Security Problems in theSecurity Problems in theTCP/IP Protocol SuiteTCP/IP Protocol Suite

Presented by:Presented by:

Sandra Daniels, JosSandra Daniels, Joséé Nieves, Nieves, Debbie Rasnick, Gary TusingDebbie Rasnick, Gary Tusing

Article by: S. M. BellovinArticle by: S. M. BellovinAT&T Bell LaboratoriesAT&T Bell Laboratories

April, 1989 April, 1989

TCP/IP Protocol SuiteTCP/IP Protocol Suite

Widely usedWidely used Developed under DODDeveloped under DOD Serious security flawsSerious security flaws

Topics to be DiscussedTopics to be Discussed

Problems and defensesProblems and defenses Handshake sequence numbers Handshake sequence numbers RoutingRouting AuthenticationAuthentication Service protocolsService protocols

Comprehensive defensesComprehensive defenses ConclusionConclusion

TCP Sequence Number TCP Sequence Number

TCP HandshakeTCP Handshake C C →→ S: SYN (ISNc) S: SYN (ISNc) S S →→ C: SYN (ISNs), ACK (ISNc) C: SYN (ISNs), ACK (ISNc) C C →→ S: ACK (ISNs) S: ACK (ISNs) C C →→ S: data S: data

And/orAnd/or S S →→ C: data C: data

Mechanism Mechanism

ISNs variable incremented by constant ISNs variable incremented by constant (once per second) and by half that (once per second) and by half that amount each time a connection is amount each time a connection is initiated. ISNs a number precisely the initiated. ISNs a number precisely the round-trip between the client and server round-trip between the client and server

ISNs predictable, can be guessed by ISNs predictable, can be guessed by intruderintruder

No authentication except IP addressNo authentication except IP address

ProblemProblem

ISNs not true random numberISNs not true random number Easy to calculate or predictEasy to calculate or predict Can be used to spoof trusted hostCan be used to spoof trusted host Easy and cheap for IntruderEasy and cheap for Intruder

11

DefensesDefenses

Don’t use netstat protocolDon’t use netstat protocol Generate ISNs some other wayGenerate ISNs some other way

RandomizationRandomization

Use cryptographic algorithm with keyUse cryptographic algorithm with key Randomize increments instead of Randomize increments instead of

basing them on predictable or basing them on predictable or measurable factormeasurable factor

Defenses (cont.)Defenses (cont.)

USE DES to generate ISNsUSE DES to generate ISNs

Good LoggingGood Logging

Alerting mechanismsAlerting mechanisms

RoutingRoutingISSUESISSUES

Routing mechanisms Routing mechanisms can be abused can be abused Denial of Service – Denial of Service –

confusing routing confusing routing tablestables

Source RoutingSource Routing Reverse the TCP route Reverse the TCP route

on a request (if one is on a request (if one is used). used).

The attacker may be The attacker may be able to identify an IP able to identify an IP address and network address and network in the source domain, in the source domain, the first step gaining the first step gaining control of a hostcontrol of a host

POSSIBLE DEFENSESPOSSIBLE DEFENSES

Hard to defend Hard to defend Possibilities:Possibilities:

Local net rejects all Local net rejects all external packets external packets claiming to be from claiming to be from the local net (not the local net (not practical and extreme)practical and extreme)

Analyze source route Analyze source route and accept it only if and accept it only if trusted gateways are trusted gateways are listed (again, hardly listed (again, hardly practical)practical)

RIP AttacksRIP AttacksISSUESISSUES

RIP – Routing Information RIP – Routing Information Protocol (widely used)Protocol (widely used) Routing information Routing information

received is often received is often unchallengedunchallenged

Intruder can send bogus Intruder can send bogus routing information and routing information and thus re-direct packets to thus re-direct packets to a non-trusted entity, a non-trusted entity, network, or host network, or host (impersonating)(impersonating)

Hard to authenticate RIP Hard to authenticate RIP packetspackets

Bogus routing Bogus routing information disseminates information disseminates to other routersto other routers

POSSIBLE DEFENSESPOSSIBLE DEFENSES

Establishing a “paranoid” Establishing a “paranoid” gatewaygateway One that filters packets One that filters packets

based on source or based on source or destination address only, destination address only, not on the routenot on the route

Would have to make RIP Would have to make RIP more skeptical of the more skeptical of the routes that the router is routes that the router is willing to acceptwilling to accept

EGPEGPISSUESISSUES

Protocol for Protocol for communications communications between core routersbetween core routers

Impersonation of a Impersonation of a real gateway when real gateway when such is down is not such is down is not hard with this routing hard with this routing protocolprotocol Broadcast a route Broadcast a route

directing others to an directing others to an offline router, while offline router, while impersonating that impersonating that routerrouter

