Network Architectures: Internet Security (Seminar, WiSe 2009/2010)

News / Aktuelles

Overview / Überblick

lecturer / Dozentin: Prof. Anja Feldmann,
Sonja Buchegger,
Prof. Jean-Pierre Seifert (FG SecT)
Contact Person / Ansprechpartner: Gregor Schaffrath,
Jan Böttger,
Doris Schiöberg,
Collin Mulliner (FG SecT)
Supervisors / Betreuer:

All supervisors / Alle Betreuer:
seminar@lists.net.t-labs.tu-berlin.de

event type / Veranstaltungstyp: advanced seminar / Hauptseminar
area / Gebiet: Diplom Informatik: Operating and Communication Systems / Betriebs- und Kommunikationssysteme (BKS)
Master of Computer Science: Communication-Based Systems
Master of Computer Engineering: Communication Systems
Bachelor of Computer Science: Communication Technology
Bachelor of Computer Engineering: Computer Science
Module(s) / Modul(e): part of the following modules / Teil folgender Module:
BINF-KT-NA/PJSE.W09, MINF-KT-NA/VTK.W09, MINF-KT-NA/VTG.W09.
SWS: 2
ECTS / LP: 3
Time / Zeit: tba
Room / Raum: tba
Preparatory Meeting / Vorbesprechung: 16 October 2009, 12:00 h,
in room TEL 1118/19
Deadline for Registration /
Anmeldung
bis:
20 October 2009
Course ID / Veranstaltungsnr.: 0432 L 822
Audience / Hörerkreis main course students / Hauptstudium
Prerequisites / Voraussetzungen: intermediate diplom, profound knowledge in computer networks and cryptology, good english for reading scientific papers /
Vordiplom, tiefgehendes Wissen in Rechnernetzen und Kryptologie, gutes Englisch, um wissenschaftliche Artikel zu lesen
Exam / Prüfung: talk and paper / Vortrag und Ausarbeitung

Content / Inhalt

The Internet influences our life more and more:
Many of us use electronic mail instead of writing with pen and paper, homebanking and ordering books over the web are in everyday life, and elections via Internet are in field tests. Furthermore, the interconnectedness gets denser and the day is near that every coffee maker is programmable through the internet and every car connects to its manufacturer for diagnosis.

But this implies many security risks as well: Spying and manipulating data, spam, intrusions, or denial-of-service attacs. This seminar deals with some major threats and possible counter-measures.

Das Internet gewinnt mehr und mehr Einfluss in unserem Leben:
Für viele von uns haben E-Mails Briefe aus Papier ersetzt, Homebanking und der Kauf von Büchern übers Web gehört zum Alltag und es werden bereits erste Versuche mit Wahlen über das Internet vorgenommen. Zudem wird die Vernetzung immer dichter und der Tag ist nah, an dem jede Kaffeemachine übers Internet programierbar ist und jedes Auto sich übers Netz zu Diagnosezwecken mit dem Hersteller in Verbindung setzt.

Damit verbunden sind aber auch viele Sicher­heits­risiken, z.B. das Ausspähen und die gezielte Manipulation von Daten, Spam, Intrusions‌/Eindringen in fremde Computer oder Denial-of-Service. In diesem Seminar werden wir uns mit einigen wichtigen Risiken und möglichen Gegen­maß­nahmen beschäftigen.

Organisation

Intention of the seminar

Zweck des Seminars

General Guidelines

Allgemeine Richtlinien

Seminar Certificate

To receive the Seminar Certificate we require:

The seminar certificate will have a grade, which will be made from above mentioned Criteria.

Seminar Schein

Zum Seminar wird ein Schein vergeben. Wir erwarten dafür konkret:

Es werden benotete Scheine ausgestellt, wobei die Note sich aus den obigen Komponenten zusammensetzt.

