Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
2
Outline
Threats and security techniques
Secret key cryptography
Hash functions
Authentication
Public key cryptography and Digital signatures
Certificates and Kerberos
Access control
Firewalls
Virtual private networking
IPsec and SSL
Intrusion detection
Denial of Service (DoS)
Java cryptography (homework)
3
Introduction
Security is an important problem in network computing
because networking is central --> all data and network
security issues are relevant to network computing
One can view secure computing as
Secure communications: how to counter threats related to
network
• Based on cryptography
• Addressed at least at application layer, eg, encryption,
assuming network is completely untrusted
• Attention is growing at other layers, eg, data link
encryption, packet encryption, secure transport layer
Secure hosts: mainly access control
• VPNs, firewalls, IDS,…
4
Types of Attacks
*Mobile code:
viruses, worms,
Trojan horses,…
A B
interception
A B
interruption
B
interruption
(denial of service)
A B
modification,
eg, replay
A B
fabrication ,
eg, masquerade
5
Threats and Security Mechanisms
Interception: eavesdropping - loss of privacy
Privacy is protected mainly by cryptography
Interruption: loss of service
Blocking of communications or denial of service attacks
Generally difficult to protect against in an open network
Modification: capture and alteration
Hashes (message digests) can ensure data integrity
Nonces (timestamps) can help protect against replay attacks
(e.g., retransmit login ID and password)
6
Threats and Mechanisms (cont)
Fabrication: masquerade
Digital signatures can authenticate sender
But some man-in-middle attacks can be hard to protect against
Mobile code security
Still open problem
Most security experts believe perfect security is impossible
Practical level of security involves trade-off between tolerable
risks and acceptable cost
7
Cryptography
From Greek words meaning “hidden or secret” (kryptos) and
“writing”
Originated in techniques for hiding messages, now called
steganography. Such as an ancient Italy, Giovanni Porta
developed an ink to write a message on a hard boiled egg
shell, which permeated shell to leave a message on the inner
egg under the shell.
Steganography hides existence of message but message
can be read if discovered
Cryptography hides meaning of message, not its existence
Steganography Digital Watermarking
8
Cryptography (cont)
Basic purpose is to change (scramble) a message before
transmission to prevent an eavesdropper from reading
Based on mathematical transformations, involving an
encryption algorithm and key
Cryptography can be combined with steganography, eg,
German agents in WWII encrypted messages and reduced
to photographic microdots carried on innocent-looking
letters. Some latest technologies, eg, watermarking and
information hiding, are also related to this.
Plaintext Encryption Decryption Plaintext Ciphertext
9
Secret Key (or Symmetric Key)
Cryptography
Secret key K Secret key K
Plaintext X Encryption Decryption Plaintext
X = DK(Y)
Ciphertext
Y = EK(X)
Encryption algorithm changes plaintext into ciphertext
Decryption uses same secret key (or “symmetric key”
because keys are same)
Assumes that sender and receiver have securely shared secret
key somehow
Confidentiality depends on secrecy of key
10
Cryptanalysis
Cryptanalysis tries to recover key, plaintext, or both
Usually encryption algorithm is known (not a secret)
Block ciphers operate on blocks of plaintext independently,
one at a time, producing blocks of ciphertext
Stream ciphers process elements continuously and produce
continuous ciphertext
Ciphertext only attack: cryptanalyst knows only the
ciphertext (and encryption algorithm)
Brute force trying all possible keys can take too long (usually
keys are intentionally long)
Statistical analysis is possible if cryptanalyst knows nature of
plaintext (eg, English)
11
Cryptanalysis (cont)
• 12% E, 9% T, 8% R, 7% I or N or A or O
• 2-letter combinations = digrams, most common is “TH”
• 3-letter combinations = trigrams, most common is “THE”
But strong encryption algorithms are typically designed and
able to withstand frequency analysis
Known plaintext attack: cryptanalyst also knows samples of
plaintext and their ciphertext
Easier to deduce key in this case than ciphertext only attack
Encryption algorithms are generally designed to withstand this
attack
Chosen plaintext attack: if cryptanalyst can somehow
choose the plaintext messages to be encrypted
12
DES (Data Encryption Standard)
64-bit plaintext
Stage 1 subkey 1
56-bit key
: :
64-bit ciphertext
Stage 16
Permutation
32-bit swap
Permutation
Permutation
Permutation
subkey 16 Permutation Left shift
:
Left shift
13
History of DES
Late 1960s IBM research project on cryptography led by
Horst Feistel
All symmetric block encryption algorithms are generally based
on Feistel block cipher. 1971 led to Lucifer algorithm.