POSSIBLE DEFENSESPOSSIBLE DEFENSES

Always make Always make exterior gateways be exterior gateways be on the core network on the core network so that attacker has so that attacker has a harder time a harder time impersonating the impersonating the offline routeroffline router

ICMPICMPISSUESISSUES

The Internet Control The Internet Control Message Protocol is Message Protocol is used for echo used for echo requests from remote requests from remote hosts (connectivity)hosts (connectivity) ICMP attacks are ICMP attacks are

difficult because of difficult because of ICMP packet’s ICMP packet’s simplicitysimplicity

Yet, ICMP packets can Yet, ICMP packets can be used to:be used to:

Redirect routes (such Redirect routes (such as with RIP)as with RIP)

DoS attacksDoS attacks

POSSIBLE DEFENSESPOSSIBLE DEFENSES

Again, “paranoia”Again, “paranoia”

Restrict routing Restrict routing changes to specified changes to specified connections, not in connections, not in response to ICMP response to ICMP Redirect messagesRedirect messages

Check that an ICMP Check that an ICMP packet is tied up to a packet is tied up to a particular connection particular connection onlyonly

Authentication ServerAuthentication Server

Used instead of address-based authenticationUsed instead of address-based authentication

Nothing more than a Trusted Host that will Nothing more than a Trusted Host that will mediate our connections and establish mediate our connections and establish trusted identitiestrusted identities

Should not rely solely on TCP/IP for Should not rely solely on TCP/IP for authentication; should use some other authentication; should use some other algorithmalgorithm

Services WithinServices Withinthe Suitethe Suite

FingerFinger EmailEmail

POPPOP PCMAILPCMAIL

DNSDNS FTPFTP SNMPSNMP Remote BootingRemote Booting

FingerFinger

Problem: Gives away too much Problem: Gives away too much information to hackersinformation to hackers

Solution: Disable serviceSolution: Disable service

POPPOP

Problem: Conventional passwords are Problem: Conventional passwords are vulnerablevulnerable

Solution: One-time passwords using Solution: One-time passwords using cryptographic keycryptographic key

PCMAILPCMAIL

Problem: Same as POP, but also Problem: Same as POP, but also supports password-change command supports password-change command with unencrypted passwordswith unencrypted passwords

Solution?Solution?

DNSDNS

Problem: Sequence number attack Problem: Sequence number attack leading to spying on traffic/capturing leading to spying on traffic/capturing passwordspasswords

Solution: Run domain servers on Solution: Run domain servers on highly secure machines and use highly secure machines and use authentication on domain server authentication on domain server responsesresponses

DNS cont…DNS cont…

Problem: Recursive zone transfer Problem: Recursive zone transfer requests to download entire databaserequests to download entire database

Solution: Employ “refused” error code Solution: Employ “refused” error code for any requests from unidentified for any requests from unidentified serversservers

Also, Kerberos tickets can be used to Also, Kerberos tickets can be used to authenticate DNS queriesauthenticate DNS queries

FTPFTP

Problem: Use of simple passwords for Problem: Use of simple passwords for authenticationauthentication

Solution: One-time passwordsSolution: One-time passwords

Problem: Anonymous FTPProblem: Anonymous FTP Solution: Be careful with sensitive Solution: Be careful with sensitive

data (such as encrypted passwords)data (such as encrypted passwords)

SNMPSNMP

Problem: In the wrong hands, can Problem: In the wrong hands, can divulge too much informationdivulge too much information

Solution: Protect this service Solution: Protect this service (through authentication)(through authentication)

Remote BootingRemote Booting

Problem: Boot process can be Problem: Boot process can be subverted and new kernel with subverted and new kernel with altered protection mechanism can be altered protection mechanism can be substitutedsubstituted

Solution: Ensure boot machine uses Solution: Ensure boot machine uses random number for UDP source port random number for UDP source port and use 4-byte transaction IDand use 4-byte transaction ID

Trivial AttacksTrivial Attacks

ARPARP TFTPTFTP Reserved PortsReserved Ports

Comprehensive DefensesComprehensive Defenses

AuthenticationAuthentication EncryptionEncryption Trusted SystemsTrusted Systems

AuthenticationAuthentication

One of the overall problems is TCP/IP One of the overall problems is TCP/IP reliance on IP source address for reliance on IP source address for authenticationauthentication

Too easy to spoof IP addressToo easy to spoof IP address Needs some form of cryptographic Needs some form of cryptographic

authenticationauthentication Needham-Schroeder algorithm Needham-Schroeder algorithm

Needham-Schroeder Needham-Schroeder algorithmalgorithm

Relies on each host sharing a key with Relies on each host sharing a key with an authentication serveran authentication server

