Date post: | 08-Jun-2015 |
Category: |
Documents |
Upload: | johnsondon |
View: | 259 times |
Download: | 1 times |
Yan ChenLab for Internet and Security Technology (LIST)
Dept. of Electrical Engineering and Computer ScienceNorthwestern University
http://list.cs.northwestern.edu
Intrusion Detection and Forensics for Self-defending
Wireless Networks
Security Challenges in GIG Wireless Networks
• In addition to sharing similar challenge of wired net– High speed traffic (e.g., WiMAX)– Zero-day threats– Lack of quality info for situational-aware analysis:
attack target/strategy, attacker (botnet) size, etc.
• Wireless networks are more vulnerable– Open media
• Easy to sniff, spoof and inject packets
– Open access• Hotspots and potential large user population
• Attacking is more diverse– On media access (e.g., jamming), but easy to detect– On protocols (our focus)
Self-Defending Wireless Networks
• Network-based adaptive intrusion detection and mitigation systems for emerging threats– Polymorphic zero-day worm signature generation
(done)– Automated analysis of large-scale botnet probing
events for situation aware info (ongoing)
• Proactive vulnerability analysis and defense of wireless network protocols at various layers– WiMAX IEEE 802.16e: MAC layer (done)– Mobile IP v4/6: network layer (done)– Authentication layer (generalized to various wireless
& cellular networks, ongoing)
Outline
• Overall approach and achievement• Accomplishment this year
• Highlight: Error-message based DoS attacks of wireless networks and the defense
Accomplishments on PublicationsFour conference, one journal papers and two book chapters
– “Accurate and Efficient Traffic Monitoring Using Adaptive Non-linear Sampling Method", in the Proc. of IEEE INFOCOM, 2008
– “A Survey of Existing Botnet Defenses “, in Proc. of IEEE IWSSE 2008.– “Honeynet-based Botnet Scan Traffic Analysis", invited book chapter for
“Botnet Detection: Countering the Largest Security Threat”, Springer, 2007.
– “Integrated Fault and Security Management”, invited book chapter for “Information Assurance: Dependability and Security in Networked Systems”, Morgan Kaufmann Publishers, 2007.
– “Reversible Sketches: Enabling Monitoring and Analysis over High-speed Data Streams”, in ACM/IEEE Transaction on Networking, Volume 15, Issue 5, Oct. 2007.
– “Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms”, in the Proc. of the IEEE ICNP, 2007.
– “Detecting Stealthy Spreaders Using Online Outdegree Histograms”, in the Proc. Of IEEE International Workshop on Quality of Service, 2007.
• Collaborated publication with Dr. Keesook Han from AFRL
• Resulted from joint research on botnet.
• Obtain binary/source from Dr. Han
• Plan to use the testbed developed at AFRL
Accomplishments This Year• Automatic zero-day polymorphic worm
signature generation systems for high-speed networks– Fast, noise tolerant w/ proved attack resilience– Published in IEEE International Conference on
Network Protocols (ICNP) 2007 (14% acceptance rate).
– A patent filed through Motorola.– Potential technology transfer thru Motorola
ProtocolClassifier
UDP1434
Core algorithmsFlow
Classifier
TCP137
. . .TCP80
TCP53
TCP25
NormalTraffic Pool
SuspiciousTraffic Pool
Signatures
NetworkTap
KnownAttackFilter
Normal traffic reservoir
Real time
Policy driven
Limitations of Exploit Based Signatures
1010101
10111101
11111100
00010111
Our network
Traffic FilteringInternet
Signature: 10.*01
XX
Polymorphic worms might not have exact exploit based
signatures.
Polymorphism!
Vulnerability Signatures
• Use protocol semantics to express vulnerability• Work for all the worms which target the same
vulnerability
Vulnerability signature traffic
filteringInternet
XX Our network
Vulnerability
XX
Accomplishments This Year IIAutomating Analysis of Large-Scale Botnet Probing Events
• What scanning strategies does the probing employ ? • Is this an attack that specifically targets the site, or is
the site only incidentally probed as part of a larger attack ?
• Leverage honeynet for bot probe detection• Ten /24 honeynet from LBNL, five running honeyd,
others dark.
