1 / 54

Attacking (wireless) Internet Hannu H. Kari

Attacking (wireless) Internet Hannu H. Kari. National Defence University. professor, research director. ... a short flashback. Yksityisyys langattomissa verkoissa Hannu H. KARI 07.01.2003 virkaanastujaisesitelmä. Yksityisyys nykyaikana?. Yksilö ja yksityisyys.

miyo
Télécharger la présentation

Attacking (wireless) Internet Hannu H. Kari

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Attacking (wireless) Internet Hannu H. Kari National Defence University professor, research director

  2. ... a short flashback ...

  3. Yksityisyys langattomissa verkoissa Hannu H. KARI 07.01.2003 virkaanastujaisesitelmä

  4. Yksityisyys nykyaikana?

  5. Yksilö ja yksityisyys

  6. Yksityisyys ja sähkömagneettinen aura

  7. Esimerkki: Ketkä ovat kavereita?

  8. Esimerkki: Ketkä ovat kavereita? Solu 1: Solu 2: Solu 3: ... ... Samassa solussa ...

  9. Informaatio (data privacy) Kohde/lähde (identity privacy) Tapahtumapaika (location privacy) Tapahtuma-aika (time privacy) Olemassaolo (privacy of existence) + Tapahtuma (transaction) Yksityisyyden viisi/kuusi luokkaa

  10. Yksilö vs. yhteiskunta Yksilön oikeus yksityisyyteen Yhteiskunnan valvontatarve

  11. And now back to our original program ...

  12. History

  13. Technology enhancements ~100+ years (www.daimler.co.uk) (decorateyourgarage.com) (www.macarthurcoal.com.au)

  14. Technology enhancements (www.route79.com) (www2.jsonline.com) (www.pennways.com) (www.openfire.us) (www.eia.doe.gov) (en.wikipedia.org)

  15. The same thing has happened in Internet in 10…15 years! Technology enhancements

  16. Need for privacy?

  17. (news.wisc.edu) Analogy for identification: Pets ID ID database Owner

  18. today Human identification

  19. some 60 years ago ... and ... today Human identification

  20. Need for privacy

  21. Need for privacy

  22. Need for privacy

  23. Need for privacy + + remote readable passport

  24. Need for privacy + + remote readable passport

  25. Need for privacy + + remote readable passport

  26. Need for privacy + + remote readable passport

  27. Wireless network eavesdropping BlueTooth Sniper rifle: range 1500+ metersWiFi Sniper rifle: range 10+ km(http://www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt1original page deleted, found still from Internet archive:http://web.archive.org/web/20050309033208/www.tomsnetworking.com/Sections-article106.php)

  28. Definition of Privacy Privacy is the claim of individuals, groups, and institutions to determine for themselves, when, how, and to what extent information about them is communicated to others. Alan Westin 1967 Privacy

  29. Threats

  30. YETTS: yhteiskunnan elintärkeät toiminnot tulee turvata kaikissa tilanteissa Myyrmanni, Jokela & Kauhajoki: * syrjäytyminen sisäisen turvallisuutemme suurin uhka * monia ei-toivottuja kehitystrendejä Tarkoituksellisin verkkohyökkäyksin saatetaan heikentää valtion päätöksentekojärjestelmien tai esimerkiksi rahaliikenteen toimivuutta Ikävät tapahtumat tulevat eteemme aina jossain määrin yllätyksenä* varautumisesta ja riskianalyyseista huolimatta. Asymmetrinen maailma, asymmetriset arvot ja motiivit Kaikki uhkat eivät välttämättä tule ulkoa Holmlund: Verkkohyökkäys voi uhata rahaliikennettä {10.11.2008: MPK 187:n avajaiset}

  31. 1. We loose our confidence 2. Internet does not work 3. We loose data/money with Internet Main threats of Internet

  32. Scenario ”3/2011”

  33. Election in a small EU country a country famous on ICT usage, including electronic voting During the election days, a massive DDoS attack is launched against the election system Electronic voting system is unavailable for several hours As a back up alternative, people will use ”traditional paper voting system” No harm done???? Scenario “3/2011”

