Cyber Security - I

Computer Science and Information Technology I, Fall 2018

Hsu-Chun Hsiao
 Two-week Agenda
What is cyber security?
NSLab introduction
• DDoS defense
• IoT security
• Automated bug finding
• Web security
Security for fun and profit

2
 What is Security?
Security requirements
Threat model
Cost of security

3
4
 What is security?
Protect assets (e.g., data and communication) from
unauthorized actions

5
 What is security?
Protect assets (e.g., data and communication) from
unauthorized actions
Attackers = entities attempt to do unauthorized actions

Attacker may
• Eavesdrop
• Manipulate
• Denial of service
• …

6
 Security requirements
Properties that the protection should achieve

保密性 The CIA triad 完整性

可得性、可⽤性
7
 Confidentiality (保密性)
Confidentiality is protection from unauthorized disclosure
Eavesdropping on messages violates confidentiality

Eve/Mallory
A->B: here are the midterm
exam questions.

Unencrypted channel

Alice Bob
Internet or other comm. networks 8
 Trivia! Alice, Bob, and Eve
Alice and Bob are two commonly used placeholder
names in the security field.

http://billatnapier.com/desig n_tips240.htm

9
 Integrity (完整性)
Integrity is protection from unauthorized changes
Modification of messages violates integrity

A->B: see you at 6pm A->B: I don’t want to

see you again

10
 Availability (可⽤性)
Availability ensures intended users can access service
Denial of Service violates availability

11
Exercise: which security
requirement is violated?

12
 Memcrashed:
DDoS amplification using memcached
Mar. 2018: memcached amplification DDoS against Github at 1.3Tbps
Sep. 2016: Mirai IoT botnets caused DDoS at 620Gbps
Mar. 2013: DNS amplification against Spamhaus at 300Gbps

13
Exercise: which security
requirement is violated?

14
 KRACK: Key Reinstallation
Attack against WPA2
A security flaw in the WPA2 protocol
Attacker can trick victim to reinstall an already-in-use key
Key reuse breaks the security guarantee
Not as bad as it sounds…
• TLS (transport layer security) can mitigate this attack
• The attacker must be local and proactive

https://www.krackattacks.com
M. Vanhoef and F. Piessens, “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2,” in ACM CCS, 2017.
https://www.eff.org/deeplinks/2017/10/krack-vulnerability-what-you-need-know 15
Exercise: which security
requirement is violated?

16
 Meltdown and Spectre
Cache side-channel attacks that exploit CPU hardware
implementations (speculative execution) to leak data
Spectre takes advantage of CPU's branch prediction
Meltdown leverages out-of-order execution

https://meltdownattack.com/
https://www.kb.cert.org/vuls/id/584653 17
Exercise: which security
requirement is violated?

18
Exercise: which security
requirement is violated?

19
 Other security requirements
Authorization (䱇奚)
Access control (㶸《䱾ⵖ)
Accountability (〳娝顑䚍)
Auditability (〳珮呍䚍)
Authenticity (Ꙥⴽ䚍)
Non-repudiation (♶〳や钢䚍)
Anonymity (⼣そ)
Privacy (ꦡ猙)
…

20
 齡銴䙦랃⨞ⵌ忹宐♶怪
Wrong question!

100%㸞꣈狡䨾剤余乹㻜⹡♳僽⨞♶ⵌ涸
捀➊랃
• 갸皿剤ꣳ
• 佪腋꨾宠
• 劢濼涸余乹 (zero-day attacks)
• ꨈ⟃䱍䱾涸㔔稇 (㥶⢪欽罏涸⢪欽倰䒭)

21
The system is 100% secure

The system provides [Security Requirement]

against [Threat Model] under [Assumption]

ꆚ㼩余乹罏涸⧺鏤 Ⱖ➮涸⧺鏤&H
⧺㹁䨾

剤涸㹐䨩鿪♶㼟倞涮涸䲿
余乹罏涸腋⸂濼 妵⽓撑晚QP♳笪䧴僽䪾㺙
陏须彂瘞 焺デ鏰ⴽ➃

22
 ⢿㶩
The [system] provides [security requirement] against
[Threat Model] under [Assumption]

System = ATM䲿妵禺窡
Security requirement= 魨⟨钢阮
Threat model = 书ⵌ䲿妵⽓⚛✥鑑pin焺
Assumption = ⢪欽罏尝䪾pin焺㻨㖈⽓晚㤛♳䧴僽
欽欰傈殹pin焺

23
ざ椚涸threat model䖎ꅾ銴

24
 Threat model
Assumptions about the adversary
• Remember, we can’t fight against every possible attack.

Several well-known models exist

• Chosen-plaintext attack (CPA), chosen-ciphertext attack
(CCA)
• Honest-but-curious
• Adversary in the Dolev-Yao model
• …

25
 Threat model
Define by attacker’s capability, knowledge, and resource
Capability – what can the attacker do?
• E.g., passive vs. active
Knowledge – what does the attacker know?
• E.g., insider vs. outsider
Resource – how much resource does the attacker have?
• E.g., script kiddies vs. government-funded groups

What’s a reasonable threat model? It depends.