Approaches• Statistical testing of scan properties: trend, uniformity,
coordination, and use of pre-generated “hit lists.” • Two approaches for global property extrapolation
• Use IPID and ephemeral port # continuity• Use probe interarrival times
11
Extrapolated Properties and Results• Evaluated w/ 12 month LBNL traces (220GB)
– 49% uniform random scan– 40% hit list scan, majority of them (94%) also uniform
• Cross-validation with Dshield dataset– Largest global alert repository– All extrapolated scope within a factor of 1.5
12
Error-message Based DoS Attacks of Wireless
Networks and the Defense
13
Vulnerability and Attack Methodology• Processing error messages imprudently
– Error messages are in clear text before authentication
– Messages are trusted without integrity check
• Attacking requirements– Sniffing: easy for wireless networks– Spoofing before authenticated
• Easy for wireless LANs & doable for cellular networks
• Basic attack ideas Spoof and inject error messages or wrong messages
that trigger error messages to clients and/or servers.
• Maybe a known problem but largely ignored
14
Outline
• Vulnerability and Attack Methodology• Attack Case Studies
– EAP protocols for wireless and cellular networks
– Mobile IPv6 route optimization protocol (skipped)
• Countermeasures• Conclusions
15
EAP Authentication on Wireless Networks
EAP-FASTPEAPEAP-TTLS
EAP Over LAN (EAPOL)
Extensible Authentication Protocol (EAP)
EAP Layer
Data Link Layer802.11
WLAN
EAP-TLSAuthentication
method layer
TLSAuthentication
primitive
GSMUMTS/
CDMA2000
EAP-AKAEAP-SIM
Challenge/Response
16
TLS Authentication Procedure
Hello Request
Client Hello
Server HelloServer Certificate
Key-exchange messageServer Hello Done
Client Key-exchange messageChange cipher Spec
Client End Server End
Encrypted conversation over TLS
TLS finished
TLS finishedChange cipher Spec
TLS Handshake Protocol
Client and server negotiate a stateful connection using a handshake procedure.
17
DoS Attacks on TLS Authentication
• Sniff to get the client MAC address and IDs– Packet in clear text before authentication
• Send spoofed error messages– Before authentication is done, attacker spoofs
an alert message of level ‘fatal‘, followed by a close notify alert.
– Then the handshake protocol fails and needs to be tried again.
• Complete the DoS attack– The attacker repeats the previous steps to stop
all the retries
• When this attack happens, WPA2,WPA or WEP are all in clear text.
18
DoS Attacks on TLS: Illustration
• Sending Error Alert message of level Fatal• Can either attack client or server
Hello Request
Client Hello
Server HelloServer Certificate
Server Key-exchange messageCertification Request
Server Hello Done
CertificateClient Key-exchange message
Certificate VerifyFinished
Client End Server EndAttacker
Error Message
Error Message
Attack Point-1
Attack Point-2
19
DoS Attack on Challenge/Response over EAP-
AKA
Simple attack: Sending Error Rejection/ Notification message
Client End Server End
EAP-Request/Identity
EAP-Response/Identity (NAI)
AKA-Challenge (RAND, AUTN, MAC)
AKA-Response (RES, MAC)
EAP-Success
AKA-Authentication-Reject
AKA-Notification
20
DoS Attack Experiment on a WiFi Network with PEAP
Protocols • Hardware
– Wifi cards with Atheros chipsets (e.g., Proxim Orinoco Gold wireless adapter)
– MADWifi driver
• Code implementation– Libraries
• Sniffing: Libpcap library• Spoofing: Lorcon library
– Attacking code• About 1200 lines of C++ code in Ubuntu linux
21
Field Test Results
We conducted the EAP-TLS attack experiments at a Cafeteria.
•7 mobile hosts and one Attacker
• We’ve successfully attacked all of them in one of the two channels
22
Attack Efficiency Evaluation
• For example, when attack happens at the second point– Just need to send 156 bytes of message to
screw the whole 1049 bytes authentication messages.
Attack Point 1
Ratio by # of Messages 25.00% [1/4]
Ratio by Bytes 15.89% [78/491 ]
Attack Point 2
Ratio by # of Messages 28.57% [2/7]
Ratio by Bytes 14.87% [156/1049]
23
Scalability Evaluation by NS2 Simulations
• Vary the # of simultaneous sign-on clients up to 100– All results are based on an average of 100 runs.
