storing SHA(password), store 1234:SHA(1234password). Rainbow table size prohibitively large, so back to online hashing: Have to try “apple” for every user individually.
22.44/16/2012 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring2012
Example: Normal Execution
void get_cookie(char *packet) { . . . (200 bytes of local vars) . . . munch(packet); . . .}void munch(char *packet) { int n; char cookie[512]; . . .
code here computes offset of cookie in packet, stores it in n
strcpy(cookie, &packet[n]); . . . }
return address backto get_cookie()
cookie
n
Stack
X
X - 4
X - 8
X - 520
X - 524return address backto munch()
strcpy()’s stack …
get_cookie()’s stack frame
X + 200
22.5
Example: Buffer Overflow
void get_cookie(char *packet) { . . . (200 bytes of local vars) . . . munch(packet); . . .}void munch(char *packet) { int n; char cookie[512]; . . .
code here computes offset of cookie in packet, stores it in n
strcpy(cookie, &packet[n]); . . . }
return address backto get_cookie()
n
Stack
X
X - 4
X - 8
X - 520
X - 524return address backto munch()
get_cookie()’s stack frame
X + 200
cookievaluereadfrompacket
22.64/16/2012 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring2012
Potential Solutions• Don’t write buggy software
– Program defensively – validate all user-provided inputs– Use code checkers (slow, incomplete coverage)
• Use Type-safe Languages (Java, Perl, Python, …)– Eliminate unrestricted memory access of C/C++
• Use HW support for no-execute regions (stack, heap)
• Leverage OS architecture features – Address space randomization– Compartmentalize programs
» E.g., DNS server doesn’t need total system access
• Add network firewalls
22.74/16/2012 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring2012
Firewall
• Security device whose goal is to prevent computers from outside to gain control to inside machines
• Hardware or software
Firewall
Internet
Attacker
22.8
No safety in numbers
• Today: estimated that a single worm could compromise 10M hosts in < 5 min using a zero-day exploit
• Unpatched stock Win7 machine lasts less than 10 mins before compromise (without firewall). Not even enough time to download patches. Download in advance and patch offline.
22.9
(D)DOS
• $ motive: extortion. Threaten to disable flowers.com on Mother’s Day.
• If attack centralized, can filter IP block. IP source spoofing. Egress filtering. Botnets legitimately have a lot of IP addresses
• Largest botnets in 1-5 million range. Even if have techniques to stop flooding hosts… Consider a site with 10k users each clicking a link every 60 seconds. Now have 5 million machines each acting like a normal user – can’t distinguish good from bad.
22.104/16/2012 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring2012
SYN Attack
(Recap: 3-Way Handshaking)
• Goal: agree on a set of parameters: the start sequence number for each side– Starting sequence numbers are random.
Client (initiator) Server
SYN, SeqNum = x
SYN and ACK, SeqNum = y and Ack = x + 1
ACK, Ack = y + 1
22.114/16/2012 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring2012
SYN Attack
• Attacker: send at max rate TCP SYN with random spoofed source address to victim– Spoofing: use a different source IP address than own– Random spoofing allows one host to pretend to be many
• Victim receives many SYN packets– Send SYN+ACK back to spoofed IP addresses– Holds some memory until 3-way handshake completes
» Usually never, so victim times out after long period (e.g., 3 minutes)
22.124/16/2012 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring2012
Solution: SYN Cookies
• Server: send SYN-ACK with sequence number y, where – y = H(client_IP_addr, client_port)– H(): one-way hash function
• Client: send ACK containing y+1
• Sever: – verify if y = H(client_IP_addr, client_port)– If verification passes, allocate memory
Lec 23.134/18 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring 2012
Miscellaneous
• Input sanitation: SQL injection, Cross-site scripting (XSS)
• Cookie/session hijacking over open wifi• Some MITM attacks leverage temporary DOS attack to
disable legit site and then pose as the legit site.• Example MITM: become default gateway and rewrite
URLs from “https” to “http”; users don’t notice not secured.
22.14
• Napster: centralized directory of files on all machines. Single point of failure.
• Gnutella: no centralized directory. Broadcast with TTL; not scalable.
• Gnutella v2 (Kazaa): Special peers (fast network connection and CPU) become local directories. No single point of failure.
• DHT (Chord, CAN)
C
A
B B
D
C
C
DB
C
m2 m3m4
m7
m8
m10
m11
m13m15m17
B: m2, m3D: m4…
B: m7D: m8…
C: m10, m11…
C: m13…
A: m15C: m17…
Leaf nodes
Ultrapeer
nodes
m1
Lec 23.154/18 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring 2012
Content Addressable Network (CAN)
• Associate to each node and item a unique id in an d-dimensional space, e.g., torus
• Properties – Routing table size O(d), i.e., each node needs to know
about O(d)– Guarantees that a file is found in at most d*n1/d steps,
where n is the total number of nodes
Lec 23.164/18 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring 2012
CAN Example: Two Dimensional Space
• Nodes: n1:(1, 2); n2:(4,2); n3:(3, 5); n4:(5,5);n5:(6,6)
• Items: f1:(2,3); f2:(5,0); f3:(2,1); f4:(7,5);
1 2 3 4 5 6 70
1
2
3
4
5
6
7
0
n1 n2
n3 n4n5
f1
f2
f3
f4
Lec 23.174/18 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring 2012
CAN: Query Example
• Each node knows its neighbors in the d-space
• Forward query to the neighbor that is closest to the query id
• Example: assume n1 queries f4
1 2 3 4 5 6 70
1
2
3
4
5
6
7
0
n1 n2
n3 n4n5
f1
f2
f3
f4
Lec 23.184/18 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring 2012
Content Addressable Network (CAN)
• Properties – Routing table size O(d), i.e., each node needs to know
about O(d) neighbors– Guarantees that a file is found in at most d*n1/d steps,
where n is the total number of nodes• Example: grid with n node (d = 2)
Lec 23.194/18 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring 2012
BitTorrent (2001)
• Allow fast downloads even when sources have low up-link capacity
• How does it work?– Seed (origin) – site storing the file to be downloaded– Tracker – server maintaining the list of peers in system– Split each file into pieces (~ 256 KB each), and each
piece into sub-pieces (~ 16 KB each)– The loader loads one piece at a time– Within one piece, the loader can load up to five sub-
pieces in parallel
Lec 23.204/18 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring 2012
BitTorrent: Download Algorithm
• Download consists of three phases:
• Start: get a piece as soon as possible– Select a random piece
• Middle: spread all pieces as soon as possible– Select rarest piece next
• End: avoid getting stuck with a slow source, when downloading the last sub-pieces– Request in parallel the same sub-piece– Cancel slowest downloads once a sub-piece has been
received
(For details see: http://bittorrent.org/bittorrentecon.pdf)
Lec 23.214/18 Anthony D. Joseph and Ion Stoica CS162 ©UCB Spring 2012
Bittorrent: Handling Freeriders• Free riders: peers that use the network without
contributing (with the upstream bandwidth)– When a peer's upload bandwidth is saturated, it
exchanges upload bandwidth for download bandwidth– If peer U downloads from peer C and doesn’t upload in
return, C chokes download to U
C
U
C
U
choke