• Risk = impact of the attack – likelihood of the attack

26
 尝剤涯く涸⼯귭
– Cost of Security
Security comes with a price
• Ꟛ涮ㄤ笞隌涸䧭劥
• 禺窡佪腋꣮⡜
• ⢪欽罏䫵䚐

Technical challenge: making

security mechanisms cheaper,
faster, and more usable

27
 尝剤涯く涸⼯귭
– Cost of Security
〳腋涸余乹鸏랃㢵䙦랃鳵
尝鳵岁꣈⡎〳⟃湈ꆀ䲿⼮余乹䧭⸆涸ꨈ䏞
㹁纏♧⦐ざ椚涸threat model (㥶呏亙risk䱖䎸)
㊥欽Ⱏ❧须彂⿻儘⥜酢䊺濼♧菛䚍涸怪峯
• Sharing intel to help timely fixes
• Many exploit kits for known attacks; even script kiddies
can cause great damage.
䪾礶⸂佞㖈劢濼涸ꆚ㼩䚍涸余乹

28
㸞䚍《对倴剓䓳涸橇眏
Security is only as strong as the weakest link

User
Data
Web/App
Network
Software
Hardware
Attack: Find one Defense: Need to
place to penetrate secure every place
29
Defense in depth
Examples
• Two-factor authentication
• Anti-virus + firewall + IDS

We can combine multiple strategies

• Prevention
• Detection & Recovery
• Resilience
• Deterrence

30
 Security mindset:
Exercise Think about how to make it fail instead of
how to make it work!

What are the security requirements?

What’s the threat model? Is it reasonable?
通訊軟體 For regular users
For enterprises
For dissidents & journalists in
repressive countries

電⼦投票 For poll

For presidential election

31
NSLab Introduction

32
Landscape of Security Research

密碼學 安全協定/機制 安全實作 弱點偵測

Encryption Entity authentication Type-safe language Penetration testing
Digital Anonymous routing Control flow integrity Reserve
signature Public key Obfuscation engineering
Hash infrastructures Sandboxing Binary analysis
MAC Broadcast Run-time enforcement Dynamic taint
PRNG authentication Trusted computing analysis
Block ciphers Key management … …
… Secure e-voting
Encrypted email
…

33
 NSLab㖈⨞➊랃
Mitigation to
Unknown
Threats
IoT security
Theme 2: Protecting
critical infrastructures DDoS attack
from future threats and defense
Automated
預防未知攻擊 bug finding
Best Known
Security
Theme 1: Bridge the Practices
gap between current
Web security
and best practice
Measurement
弭平資安落差
Current
Security
Practices

34
DDoS Attack & Defense

35
Denial of Service (꣖倬剪⹡余乹)
雊⢪欽罏搂岁⢪欽䟝銴涸剪⹡
ꆚ㼩〳欽䚍(availability)涸余乹

36
 ꣖倬剪⹡余乹䌢鋅䩛岁
㣐ꆀ嶋罳Ⱏ欽涸须彂e.g. bandwidth, CPU,
memory

Internet or other comm. networks

37
 ⴕ侕䒭꣖倬剪⹡余乹
(Distributed Denial of Service)
㢵倴♧⦐余乹⢵彂
䲿넞余乹䓽䏞꣮⡜㋲♧⢵彂鄄⩏庠涸괐ꦖ

Internet or other comm. networks

38
 Botnet-driven DDoS
Botnet = 媛㾏笪騟

control flood

Botmaster
Victim

Bots

39
 Why DoS/DDoS?
䛌㑵⹗程
㉂噠畹昰
鱲獵搋럊
佟屛爚㪮
⵹㼬余乹
鸏珏余乹湱㼩矦㋲剤佪⿶ꨈ⟃꣈狡
• Botnet for hire (botnet as a service)
• Many tools available
• Flash crowds vs. attacks

40
http://map.norsecorp.com/
41
 DDoS余乹㣐✲鎹
Mar. 2013: DNS amplification against Spamhaus at 300Gbps
Mar. 2015: “Great Cannon” browser-based DDoS against GitHub
Sep. 2016: Mirai IoT botnets caused DDoS at 620Gbps
Oct. 2016: Mirai IoT botnets attacked critical Internet
infrastructure (Dyn DNS service provider), taking down GitHub,
Twitter, Reddit, Netflix, Airbnb, etc.
Mar. 2018: memcached amplification DDoS against Github at
1.3Tbps
DDoS attacks grow in volume, frequency and sophistication!