1973 NIST request for proposals for national cipher
standard
1977 IBM’s refined Lucifer algorithm adopted as DES
DES (data encryption standard) standardized in 1977 for US
unclassified info
Most widely used modern encryption algorithm (until AES)
DES Critics wondered if 56-bit keys (reduced from original
Lucifer’s 128-bit keys) is too short for brute force attack
Rumor that NSA shortened to 56-bit key for secret reasons
14
DES Attack
56-bit keys --> 256 = 7x1016 possible keys, brute force attack
seemed unlikely
1997 RSA Laboratories issued $10,000 DES I challenge to find
DES key given a ciphertext and partially unknown plaintext
Rocke Verser began brute force attack distributed over
Internet, eventually joined over 70,000 computers --> found
key in 84 days after searching 14% key space
Latest DES III challenge to find 56-bit key was solved under 24
hours on January 18, 1999, after searching 30% key space
For more info:
http://www.rsa.com/rsalabs/node.asp?id=2091
http://en.wikipedia.org/wiki/Data_Encryption_Standard
15
Triple DES
Double DES: use two 56-bit keys with 2 encryption stages
But equivalent in power to single DES --> same as 56-bit key
K1 K2
X Encryption Encryption
Triple DES: uses two 56-bit keys in 3 stages --> effective
strength = 112-bit key
Much more secure but processing is much slower
K1 K2
X Encryption Decryption
K1
Encryption
16
AES
1997 NIST invited proposals for a new encryption standard
AES (advanced encryption standard) to replace DES
DES is vulnerable to differential cryptanalysis discovered in
1990 by Biham and Shamir - looks at differences between
pairs of ciphertext and uses differences to learn the key
DES also vulnerable to linear cryptanalysis discovered by
Matsui - works against most block ciphers
15 algorithms were submitted and evaluated for strength
and performance (implementability)
5 finalists: Mars (IBM), RC6 (RSA), Rijndael (Joan Daemen,
Vincent Rijmen), Serpent (Ross Anderson, Eli Biham, Lars
Knudsen), Twofish (Bruce Schneier and others)
17
AES (cont)
2000 Rijndael (“rain doll”) selected for AES
Symmetric block cipher supporting blocks of 128 bits and
key sizes of 128, 192, or 256 bits
Strong against various known cryptanalysis methods:
differential, truncated differential, linear, interpolation, and
Square attacks
In CBC MAC (cipher block chaining message authentication
code) mode, can be used as a hash function and
pseudorandom number generator
More info:
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
18
Hash and Message Digests
Hash is a one-way (irreversible) function: variable-length
message M fixed size digest H(M), 48-196bits
Easy to computer H(M) but not easy to find M given H(M)
M1<>M2 H(M1)<>H(M2)
Even if two messages are similar, their digests will appear very
different (“weak collision resistance” property)
Popular hash algorithms:
MD5 by Ron Rivest Produces 128-bit digest
SHS (secure hash standard, NIST) Produces 160-bit digest
Hash essentially acts as a fingerprint of a message
Mainly used to simplify digital signatures
Password hashing
Doesn’t need to know password to verify it
Store H(P+S), S (salt), and compare it with user-entered p
More Info: http://en.wikipedia.org/wiki/Cryptographic_hash_function
19
Hash for Mutual Authentication
Alice and Bob share a secret key K
Alice cannot reverse response from Bob to discover K, but
can verify that his response used the correct K
Similarly, Bob can verify that Alice knows K
A challenge-response protocol
Alice Bob
Random number A
H(A,K)
Random number B
H(B,K)
20
Hash for Data Authentication/Integrity
Works if Alice and Bob share a secret key K
A third party cannot change M and compute a correct
H(M,K) without knowledge of K
Alice Bob
Message M
H(M,K)
21
Problems with Secret Keys
Secret key must be shared (before a private connection can
be established)
1. Key is shared physically, eg, mail, telephone call
Hard to scale; impractical for a communications network
Need a unique key for every pair of users --> each user must
keep track of many keys
2. If a secure connection exists to third party, this party can
distribute key
Need for a key distribution center, eg, Kerberos
All parties need a unique key (master key) to communicate
with center
Two parties are assigned a temporary key (session key) for
duration of a connection
3. Diffie-Hellman protocol (Whitfield Diffie, Martin Hellman)
22
Diffie-Hellman Key Exchange
Two parties can exchange a secret number over an unsecure channel
Alice and Bob know a prime number p and a second number g =
“primitive root” of p (both can be public)
This means (g mod p, g2 mod p,.., gp-1 mod p) are all distinct
Each chooses a random number less than p and keeps private, say A
and B
Alice computes T(A) = gA mod p. Bob computes T(B) = gB mod p.