Versions exists for both private-key and Versions exists for both private-key and public-key cryptosystemspublic-key cryptosystems

Host wanting to communicate request Host wanting to communicate request key from authentication server & passes key from authentication server & passes a sealed version along to destinationa sealed version along to destination

At conclusion of dialog, each side has At conclusion of dialog, each side has verified id of otherverified id of other

Needham-Schroeder Needham-Schroeder algorithmalgorithm

Allows pre-authenticated connections Allows pre-authenticated connections that are safethat are safe

DNS provides ideal base for DNS provides ideal base for authentication systemsauthentication systems

Key distribution responses must be Key distribution responses must be authenticated and/or encryptedauthenticated and/or encrypted

EncryptionEncryption

Can defend against most problemsCan defend against most problems

Disadvantages:Disadvantages: ExpensiveExpensive SlowSlow Hard to administerHard to administer Uncommon in civilian sectorUncommon in civilian sector

EncryptionEncryption

Two types:Two types: Link Level includingLink Level including Multi-points link encryptionMulti-points link encryption

End-to-end encryptionEnd-to-end encryption

Major benefitsMajor benefits Implied authentication they provideImplied authentication they provide Provide privacyProvide privacy

Link Level EncryptionLink Level Encryption

Encrypting each packet as it leaves the Encrypting each packet as it leaves the hosthost

Excellent to protect confidentialityExcellent to protect confidentiality Works well against physical intrusionWorks well against physical intrusion

Weaknesses:Weaknesses: Broadcast packets are difficult to secureBroadcast packets are difficult to secure Implies trust of gatewaysImplies trust of gateways

Blacker Front EndBlacker Front End(BFE)(BFE)

A multi-point link encryption device for A multi-point link encryption device for TCP/IPTCP/IP

Looks to host as an X.25 DDN interfaceLooks to host as an X.25 DDN interface Sits between host and actual DDN lineSits between host and actual DDN line Receives call with new destination, Receives call with new destination,

contacts Access Control Center for contacts Access Control Center for permission and Key Distribution Center permission and Key Distribution Center for cryptographic keysfor cryptographic keys

BFEBFE

If local host is denied permission to If local host is denied permission to talk to remote host, appropriate talk to remote host, appropriate diagnostic code is returneddiagnostic code is returned

Special Emergency Mode when link to Special Emergency Mode when link to KDS or ACC is not workingKDS or ACC is not working

Permission checking can protect Permission checking can protect against DNS attacksagainst DNS attacks

Totally unauthorized host does not Totally unauthorized host does not receive sensitive datareceive sensitive data

BFEBFE

Also translates original “Red” IP Also translates original “Red” IP address to encrypted “Black” address to encrypted “Black” address using a translation table address using a translation table supplied by ACCsupplied by ACC

Foils traffic analysis which are bane Foils traffic analysis which are bane of all multi-point link encryptionof all multi-point link encryption

End-to-end encryptionEnd-to-end encryption

Above the TCP levelAbove the TCP level To secure conversations regardless of To secure conversations regardless of

number of hopsnumber of hops Or quality of links Or quality of links Appropriate for centralized network Appropriate for centralized network

management applicationsmanagement applications Key distribution/management greater Key distribution/management greater

problem (more pairs involved)problem (more pairs involved)

End-to-end encryptionEnd-to-end encryption

Encryption and decryption done before Encryption and decryption done before initiation or after termination of TCP initiation or after termination of TCP processing, host level software must processing, host level software must handle translations resulting in extra handle translations resulting in extra overhead for each conversationoverhead for each conversation

Vulnerable to denial of service attacksVulnerable to denial of service attacks

Trusted SystemsTrusted Systems

Hosted and routers rated B2 or Hosted and routers rated B2 or higher immune to attacks described higher immune to attacks described herehere

C2 level systems are susceptibleC2 level systems are susceptible B1 are vulnerable to some but not all B1 are vulnerable to some but not all

attacksattacks

ConclusionsConclusions1. Relying on IP source address for 1. Relying on IP source address for

Authentication is dangerousAuthentication is dangerous2. Second broad class of problems deals with 2. Second broad class of problems deals with

sequence number attacks sequence number attacks (unpredictable and unseen)(unpredictable and unseen)

3. Hosts should not be giving away 3. Hosts should not be giving away information gratuitously (finger and netstat)information gratuitously (finger and netstat)

4. Intelligent use of default routes4. Intelligent use of default routes5. Use verifiable point-to-point routing 5. Use verifiable point-to-point routing

protocols instead of broadcast-based routingprotocols instead of broadcast-based routing6. Network control mechanisms must be 6. Network control mechanisms must be

guardedguarded