42
 How to DoS?
Resource exhaustion (Bandwidth, CPU, memory)
• Flooding hosts
• Flooding infrastructure
• Low-rate attacks exploiting protocol/algorithm
specification
System crashed via implementation vulnerabilities
• E.g., Ping of Death

43
 Recent trends of DDoS
Amplification attack
IoT-based botnets
Browser-based DDoS attack
DDoS attacking Internet infrastructures

44
 DDoS Amplification

Amplifier (e.g., open DNS resolver)

Faked Source IP: 10.0.0.1

Query: ANY

50-100x traffic!

IP: 10.0.0.1

45
 Amplification Factor
Memcached: 51,200x

Rossow, Christian. "Amplification hell: Revisiting network protocols for DDoS abuse." Symposium on
Network and Distributed System Security (NDSS). 2014.

How can we mitigate amplification attacks?

46
 Mirai IoT Botnets
Infected ~1 million IoT devices
• Simple tech: Scan IPv4 space & try 62 default passwords
• Vulnerable devices hacked in 6 mins after going online
Launched largest DDoS in history
• Sep 2016: DDoS at 620Gbps
• Oct 2016: attacked Dyn DNS service provider, taking down GitHub,
Twitter, Reddit, Netflix, Airbnb, etc.

47
 “Great Cannon” browser-based DDoS
DDoS Attack Targets Popular Anti-censorship Projects on Github
3 days into attack since Thursday March 26, 2015
Malicious JavaScript executed when users outside China visited
sites with Baidu’s user tracking code
Load https://github.com/greatfire/ and https://github.com/cn-
nytimes/ every two seconds

http://insight-labs.org/?p=1682
http://www.wsj.com/articles/u-s-coding-website-github-hit-with-cyberattack-1427638940
48
“Great Cannon” browser-based
DDoS

https://citizenlab.org /2015/04/chinas-great-cannon/

49
 How to mitigate DDoS
硬碰硬比誰資源多？
• 防禦小型攻擊ok
• 面對大型攻擊，就算是Google 也不保證撐得住

http://www.ithome.com.tw/news/90246

50
 How to mitigate DDoS
CAPTCHAs擋bot-based DDoS ?
• CAPTCHAs可以外包，有時還會擋人類
• 要先成功建立連線
• Cloud幫忙插CAPTCHAs有隱私問題

51
 How to mitigate DDoS
防火牆把攻擊流量過濾掉就好啦～？?
• 如何準確分辨誰是好人誰是壞人
• 有時打到家門口再過濾已經來不及了
• 防火牆本身也是bottleneck

It’s harder than you might think!

52
 General DDoS Defense Strategies
1. Overprovisioning/replication
• 硬碰硬，比誰資源多；分散攻擊力道
2. Traffic differentiation
• 分辨“好與壞”，移除惡意的連線
3. Fair sharing Many mitigation
mechanisms combine
• 公平分配資源，不讓壞人佔便宜 two or more strategies
4. Source identification and takedown
• 從源頭根除

53
 Practical and Privacy-aware
Cloud-based DDoS Mitigation
Su-Chin Lin, Wei-Ning Chen, Hsu-Chun Hsiao, “Challenges in Realizing Privacy-
aware Cloud-based DDoS Mitigation Mechanism,” in USENIX Security Symposium
Poster Session, August 2018.
Su-Chin Lin, Po-Wei Huang, Hsin-Yi Wang, Hsu-Chun Hsiao, “DAMUP: Practical and
Privacy-aware Cloud-based DDoS Mitigation,” in IEEE/IFIP Workshop on Security
for Emerging Distributed Network Technologies (DISSECT), April 2018.
Cloud-based DDoS Mitigation Service
By changing BGP or DNS of web server, the traffic is
redirected to the provider as a middle-man
Some provide Content Delivery Network (CDN)
service to achieve diversion of traffic

55
Without Cloud-based DDoS Mitigation

Naked Victim
Server

User

example.com

Adversary

56
With Cloud-based DDoS Mitigation

HTTPS private key sharing

User

Reverse
cloudProxy Victim Server
example.com
How to identify malicious traffic,
particularly, non-volumetric
Adversary DDoS attacks, if the traffic is
encrypted?