• Shows that the attacker is scalable: very few clients are able to authenticate successfully.
24
NS-2 Simulation Results II• Even better results when sending error
messages more aggressively by reducing the CWMin parameter of the attacker – The back-off time of attacker is reduced.
25
Outline
• Vulnerability and Attack Methodology• Attack Case Studies
– EAP protocols for wireless and cellular networks
– Mobile IPv6 route optimization protocol (skipped)
• Countermeasures• Conclusions
26
Countermeasures• Enhance the robustness of the
authentication protocol for wireless access– Delay decision making process by waiting for
a short time for a success message (if any) to arrive; and
– Give preference to success messages than the error ones.
– Implemented and successfully thwart EAP-TLS attacks
27
Conclusions• We have designed new methods to launch DoS
attacks on security protocols using error messages.
• We found that any security protocol is vulnerable to such attacks as long as it supports a few error messages before the authentication step.
• As far as we know, no authentication protocol currently is secure against such attacks.
• We demonstrated the effect of these attacks on TLS and MIPv6 protocols.
• We suggest a few guidelines for the protocol designers and implementers to defend such attacks.
asdf
• Proactively secure wireless networks via
searching unknown protocol vulnerabilities.
• Automatically detect and filter zero-day
polymorphic worms.
• Accurate network-based intrusion
detection and prevention.
• Complete protocol vulnerability
search and defense
• Network-based automatic signature
generation for polymorphic worms
• Efficient matching with a large vulnerability
signature ruleset
Intrusion Detection and Forensics for Self-defending Wireless Networks
Yan Chen, Northwestern University
Objective
Scientific/Technical ApproachAccomplishments
• Find error-message based attacks and propose defense schemes.
• Design & implement length-based signature generation for zero-day polymorphic worms.
Challenges• Various and complicated network protocols
• Large number of vulnerability signatures and high-speed traffic volume.
EAP-FASTPEAPEAP-TTLS
EAP Over LAN (EAPOL)
Extensible Authentication Protocol (EAP)
802.11
WLAN
EAP-TLS
TLS
GSMUMTS/
CDMA2000
EAP-AKAEAP-SIM
Challenge/Response
Vulnerability analysis of various wireless network protocols.
Backup Slides
29
The Spread of Sapphire/Slammer Worms
The Current Threat Landscape of Wireless Networks
• Wireless networks, crucial for GIG, face both Internet attacks and their unique attacks– Viruses/worms: e.g., 6 new viruses, including Cabir and
Skulls, with 30 variants targeting mobile devices– Botnets: underground army of the Internet, emerging
for wireless networks
• Big security risks for wireless networks– Few formal analysis about wireless network protocol
vulnerabilities – Existing (wireless) IDSes only focus on existing attacks
• Ineffective for unknown attacks or polymorphic worms
– Little work on attack forensics• E.g., how to identify the command-and-control (C&C) channel of
botnets?
Evaluation Methodology• Fully implemented and deployed to sniff a campus
router hosting university Web servers and several labs.• Run on a P4 3.8Ghz single core PC w/ 4GB memory.• Much smaller memory usage. E.g., http 791
vulnerability sigs from 941 Snort rules:DFA: 5.29 GB vs. NetShield 1.08MB
32
33
EAP and TLS Authentication
• Extensible Authentication Protocol (EAP) is a PPP extension – Provides support for additional
authentication methods within PPP. • Transport Layer Security (TLS)
– Mutual authentication – Integrity-protected cipher suite negotiation – Key exchange
• Challenge/Response authentication with pre-shared keys– Pre-shared key (Ki) in SIM and AuC– Auc challenges mobile station with RAND– Both sides derive keys based on Ki and
RAND
34
Practical Experiment
• For the 33 different tries– All suffered an attack at Attack Point-1– 21% survive from the first attack but failed at
the 2nd Attack Point.
EAP-TLS Attack Practical Experiment
Attack Point - 179%
Attack Point - 221%
Attack Point - 1 Attack Point - 2
35
• Simulate one TLS-Server, one TLS-Attacker and range the TLS-Clients between 1 to a maximum of 100. – The number of clients authenticate to the
TLS server simultaneously. – It’s extremely rare case
• Base Station was set up to interface between the wired and wireless networks.