They exchange T(A) and T(B) over unsecure channel
Alice computes key = T(B)A = gBA mod p. Bob computes key = T(A)B
= gAB mod p Result in same number
A third party knows g, p, T(A), T(B), but it is considered
computationally infeasible to calculate A from T(A) or B from T(B),
especially if p is a large prime, because T(.) is a one-way modular
arithmetic operation
23
Diffie-Hellman (cont)
Alice Bob
Alice chooses A=3 (secret) Bob chooses B=6 (secret)
g=7, p=11
Alice computes 73 mod 11 = 2 Bob computes 76 mod 11 = 4
Alice sends 2 to Bob Bob sends 4 to Alice
Eavesdropper Eve can intercept 2 and 4,
but insufficient to discover the key
Alice computes 43 mod 11 = 9 Bob computes 26 mod 11 = 9
Alice learns key = 9 Bob learns key = 9
24
Public Key Cryptography
1976 Diffie and Hellman postulate concepts of public key
cryptography
Encryption key is public --> anyone can encrypt message to
Alice using Alice’s public key
Decryption key is secret to Alice --> only Alice’s secret key can
decrypt a message
Public key K1 Private key K2
Plaintext X Encryption Decryption Plaintext
X = DK2(Y)
Ciphertext
Y = EK1(X)
More Info: http://en.wikipedia.org/wiki/Public-key_cryptography
25
RSA
1978 RSA (Rivest-Shamir-Adleman at MIT) is the first
published (and patented 1983) public key algorithm
Parameters:
p, q = two chosen prime numbers [private]
n = pq [public]
e = chosen number such that greatest common denominator
between e and (p-1)(q-1) is 1 [public]
d = e-1 mod (p-1)(q-1) [private]
Private key = {d,n}
Public key = {e,n}
Justification depends on Euler’s theorem and properties of
prime numbers
26
RSA (cont)
To prevent discovery of (p,q) by exhaustive search, both p
and q should be large prime numbers
Computationally difficult to find large prime numbers
System can be attacked mathematically, essentially to
factor the product of 2 large prime numbers (n = pq)
1977 RSA issued $100 challenge to discover plaintext for an
RSA-encrypted cipher, believed to be computationally
impossible to break (428-bit key)
1994 challenge was solved by team working over Internet after
8 months - equivalent to 5,000 MIPS years
More info: http://www.rsa.com/rsalabs/node.asp?id=2092
More Info: http://en.wikipedia.org/wiki/RSA
27
Public Key Cryptography (cont)
Advantages:
Private key never needs to be distributed
Private keys can be changed at any time, only requires new
public key to be published
Misconceptions:
Public key crypto is not inherently more secure than secret key
crypto - depends only on key size
Public key crypto will not replace or supercede secret key
crypto - public key crypto is used mainly for authentication
Key distribution is not trivial
28
Digital Signatures
Diffie-Hellman postulated a digital counterpart to
handwritten signatures that guarantee the sender of a
message could be authenticated
Using RSA, private key can be used to verify sender identity
RSA has property that encrypt/decrypt keys are
interchangable
Plaintext
Encrypt
Alice sends:
Plaintext
Bob receives:
Alice’s private key
Decrypt
Alice’s public key
29
Key Distribution
If public keys are public, why not broadcast them?
Public announcements can be easily forged
Publicly available directory?
Assume parties can register their public keys securely in a
public directory maintained by a trusted organization
Parties can update their keys at any time
Entire directory is published periodically
But this depends on integrity of the directory authority - if an
attacker obtains private key of authority, could counterfeit
public keys
Need better security for distribution of public keys from
authority
30
Key Distribution (cont)
Improve public key authority:
1) A sends a timestamped request to authority
for public key of B
2) Authority’s reply is encrypted with its private key
so A can decrypt the reply with authority’s public key
• Reply contains B’s public key, copy of A’s request, A’s original
timestamp
3) A uses B’s public key to encrypt a message to B
• Message contains A’s identity and timestamp
4), 5) B retrieves A’s public key from the authority in similar manner
6) B uses A’s public key to send a message to A with A’s old
timestamp (to authenticate B), B’s new timestamp
7) A replies with encrypted B’s timestamp (to authenticate A)
Public key
authority
A B
1 2
3
4 5
6
7
31
Certificate Authority
But parties must still fetch public keys from authority for
every communication --> possible bottleneck
Possible to exchange public keys without contacting a
public key authority for every communication?