57
 HTTPS Private Key Sharing
Inspect the payload to filter malicious traffic
Modify the content (reCAPTCHA, PoW)
Add cookies to track the client

58
Privacy Concern of HTTPS Private
Key Sharing
Compromised cloud could expose users’ sensitive
data
• 2017: Cloudbleed bug allows an attacker to access out-
of-bound memory region, which may contain cookies,
passwords, private keys, etc.

User Cloud Server

59
 Goal: Practical & Privacy-
preserving DDoS Mitigation
Privacy-preserving

User

Cloud Server

Adversary

60
Our Work: DAMUP is also a cloud-
based architecture

User

DAMUP Server
Cloud

Adversary

61
For better privacy, no shared key
is required
No shared key required

User

DAMUP Server
Cloud

Adversary

62
A gateway is introduced to block
direct access to server Server

User

DAMUP
Cloud

Adversary Gateway

63
 Protocol Flow
Server
The server verifies the identity

User
Not under DDoS attack DAMUP
Cloud

Gateway

64
 Protocol Flow
Server

User

DAMUP
Cloud

Under DDoS attack

Adversary Gateway

65
How to embed the token such that cloud
can see it but won’t break privacy?
Embed the secure token in the URL
https://secure-token.example.com
TLS extension: Server Name Indication (SNI)

66
 Secure Token
Server
https://token.example.com/

User

DAMUP
Cloud

Adversary Gateway

67
 Secure Token
Privacy-preserving
• Not breaking end-to-end encryption
Customized policy defined by the server
Misuse prevention
• Token expiration time
• Traffic limit

68
 Secure Token Format
https://john123456-ln5njba-er….wd2.example.com
The maximum entropy in label name is 40 bytes
Client_id (10 bytes)
Expiration timestamp (4 bytes)
Separators (2 byte)
HMAC (20 bytes)
• E.g. truncate HMAC-SHA256

69
 Modification on The Server Side
DNS record (*.example.com)
Wildcard certificate (*.example.com)

70
 Prototype Implementation: When
NOT Under DDoS Attack
Both user and adversary can reach the site
https://www.protected-website.csie.org https://www.protected-website.csie.org

User Adversary

71
 When NOT Under DDoS Attack
Benign users acquire a secure token

72
 When Under DDoS Attack
Only users with valid secure token can reach the site
https://john123456-ln42jxq-
https://www.protected-website.csie.org
zt4xfr2cjhwv3mwu3nj00x0i0s3y3it4.protected-website.csie.org

User Adversary

73
 Mitigation Capability

1000 benign user connections

Successful connection: 11.4% → 99.8%
# of successful connections

74
 Latency
About 9% extra overhead for downloading images

75
IoT Security

76
 Internet of Things
Any consumer device with computation and connectivity
allows users to monitor and control remotely

Device Status
Air
conditioner
OFF
ON
Temperatur
e
30
28
TV OFF
Lock LOCKED
Camera OFF

77
 Growth of IoT

IoT Units Installed Base (Millions of Units)

25000
20415
20000

15000
11197
10000 8381
6382

5000

0
2016 2017 2018 2020

Source: Gartner

78
Why should we care about IoT
security?

Greater impact: Cyber Larger scale: Billions of

attack affects physical world public accessible (and
hackable) devices

79
 Greater Impact:
Cyber attack -> Physical attack

80
 Greater Impact:
Cyber attack -> Physical attack
Self-driving car vs. adversarial examples in ML

https://spectrum.ieee.org/cars-that-
think/transportation/sensors/slight-street-sign-modifications-can-fool-
machine-learning-algorithms

81
 Greater Impact:
Cyber attack -> Physical attack
Implantable medical devices
Medical equipment

pacemakers Surgical robots

82
 Greater Impact:
Cyber attack -> Physical attack

83
 Larger Scale:
Pervasive Privacy Breach

84
 Larger Scale:
Pervasive Privacy Breach
Internet-connected toys to spy on children
Recover passwords using motion sensor or
accelerometer on phone/wearable

85
 Larger Scale: Mirai IoT Malware
Infected ~1 million IoT devices
• Simple tech: Scan IPv4 space & try 62 default passwords
• Vulnerable devices hacked in 6 mins after going online
Launched largest DDoS in history
• Sep 2016: DDoS at 620Gbps
• Oct 2016: attacked Dyn DNS service provider, taking down GitHub, Twitter,
Reddit, Netflix, Airbnb, etc.