• The duplex-link between the BS and the TLS-Server was of 100MBps with a 10ms delay.
36
Case 2:
Mobile IPv6 Routing-Optimization
protocol
37
Mobile IPv6• Mobile IPv6 is a protocol which allows nodes
to remain reachable while moving around in the IPv6 Internet. – Each mobile node is always identified by its
home address, regardless of its current point of attachment to the Internet.
– IPv6 packets addressed to a mobile node's home address are transparently routed to its care-of address.
– The protocol enables IPv6 nodes to cache the binding of a mobile node's home address with its care-of address, and to then send any packets destined for the mobile node directly to it at this care-of address
38
Return Routability Procedure
• The procedure begins when the MN sends HoTI message to CN through HA and CoTI message directly to CN.
• Upon the receipt of the Binding Update, CN adds an entry for the MN in its Binding Cache and optionally sends Binding Acknowledgement.
• Once this happens, MN and CN will be capable of communicating over a direct route. – This way, the route between MN and CN is
optimized.
39
•Once Return Routability happens, MN and CN will be capable of communicating over a direct route
•The route between MN and CN is optimized.
Return Routability Procedure
40
The Vulnerability
• Binding Error Vulnerability– Used to disable the Routing Optimization procedure.
• Binding Error message set Status to 2 (unrecognized MH Type value), Then the mobile node SHOULD cease the attempt to use route optimization.
• The Binding Error message is not protected.
• Bind Acknowledgement Vulnerability– The Bind Acknowledgement vulnerability affects the
Return Routability procedure• Binding Acknowledgement with status 136, 137 and
138 is used to indicate an error and not protected in any way
• Hence, it could be easily spoofed by an external entity
41
• Bind Error Vulnerability
HoTI
HoTI
CoTI
CoT
HoT
HoT
Bi nd Updat e (Sni ff ed by At t acker )
Spoofed Bind Error By Attacker
Bi nd Ack
Mobile Node Home Agent AttackerCorrespondent
Node
Retard Return Routability
Silently Discard Bind Ack
Start Return Routability
The Vulnerability
42
• Bind Acknowledgement Vulnerability
HoTI
HoTI
CoTI
CoT
HoT
HoT
Bi nd Updat e (Sni ff ed by At t acker )
Spoofed Bind Ack By Attacker
Bi nd Ack
Mobile Node Home Agent AttackerCorrespondent
Node
Retard Return Routability
Silently Discard Bind Ack
Start Return Routability
The Vulnerability
43
Experiment Environment
HA / Router
Access Router
CN / RouterGRE
GRE
GRE
GRE
GRE GRE
ETH
ETH
MNETH
MN
ETH
2001:106:2300::1 2001:106:2300::2
2001:106:2100::2
2001:106:2100::12001:106:2200::2
2001:106:2200::1
2001:106:2700::2
2001:106:2700::4
2001:106:1100::1
2001:106:1100::2
Notes:- All are linux boxes with one physical wired interface.- Diagram shows logical network connection. Physicaly, all are connected to each other through IPv4 LAN.- HA and AR run radvd on ETH interfaces with addresses 2700::2 and 1100::1 respectively.- MN movement is simulated by bringing the ETH interface on, once in home network and once in foreign network
44
Evaluation• The MIPv6 Experiment is based on a LAN testbed.
– Except the Mobile Node, all other components such as Home Agent and Correspondence Node are all connected via wired cable in the Northwestern network.
• We collected the data through 100 times experiment. Observed via the Wireshark running on the Mobile Node, for one successful attack, the time window is about 5ms in average and the Standard Deviation is 0.108ms for distribution
• The time consumed by computing the spoofed Error message is 0.0203ms in average. The closer the attack to the Mobile Node, the higher probability we get for launching a successful Error Message attack.
45
PEAP Enhancement
• Original WPA supplicant v0.5.10– Generate TLS ALERT on unexpected
messages– Stop authentication on TLS ALERT
• Delayed response implementation– Drop unexpected message silently– Wait for 1 second when receiving TLS ALERT
to allow multiple responses, and ignore TLS ALERT response if good responses are received.
• Verification– Redid the attack experiments and prove
the effect of the countermeasures