Certificate = public key and name, given to party with matching
private key (owner)
Only a trusted CA can create certificates
Parties exchange certificates directly without contacting CA
A party can verify that certificate was created by CA, and
can read certificate for name and public key of the owner
32
Certificate Authority (cont)
Creation of certificates:
A sends its public key (by some secure channel) to CA and
requests certificate
CA uses its private key to encrypt <timestamp, A’s name, A’s
public key> and sends this certificate to A
Verification of certificates:
If A sends certificate to B, B uses CA’s public key to decrypt
the certificate
If B can read the certificate, it verifies that certificate
originated from CA
Certificate provides A’s name and public key
Timestamp can be used to validate the currency of the
certificate (against replay attacks)
33
PKI and Certificate Validation
Public Key Infrastructure
Rooted tree of CAs
Cascading issuance
Any CA can issue cert
CAs issue certs for children
… … …
Root
CA1 CA2 CA3
CA11 CA12 CA21 CA22 CA1n
Cert11a Cert11b Cert11c … … … …
Certificate
Signature
More Info: http://en.wikipedia.org/wiki/Public_key_infrastructure
34
Kerberos
Developed at MIT to help authenticate users at workstations
to servers in a distributed system (network)
Servers should be restricted to authorized users, and requests
for services should be authenticated
Users must be authenticated for each service, and servers
must be authenticated to clients
Without elaborate authentication protocols needing to be built
into each server - Kerberos provides a centralized
authentication service
Using only conventional cryptography, no public key
cryptography
Should be reliable, scalable, and secure against
eavesdroppers
More Info: http://en.wikipedia.org/wiki/Kerberos_(protocol)
35
Kerberos (cont)
System consists of authentication server (AS) and ticket
granting service (TGS)
Alice identifies herself to AS
AS sends back her name and a session key, encrypted by a
secret key shared between Alice and AS (only Alice can
read)
AS also sends a ticket to Alice for use with TGS
Ticket holds Alice’s identity and assigned session key,
encrypted by a secret key shared between AS and TGS (only
TGS can read)
36
Kerberos (cont)
Now to talk with Bob, Alice must request TGS to generate a
session key for Bob
Alice sends ticket (to prove her identity), Bob’s identity, and
timestamp (against replay) to TGS
TGS returns a ticket with a session key and Alice’s identity,
encrypted with a secret key shared by TGS and Bob (so
Alice can send ticket to Bob and only Bob can read)
Alice can send ticket to Bob to verify her identity
More Info: http://en.wikipedia.org/wiki/Kerberos_(protocol)
37
Access Control Matrix
Entry M[s,o] lists the operations that subject “s” can request
on object “o”
If subject requests to invoke a method on object that is not in
list, then invocation is denied by reference monitor
s1
s2
s3
:
o1 o2
M[s,o]
o3 …
Subjects
Objects
38
Access Control (cont)
Matrix can become very large with many users and many
objects, but many entries might also be empty
One approach: Each object keeps its own access control list
(ACL)
ACL = list of access rights of subjects who are authorized to
access the object
This approach distributes the access control matrix to
individual objects
Alternatively, access control can be distributed to subjects
Subjects authenticate themselves (to an authentication server)
and get certificates, eg, Kerberos ticket-granting server gives
“tickets”
39
Access Control (cont)
Tickets are protected against forgery and modification
Tickets are presented for access to services
Advantages of tickets/certificates
A trusted authority can handle authentication and certificates,
independent of the servers themselves
Certificates allow access rights to be delegated
Delegation allows work to be migrated from one process to
another, without adversely affecting protection of resources
• Eg, a host gives print server its access rights to a file to be
printed
Delegation of authority is common in distributed systems to
allow jobs to be moved to remote processes while giving those
processes access to needed resources
40
Firewalls
Firewalls protect a system from external access by filtering
packets
Often combined with routers or gateways because filtering is
based on processing packet headers and applying a security
policy
All incoming and outgoing traffic goes through firewall -->
firewall is single point of monitoring, accounting, and control
Firewall itself should be immune to attack
Firewalls can regulate
Direction of traffic: which side initiates service requests
Services: filter inbound and outbound services based on IP
addresses, port numbers
41
Firewalls (cont)
User access: restricts users’ access to services, applied to