86
 We have seen that in IoT…
Old security issues linger (and worsen)
• Weak passwords
• Unpatched devices
• Privacy breach
• …
New security issues emerge
• Greater impact: Cyber attack affects physical world
• Larger scale: Billions of public accessible devices
• …

87
 Why challenging to secure IoT?
IoT devices are often cheap
• Not enough resource to run advanced protection
• However, security comes at a price!
Lack of interface
• Hard to update or check status
Too many types of devices
• No universal solution for all devices
Devices actuate based on untrusted input
• Collect – analyze – actuate

88
Example: Automation Service Providers
Connect Devices via Automation Rules

89
Automation Service Providers Connect
Devices via Automation Rules
Over 400 applications and
devices are supported
Over 19 millions rules are
created
Around 600 million rules
executed monthly

90
 Automation Service Providers Connect
Devices via Automation Rules
The user submits rules to the
cloud, and authorizes cloud to
access his/her devices If temperature reaches 25C then turn on fan
If TV is on then turn on light
If door is locked then turn off camera

The device sends an

update whenever its
state changes

91
 What Can The Cloud See?

If phone’s location is near home, then unlock door

Phone’s location is sent to the Once the trigger is satisfied, the
cloud for checking whether cloud performs this action — sending
this trigger is satisfied. an unlock commend to the door.

Data – trigger device’s state

Access pattern – when an action is performed over whose
device

92
 Why Encryption is Not Enough?

Encryption can hide data, but also complicate analysis

• Advanced cryptographic primitives such as homomorphic
encryption allow operations on encrypted data but cause
high overhead
Encryption cannot hide access patterns
• Data: camera feed, GPS location, power consumption, …
• Access pattern: access smart lock every day at 9am & 7pm

93
 Previous Work Assumes IoT
Automation Services are Trusted
Issues with misconfigured authorization protocols
• Fernandes et al. [1] explore over-privilege problems in
IFTTT
Issues with misconfigured automation rules
• Milijana et al. [2] check if information can flow from a
more restricted trigger to a less restricted action.
• Our previous work on exploiting chained automation
rules

Privacy-preserving automation services have not been studied before

[1] E. Fernandes, A. Rahmati, J. Jung, and A. Prakash, “Decentralized Action Integrity for Trigger-Action IoT Platforms,” in NDSS, 2018.
[2] M. Surbatovich, J. Aljuraidan, L. Bauer, A. Das, and L. Jia, “Some Recipes Can Do More Than Spoil Your Appetite: Analyzing the Security and
Privacy Risks of IFTTT Recipes,” in WWW, 2017.

94
 Basic Idea of Our Solution:
Sending Fake Triggers
Time

Ground Truth
Of Trigger
Event
Ideal Cloud
View
!
Probability = "

95
Preserve User’s Intent using Two
Non-Colluding Service Providers

Service Provider 1 Service Provider 2

Time

……
Cancel out duplicate actions

96
 Another Point of View

1, 0, 0, 1, 0, 0, 0, 0 Ground Truth

0, 1, 0, 1, 1, 1, 0, 0 Random Bits
XOR
(One of the clouds’ view)

1, 1, 0, 0, 1, 1, 0, 0 The other cloud’s view

As secure as One-Time Pad!

(we have formal security definitions and proofs)

97
 Advanced Encoding Random Our work Future work

Comparison Encryption
Schemes (e.g.,
Trigger state,
Action state,
Server

Homomorphic, and Rules

Searchable,
order-preserving)
privacy Protect data ★ ★ ¢ ★ ★?
Protect access ¢ ★ ★?
pattern
deployability No additional ★ ★ ★?
servers
No server-side ★ ★ ★ ★?
modification
No coordination ★ ★ ★ ★?
among devices
Efficiency Low ★ ★ ★ ★?
computation
overhead
Low comm. ¢ ★ ★ ¢ ★?
overhead

98
 Limitations of Our Scheme
Need at least two non-colluding service providers
• Users need to authorize more clouds to access their
devices; perhaps worse when clouds have weak security
or are actively malicious
Communication overhead and delayed action
• In practice, communication between cloud and devices
may be delayed due to network latency.
• How long should a device wait before performing an
action?
Cloud 1 in
our scheme
Cloud 2 in
our scheme
No privacy
Time
99