Schedule / Zeitplan

When/Wann? What? Was? Time
Need /
Aufwand?
16 October 2009, 12:00–14:00 Preparatory Meeting: Presentation of the supervisors, topic groups and topics
[PDF] slides from the meeting
Vorbesprechung: Vorstellung der Betreuer, Themengruppen und Einzelthemen
[PDF] Folien der Vorbesprechung
2h
until/bis
25 October 2009 (12:00)
Registration for the seminar via ISIS. At least three topic wishes and the Matrikelnummer are required. The topics are allocated by lot! Anmeldung zum Seminar per ISIS. Es müssen mindestens drei Themenwünsche und die Matrikelnummer angegeben werden. Die Themenvergabe wird ausgelost!
26 October 2009 Announcement of participant ↔ topic correlation in the web or per email Bekanntgabe der Zuordnung der Themen auf die Teilnehmer/innen im Web oder per E-Mail
until / bis
8 November 2009
elaborate the topic (search literature, sort it, read it – and if possible – understand it) Thema ausarbeiten (Literatur suchen, sortieren, lesen und – soweit es geht – verstehen) 20h
until / bis
9 November 2009, 8:00 a.m.
Send a short version of your seminar paper containing structural and short hints as to the planned content to your supervisor (as a discussion basis) Sende eine Kurzversion Deiner geplanten Ausarbeitung mit stichpunktartigen Informationen als Diskussionsbasis an Deinen Betreuer!
until / bis
13 November 2009
Meeting of every participant with his supervisor Treffen jedes/r Teilnehmers/in mit seinem/ihrem Betreuer 1h
until / bis
mid December 2009
summarize literature in a seminar paper (about 10 pages) Literatur in Form einer Seminarausarbeitung (ca. 10 Seiten) zusammenfassen. 20h
until / bis
14 December 2009
send seminar paper to supervisor Seminarausarbeitung an Betreuer mailen
until / bis
4 January 2010
read and correct seminar paper of the other participants of the group Korrekturlesen der Seminarausarbeitungen der anderen Gruppenteilnehmer 5h
susequently / anschließend Group meeting: exchange comments and helpful hints with each other. Attendance is mandatory! Gruppentreffen: Dabei werden die gegenseitigen Kommentare besprochen. Anwesenheit ist verpflichtend! 2h
until / bis
15 January 2010
incorporate results of the group meeting in seminar paper and send the revised version to supervisor Ergebnisse des Gruppentreffens in Seminarausarbeitung einarbeiten und überarbeitete Fassung an Betreuer mailen 5h
until / bis
29 January 2010
Prepare slides and send them to supervisor Vortragsfolien vorbereiten und an Betreuer mailen 10h
until / bis
5 February 2010, 8:00 a.m.
Meeting with supervisor: discuss slides Treffen mit Betreuer zur Besprechung der Folien 1h
until / bis
12 February 2010, 8:00 a.m.
incoporate comments of supervisor in slides and send final version to supervisor Treffen mit Betreuer zur Besprechung der Folien 5h
tba Prepare the talk Vorbereitung des Vortrags 5h
tba Talks
Attendance to all talks is mandatory!
Vorträge
Anwesenheit zu allen Vorträgen ist verpflichtend!
45min incl. Discussion per talk

Topics / Themen

FG INET

(Hide all abstracts & references / alle Zusammenfassungen und Referenzen ausblenden)

(Unhide all abstracts & references / alle Zusammenfassungen und Referenzen einblenden)

X.2 — Towards Optimal Firewall Rule Ordering Utilizing Directed Acyclical Graphs

Student/Bearbeiter: Jianhuang Liang; Supervisor/Betreuer: Ingmar Poese
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Firewalls enforce a security policy by inspecting packets arriving or departing a network. This is often accom- plished by sequentially comparing the policy rules with the header of an arriving packet until the first match is found. This process becomes time consuming as policies become larger and more complex. Therefore determining the appropriate action for arriving packets must be done as quickly as possible. The process of packet header matching can be improved if more popular rules appear earlier in the policy. Unfortunately, a simple sorting algorithm is not possible since the relative order of certain rules must be maintained in order to preserve the original policy intent. Utilizing Directed Acyclical Graphs (DAGs) to represent firewall policy, this paper will introduce a novel rule sorting technique. The technique is capable of considering sub-graphs of rules (inter-related by precedence constraints) and compare the advantage of placing and merging the rules that comprise them. Experimental results using a variety of policies will show that the proposed algorithm is able to find the optimal order in 98% of the example policies, which is substantially higher than other methods

(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

X.5 — Secure web browsing with the OP web browser?