users inside firewall
Behavior: application-level gateways can inspect the contents
of packets to control how services are used, eg, filter out email
that is spam
Packet-filtering router type of firewall:
For every inbound and outbound packet, examines IP packet
header (IP addresses, protocol number) and TCP/UDP header
inside payload (TCP/UDP port number)
Filter = list of values to match each inspected field and rules to
apply
Actions = discard or forward the packet
42
Firewall Known Limitations
Firewalls cannot protect inside users from each other, or
inside resources from malicious users within the firewall
Firewalls often let through malicious mobile code (viruses,
Trojans, applets)
Firewalls are ineffective if they can be bypassed (eg, by
some other means of communications, eg, dialup)
Once connected to a valid service that service can be exploited
Ineffective against exploits using software vulnerabilities,
eg, buffer overflow attacks
Packet-filtering firewalls are hard to configure correctly
More Info: http://en.wikipedia.org/wiki/Firewall_(computing)
43
Virtual Private Networking (VPNs)
Companies now often have multiple offices nationwide
Need to communicate securely --> private networks using
leased lines
But leased lines will be expensive, hard to reach globally, and
private network will be totally closed to outside
communications
Private
LAN
Private
LAN
Private
LAN
Leased lines
More Info: http://en.wikipedia.org/wiki/Virtual_Private_Networking
44
Internet
VPNs (cont)
VPNs work as a private overlay network over the public
Internet
Depends on tunneling packets through Internet, eg, using
IPsec
• Real packet sits inside an outer IP packet --> tunnels
serve as “virtual” leased lines
Communications only between participants in the private
network, protected against non-participants
Private
LAN
Private
LAN
Tunnels
Private
LAN
45
VPNs (cont)
IPsec in tunneling mode can be used for VPNs
IPsec provides authenticated and encrypted packets
These packets are carried in payloads of regular IP packets
(tunneled)
Tunnels begin and end at secure VPN equipment at
company sites (eg, firewalls/gateways capable of IPsec)
A B
Gateway Gateway
New IP
Header
AH or ESP
Header
TCP
Data
Orig IP
Header
Encrypted
46
IPsec (IP Security)
IP obviously lacks any security features
Security can be done at application layer, but leaving it
solely to applications complicates applications development
Network layer security could handle authentication and/or
encryption of packets, helping applications that have not
been developed with security
Security-aware applications can also work over a secure
network
IETF specifications for a security “framework” (not a
protocol) at IP level in 3 functional areas
47
IPsec Protocol Suite
(IKE)
Internet Key
Exchange
(AH)
Authentication
Header
(ESP)
Encapsulating
Security Payload
(SPS)
Security Policy
System
Manual
Policy/Configuration
Managent Key Management Packet Processing
48
IPsec (cont)
Authentication: using authentication header (AH)
Confidentiality: add encapsulating security payload (ESP)
Key management: using ISAKMP (Internet security association
and key management protocol)
• Complex and flawed
New concept of security association (SA) = one-way
relationship between sender and receiver with traffic
protected by one or more security services (authentication,
confidentiality, protection from replay)
SA is identified by parameters carried in packets
SA indicates the security algorithms to apply
49
IPsec - Authentication Header
IPsec itself is algorithm-independent (can work with multiple
algorithms)
New AH header can be inserted right after IPv4 header or
can be IPv6 extension header
Provides data integrity, sender authentication, protection
against replays, but not encryption
Next header Payload length Reserved (unused)
Security parameters index
Sequence number
Authentication data (HMAC)
50
IPsec- AH (cont)
Next header: the normal value of the protocol field (protocol
field is now 51 to indicate the presence of AH header)
Payload length: length of AH header in 4-byte units
Security parameters index: to identify the security
association for this packet
Sequence number: unique number of the packets sent on
this security association, to protect against replay attacks
Authentication data: hashed message authentication code
(HMAC) = digital signature computed by a hash over the
packet (including some header fields) with a shared secret
key
51
IPsec - Encapsulating Security Payload
New ESP header can be used alone or after AH header
Adds privacy (packet payload is encrypted)
Security parameters index: to identify security association
for this packet
Sequence number: to protect against replay
Security parameters index
Sequence number
Packet payload (encrypted)
52
Secure Sockets layer (SSL)
SSL: to any TCP-based app using SSL services.