  34. Report for the Council of Europe: Internet voting in the March 2007 Parliamentary Elections in Estonia Internet attacks, such as DDoS (Distributed Denial of Service) attacks, could have hampered the ability to run the e-voting application. An extension of the e-voting period could potentially make it more difficult to launch such attacks. ... But will anyone really seriously think electronic voting as a viable alternative for paper voting after this??? NO! We have lost the game permanently Scenario “3/2011”

  35. Design flaws of Internet

  36. Security problems in Internet, samples October 2002,Scientific American ”9 out of 13 root DNS –servers were crippled by DDoS attack” January 2005, BBC News ”Internet gambling hit hard by the attacks. Extortionists are targeting net-based betting firms and threatening to cripple their websites with deluges of data unless a ransom is paid.” November 2004, Damages caused by worms/viruses, Mikko Hyppönen/F-Secure Slammer: Intranet of nuclear power plant in Ohio downBank of America ATM network down Blaster: Electric power network down in NY, USA Several SCADA systems down Sasser: All train traffic halted in Australia Two hospitals in Sweden infected September 2006,Scientific American ”Attack on DNS (Domain Name System) allows cybercriminal to hijack ordinary netbanking sessions” January 2007,www.idg.se ”Almost 1 Million € stolen from a Scandinavian bank by a Russian hacker with a trojan distributed with spam mail” ”The biggest so far..” January 2005,FBI/Tsunami ”Net criminals used fake web pages of American Red Cross to get credit card data” May 2007,IT-Viikko ”Attacks on Estonian governmental and commercial net sites”

  37. Security problems in Internet, samples DDoS attacks Design flaws DoS, DDoS attacks Criminal intentions DNS attacks Design flaws Viruses, worms, mallware Criminal intentions Phishing Users’ stupidity DoS, DDoS attacks Design flaws Scams Users’ stupidity

  38. Who and Why? • WHO • Amateurs are just tip of the iceberg • Hackers: Fun, can-I-do-it?, show-up, ... (1, 2) • The real problem: Professionals • Mafia, organized crime (3) • Industrial espionage, competitors (3) • Cyber terrorists (2, 4) • Terrorist-countries (4, 5) • Military (5) WHY Motivations: • Social behavior • Vandalism • Money • Ideology • Military strategic interests

  39. Primary goals Multiplexing of channel Various network archtectures Administrative boundaries Packet switching Gateways (routers) between networks Secondary goals Robustness (loss of routers and links) Multiple services (reliable or realtime data) Usage of various networks Distributed management Cost efficient implementation Simple attachement to network Resource usage monitoring Internet design criterion Based on David D. Clark:”The Design Philosophy of the DARPA Internet Protocols”

  40. Silent assumptions Benevolence Openness Low level of dynamicity No mobility Limited computation capacity High cost of crypto algorithms Limited bandwidth Implicit Internet design criterion ASSUMPTIONS NOT VALID ANY MORE !!!

  41. Original design principles: The enemy is out there! ”Everybody can send anything to anybody” Security measures are introduced afterwards The new design principles: The enemy is among us! We must be prepared to pay for security/reliability in form of computation power, bandwidth, energy, etc. Strong security as the fundamental building block Legal sanctions against malevolent entities Every packet must have an owner! Internet design flaws

  42. Security domains

  43. Four security domains 4. Virtual communities(Knowledge sharing) Restricted caller groups 3. Content integrity/authenticity/timelyness(information sharing) PGP, S/MIME 2. End-to-end secured communication(Data integrity and confidentiality) IPsec, TLS 1. Reliable operation of the critical network infrastructure PLA, MPLS, Freq.hopping, Link encryption, Physical protection,...

  44. Four security domains GOOD “BRAND”MANAGEMENT IS MOST IMPORTANT 4. Virtual communities(Knowledge sharing) Restricted caller groups 3. Content integrity/authenticity/timelyness(information sharing) PGP, S/MIME 2. End-to-end secured communication(Data integrity and confidentiality) IPsec, TLS 1. Reliable operation of the critical network infrastructure Partial solutions: MPLS, Physical protection

  45. Securing network infrastructure

  46. R R Traditional Internet usage

  47. SIR SIR Short term solution:Secured Infrastructure Router (SIR)

  48. SIR SIR Secured Infrastructure Router (SIR) QoS control,duplicateremoval QoS control,duplication QoS reporting,management signaling

  49. SIR SIR SIR SIR SIR SIR SIR SIR Alternative SIR operation

  50. Conclusions

More Related