Student/Bearbeiter: Taner Aydin; Supervisor/Betreuer: Benjamin Michéle
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks. Browser security efforts that retrofit existing browsers have had limited success because the design of modern browsers is fundamentally flawed. To enable more secure web browsing, we design and implement a new browser, called the OP web browser, that attempts to improve the state-of-the-art in browser security. Our overall design approach is to combine operating system design principles with formal methods to design a more secure web browser by drawing on the expertise of both communities. Our overall design philosophy is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit. At the core of our design is a small browser kernel that manages the browser subsystems and interposes on all communications between them to enforce our new browser security features.

To show the utility of our browser architecture, we design and implement three novel security features. First, we develop novel and flexible security policies that allows us to include plugins within our security framework. Our policy removes the burden of security from plugin writers, and gives plugins the flexibility to use innovative network architectures to deliver content while still maintaining the confidentiality and integrity of our browser, even if attackers compromise the plugin. Second, we use formal methods to prove that the address bar displayed within our browser user interface always shows the correct address for the current web page. Third, we design and implement a browser-level information-flow tracking system to enable post-mortem analysis of browser-based attacks. If an attacker is able to compromise our browser, we highlight the subset of total activity that is causally related to the attack, thus allowing users and system administrators to determine easily which web site lead to the compromise and to assess the damage of a successful attack. To evaluate our design, we implemented OP and tested both performance and filesystem impact. To test performance, we measure latency to verify OP's performance penalty from security features are be minimal from a users perspective. Our experiments show that on average the speed of the OP browser is comparable to Firefox and the audit log occupies around 80KB per page on average

(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

X.8 — Is Your Cat Infected with a Computer Virus?

Student/Bearbeiter: Meng Liu; Supervisor/Betreuer: Janis Danisevskis
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

RFID systems as a whole are often treated with suspicion, but the input data received from individual RFID tags is implicitly trusted. RFID attacks are currently conceived as properly formatted but fake RFID data; however no one expects an RFID tag to send a SQL injection attack or a buffer overflow. This paper is meant to serve as a warning that data from RFID tags can be used to exploit back-end software systems. RFID middleware writers must therefore build appropriate checks (bounds checking, special character filtering, etc..), to prevent RFID middleware from suffering all of the well-known vulnerabilities experienced by the Internet. Furthermore, as a proof of concept, this paper presents the first self-replicating RFID virus. This virus uses RFID tags as a vector to compromise backend RFID middleware systems, via a SQL injection attack.

  • Melanie R. Rieback, Bruno Crispo, Andrew S. Tanenbaum Is Your Cat Infected with a Computer Virus?, percom, pp. 169–179, Fourth IEEE International Conference on Pervasive Computing and Communications (PerCom'06), 2006

(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

X.10 — Beware of BGP Attacks

Student/Bearbeiter: Kai Kai Yang; Supervisor/Betreuer: Jan Böttger
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

This note attempts to raise awareness within the network research community about the security of the interdomain routing infrastructure. We identify several attack objectives and mechanisms, assuming that one or more BGP routers have been compromised. Then, we review the existing and proposed countermeasures, showing that they are either generally ineffective (route filtering), or probably too heavyweight to deploy (S-BGP). We also review several recent proposals, and conclude by arguing that a significant research effort is urgently needed in the area of routing security.