SSL: used between WWW browsers (originated by Netscape), servers for e-commerce (https).
SSL security services:
server authentication
data encryption
client authentication (optional)
TLS (Transport Layer Security from IETF) is based on SSL with some changes, can be viewed as SSLv3.1.
TCP
IP
SSL
HTTP
53
SSL (cont)
Encrypted SSL session:
Browser generates symmetric session
key, encrypts it with server’s public key,
sends encrypted key to server.
Using private key, server decrypts
session key.
Browser, server know session key. All
data sent into TCP socket (by client or
server) encrypted with session key.
SSL: basis of IETF Transport Layer
Security (TLS).
SSL can be used for non-Web
applications, e.g., IMAP.
Client authentication can be done with
client certificates.
Client Server
(1) Client Hello (algorithms)
(2) Server Hello (alg selection)
(3) Server Certificate
(4) ClientKeyRequest
(5) ChangeCipherSuite
(6) ChangeCipherSuite
(7) Finished
(8) Finished
54
Intrusion Detection
Intruders may include unauthorized outsider
(“masquerader”) trying to access a system like a legitimate
user; legitimate user (“malfeasor”) trying accesses that are
not authorized or misusing his privileges; or intruder
(“clandestine user”) trying to get supervisory control of
system and modifying access controls or auditing
Attempt to gain access to system (via password cracking),
elevate privileges on system, or create dummy account
Or worms/Trojans can leave backdoors (eg, Back Orifice,
netbus, Subseven)
First objective should be prevention of intrusions, but
intrusion detection is additional defense
55
Firewall Versus IDS (Intrusion Detection System)
Firewall
Active filtering
Fail-close
Network IDS
Passive monitoring
Fail-open
FW
IDS
56
Intrusion Detection (cont)
If intrusions cannot be prevented, intrusion detection tries to
identify an intrusion attempt as quickly as possible to
minimize changes of damage
Effective intrusion detection might deter future attacks
Data collected from intrusion detection might be useful to
improve intrusion detection techniques
Assume that behavior of intruders is different from legitimate
users
2 general approaches:
Statistical anomaly detection: collect statistical data about
“normal” user behavior and establish a baseline normal profile
• If someone’s behavior deviates from the baseline, it is
flagged as possible intruder
57
Intrusion Detection (cont)
Rule-based detection: define a set of rules to decide that
behavior appears suspicious
• Could be implemented as an expert system
No system is perfect, and errors can be classified as
False positives: authorized users mis-identified as intruders
False negatives: intruders not identified as intruders
Systems try to minimize false positives and false negatives
Additional utilities for intrusion detection might include
ps or top: to list the processes running on a machine
lsof: to list all open files belonging to active processes on
machine
logcheck: to monitor the system log for changes and compare
to user-specified list
58
Intrusion Detection (cont)
portsentry: to watch for port access attempts
tripwire: computes and stores checksums for files to detect any
changes, or changes in permissions
tcpdump and tcpshow, or snort: lists all packets sniffed on a
LAN in promiscuous mode
netstat: to show open connections
After identification of intruder, usually system administrator
must investigate further
Intruders may use “rootkits” or “autorooters” to hide their
tracks
More Info: http://en.wikipedia.org/wiki/Intrusion_detection_system
59
Denial of Service (DoS) Attacks
Unlike other forms of computer attacks, goal isn’t access or
theft of information or services
The goal is to stop the service from operating
To deny service to legitimate users
This is usually a temporary effect that passes as soon as
the attack stops
How Can a Service Be Denied? Lots of ways
Crash the machine
Or put it into an infinite loop
Crash routers on the path to the machine
Use up a key machine resource
Use up a key network resource
Using up resources is the most common approach
More Info: http://en.wikipedia.org/wiki/Denial-of-service_attack
63
DDoS Defense Approaches
Detect anomalous behavior of packets to routers and
filter/drop packets with particular characteristics
Pushback
Traceback
D-WARD
Netbouncer
SOS
Proof-of-work systems
Distributed solutions
Cossack
DefCOM
64
Trustworthiness System and Trust Computing
The system does what is required
Despite disruption, errors, and attacks
The system does not do other things
Encompasses
Correctness
Reliability
QoS
Security
Privacy
Safety
Survivability
Reputation