  • Ola Nordstrom and Constantinos Dovrolis, Beware of BGP Attacks, ACM Computer Communications Review, April 2004

(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

X.12 — Routing Security in Ad Hoc Networks

Student/Bearbeiter: Yu Han; Supervisor/Betreuer: Luigi Iannone
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

A mobile ad hoc network consists of a collection of wireless mobile nodes that are capable of communicating with each other without the use of a network infrastructure or any centralized administration. MANET is an emerging research area with practical applications. However, wireless MANET is particularly vulnerable due to its fundamental characteristics, such as open medium, dynamic topology, distributed cooperation, and constrained capability. Routing plays an important role in the security of the entire network. In general, routing security in wireless MANETs appears to be a problem that is not trivial to solve. In this article we study the routing security issues of MANETs, and analyze in detail one type of attack—the "black hole" problem—that can easily be employed against the MANETs. We also propose a solution for the black hole problem for ad hoc on-demand distance vector routing protocol

(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

X.13 — Security Considerations for Peer-to-Peer Distributed Hash Tables

Student/Bearbeiter: Ullrich Pfefferlein; Supervisor/Betreuer: Gregor Schaffrath
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Recent peer-to-peer research has focused on providing efficient hash lookup systems that can be used to build more complex systems. These systems have good properties when their algorithms are executed correctly but have not generally considered how to handle misbehaving nodes. This paper looks at what sorts of security problems are inherent in large peer-to-peer systems based on distributed hash lookup systems. We examine the types of problems that such systems might face, drawing examples from existing systems, and propose some design principles for detecting and preventing these problems.

(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

X.15 — Protecting DNS from Routing Attacks: A Comparison of Two Alternative Anycast Implementations

Student/Bearbeiter: Boran Quian; Supervisor/Betreuer: Ioannis Avramopoulos
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

DNS is a critical piece of the Internet supporting the majority of Internet applications. Because it is organized in a hierarchy, its correct operation is dependent on the availability of a small number of servers at the upper levels of the hierarchy. These \emph{backbone} servers are vulnerable to routing attacks in which adversaries controlling part of the routing system try to hijack the server address space. Using routing attacks in this way, an adversary can compromise the Internet's availability and integrity at a global scale. In this article, we evaluate the relative resilience to routing attacks of two alternative anycast implementations of DNS, the first operating at the network layer and the second operating at the application layer. Our evaluation informs fundamental DNS design decisions and an important debate on the routing architecture of the Internet.

(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

X.19 — Shunting: A Hardware/Software Architecture for Flexible, High-Performance Network Intrusion Prevention

Student/Bearbeiter: Mikolaj Pawel Chwalisz; Supervisor/Betreuer: Luigi Iannone
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Stateful, in-depth, inline traffic analysis for intrusion detection and prevention is growing increasingly more difficult as the data rates of modern networks rise. Yet it remains the case that in many environments, much of the traffic comprising a high-volume stream can, after some initial analysis, be qualified as of likely uninteresting. We present a combined hardware/software architecture, Shunting, that provides a lightweight mechanism for an intrusion prevention system (IPS) to take advantage of the heavy-tailed nature of network traffic to offload work from software to hardware.

The primary innovation of Shunting is the introduction of a simple in-line hardware element that caches rules for IP addresses and connection 5-tuples, as well as fixed rules for IP/TCP flags. The caches, using a highest-priority match, yield a per-packet decision: forward the packet; drop it; or divert it through the IPS. By manipulating cache entries, the IPS can specify what traffic it no longer wishes to examine, including directly blocking malicious sources or cutting through portions of a single flow once the it has had an opportunity to vet them, all on a fine-grained basis.

We have implemented a prototype Shunt hardware design using the NetFPGA 2 platform, capable of Gigabit Ethernet operation. In addition, we have adapted the Bro intrusion detection system to utilize the Shunt framework to offload less-interesting traffic. We evaluate the effectiveness of the resulting system using traces from three sites, finding that the IDS can use this mechanism to offload 55%-90% of the traffic, as well as gaining intrusion prevention functionality.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

X.25 — Secure Crash Reporting in Vehicular Ad hoc Networks

Student/Bearbeiter: Xiaokai He; Supervisor/Betreuer: Georgios Smaragdakis
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

We present AutoCore, an automated crash reporting application that uses VANETs (Vehicular Ad hoc NETworks) to provide authenticated digital video and telemetry data. This data is recorded by vehicles either involved in or at the scene of a crash and can be used by investigators to reconstruct the events that lead up to the crash. To secure this application, we present a security infrastructure that extends the state of the art in VANET security. In particular, the contributions of this infrastructure include (a) the concept of Road-worthiness Certificates, (b) use of these certificates in a practical scheme for the distribution of cryptographic vehicle credentials issued by regional transportation authorities, (c) a decentralized scheme for conditionally anonymous, inter-vehicle communication, (d) efficient support for the roaming of vehicles between different transportation authority jurisdictions and (e) an evaluation of our security infrastructure using AutoCore.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

FG SecT

X.30 — Xen on arm: System virtualization using xen hypervisor for armbased secure mobile phones

Student/Bearbeiter: Seo Sangwon; Supervisor/Betreuer: Matthias Lange
see SECT seminar website for details.

X.36 — A Chipset Level Network Backdoor: Bypassing HostBased Firewall & IDS

Student/Bearbeiter: Andreas Schmidt-Dannert; Supervisor/Betreuer: Patrick Stewin
see SECT seminar website for details.

X.47 — Analyzing Information Flow in JavaScript-based Browser Extensions

Student/Bearbeiter: Julien Lironcourt; Supervisor/Betreuer: Jean-Pierre Seifert
see SECT seminar website for details.

X.50 — On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core

Student/Bearbeiter: Loreto Felipe; Supervisor/Betreuer: Collin Mulliner
see SECT seminar website for details.

Agenda / Ablauf

Time/Zeit Topic/Thema Resources
Mi/Wed 24 Feb. 2010
12:30 – 12:35 Welcoming
12:35 – 13:20 Beware of BGP Attacks (Kai Kai Yang) Ausarbeitung / Paper
13:25 – 14:10 Security Considerations for Peer-to-Peer Distributed Hash Tables (Ullrich Pfefferlein) Ausarbeitung / Paper
14:15 – 15:00 Xen on arm: System virtualization using xen (Seo Sangwon) Ausarbeitung / Paper
15:00 – 15:15 Break / Pause
15:15 – 16:00 Secure web browsing with the OP web browser (Taner Aydin) Ausarbeitung / Paper
16:05 – 16:50 Analyzing Information Flow in JavaScript-based Browser Extensions (Julien Lironcourt) Ausarbeitung / Paper
16:55 – 17:40 Shunting: A Hardware/Software Architecture for Flexible, HighPerformance Network Intrusion Prevention (Mikolaj Pawel Chwalisz) Ausarbeitung / Paper
17:40 – 17:45 End of day 1
Fr/Fri 26 Feb. 2010
09:00 – 09:05 Start of day 2
09:10 – 09:50 Routing Security in Ad Hoc Networks (Yu Han) Ausarbeitung / Paper
09:55 – 10:40 Protecting DNS from Routing Attacks: A Comparison of Two Alternative Anycast Implementations (Boran Qian) Ausarbeitung / Paper
10:40 – 10:50 Break / Pause
10:50 – 11:35 Secure Crash Reporting in Vehicular Ad Hoc Networks (Xiaokai He) Ausarbeitung / Paper
11:40 – 12:25 Towards Optimal Firewall Rule Ordering Utilizing Directed Acyclical Graphs (Jianhuang Liang) Ausarbeitung / Paper
12:25 – 13:30 Break / Pause
13:30 – 14:15 On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core (Loreto Felipe) Ausarbeitung / Paper
14:20 – 15:05 Routing Scalability (Haoran Bai) Ausarbeitung / Paper
15:05 – 15:30 Wrap-up discussions and end of day 2

Literature / Literatur

The seminar treats recent publications from (among others) the following conferences / bei dem Seminar werden aktuelle Publikationen u.a. der folgenden Konferenzen behandelt:
SIGCOMM, IMC, PAM, Mobicom, P2P, NSDI, INFOCOM, CCS, NDSS, and Usenix ATC.

General references