Prof. Raluca Ada Popa CS 161: Computer Security Feb 27...
Transcript of Prof. Raluca Ada Popa CS 161: Computer Security Feb 27...
![Page 1: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/1.jpg)
Securing Internet Communication: TLS, cont’d
Network security
CS 161: Computer SecurityProf. Raluca Ada Popa
Feb 27, 2018
Some slides credit David Wagner
![Page 2: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/2.jpg)
Announcements• Midterm grades released• Regrades: Read the follow-ups on the threads to make
sure your regrade request is somewhat warranted.• No public repos for projects• DSP letters• Midterm 2 will be the Wed after spring break (Apr 4). • Project 2 is live, it has 3 parts. Prizes given!• Do not cheat. We have good tools and caught students
already.
• Intro to Networking session Tuesday 8-10 at the Woz.
![Page 3: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/3.jpg)
Certificates
•Browser compares domain name in cert w/ URL– Note: this provides an end-to-end property
(as opposed to say a cert associated with an IP address)
• Browser accesses separate cert belonging to issuer– These are hardwired into the browser – and trusted!– There could be a chain of these …
•Browser applies issuer’s public key to verify signature S, obtaining hash of what issuer signed– Compares with its own SHA-256 hash of Amazon’s cert
•Assuming hashes match, now have high confidence it’s indeed Amazon …– assuming signatory is trustworthy = assuming didn’t lose
private key; assuming didn’t sign thoughtlessly
![Page 4: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/4.jpg)
Certificates
•Want to use root CA as little as possible, access to the root key should be very infrequent
•Certificate chain:– Verisign can give a certificate to Google for google.com– Google can issue a certificate for finance.google.com
![Page 5: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/5.jpg)
End-to-End ⇒ Powerful Protections
• Attacker runs a sniffer to capture our WiFi session?– (maybe by breaking crummy WEP security)– But: encrypted communication is unreadable
• No problem!
• DNS cache poisoning gives client wrong IP address – Client goes to wrong server– But: detects impersonation
• No problem!
• Attacker hijacks our connection, injects new traffic– But: data receiver rejects it due to failed integrity check
• No problem!
![Page 6: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/6.jpg)
Powerful Protections, cont.
• Attacker manipulates routing to run us by an eavesdropper or take us to the wrong server?– But: they can’t read; we detect impersonation
• No problem!
• Attacker slips in as a Man In The Middle?– But: they can’t read, they can’t inject– They can’t even replay previous encrypted traffic– No problem!
![Page 7: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/7.jpg)
Validating Amazon’s Identity, cont.
•Browser retrieves cert belonging to the issuer– These are hardwired into the browser – and trusted!
•What if browser can’t find a cert for the issuer?
![Page 8: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/8.jpg)
![Page 9: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/9.jpg)
Validating Amazon’s Identity, cont.
•Browser retrieves cert belonging to the issuer– These are hardwired into the browser – and trusted!
•What if browser can’t find a cert for the issuer?• If it can’t find the cert, then warns the user that site has not been verified– Can still proceed, just without authentication
• Q: Which end-to-end security properties do we lose if we incorrectly trust that the site is whom we think?
•A: All of them!– Goodbye confidentiality, integrity, authentication– Man in the middle attacker can read everything, modify,
impersonate
![Page 10: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/10.jpg)
SSL / TLS Limitations•Properly used, SSL / TLS provides powerful end-to-end protections
•So why not use it for everything??• Issues:
– Cost of public-key crypto (fairly minor)o Takes non-trivial CPU processing (but today a minor issue)o Note: symmetric key crypto on modern hardware is non-issue
– Hassle of buying/maintaining certs (fairly minor)
![Page 11: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/11.jpg)
SSL / TLS Limitations•Properly used, SSL / TLS provides powerful end-to-end protections
•So why not use it for everything??• Issues:
– Cost of public-key crypto (fairly minor)o Takes non-trivial CPU processing (but today a minor issue)o Note: symmetric key crypto on modern hardware is non-issue
– Hassle of buying/maintaining certs (fairly minor)– Integrating with other sites that don’t use HTTPS– Latency: extra round trips ⇒ 1st page slower to load
![Page 12: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/12.jpg)
SSL / TLS Limitations, cont.•Problems that SSL / TLS does not take care of ?
•TCP-level denial of service– SYN flooding– RST injection
o (but does protect against data injection!)
• SQL injection / XSS / server-side coding/logic flaws•Vulnerabilities introduced by server inconsistencies
![Page 13: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/13.jpg)
SSL / TLS Limitations, cont.•Problems that SSL / TLS does not take care of ?
• SQL injection / XSS / server-side coding/logic flaws•Vulnerabilities introduced by server inconsistencies
![Page 14: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/14.jpg)
Regular web surfing: http: URL
So no integrity - a MITM attacker can alter pages returned by server …
And when we click here …… attacker has changed the corresponding link so that it’s ordinary http rather than https!
We never get a chance to use TLS’s protections! :-(
“sslstrip” attack
![Page 15: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/15.jpg)
SSL / TLS Limitations, cont.•Problems that SSL / TLS does not take care of ?
• SQL injection / XSS / server-side coding/logic flaws•Vulnerabilities introduced by server inconsistencies•Browser coding/logic flaws•User flaws
– Weak passwords– Phishing
• Issues of trust …
![Page 16: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/16.jpg)
TLS/SSL Trust Issues
•User has to make correct trust decisions …
![Page 17: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/17.jpg)
![Page 18: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/18.jpg)
![Page 19: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/19.jpg)
![Page 20: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/20.jpg)
![Page 21: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/21.jpg)
![Page 22: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/22.jpg)
![Page 23: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/23.jpg)
![Page 24: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/24.jpg)
The equivalent as seen by most Internet users:
(note: an actual Windows error message!)
![Page 25: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/25.jpg)
TLS/SSL Trust Issues, cont.• “Commercial certificate authorities protect you from
anyone from whom they are unwilling to take money.”– Matt Blaze, circa 2001
• So how many CAs do we have to worry about, anyway?
![Page 26: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/26.jpg)
![Page 27: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/27.jpg)
TLS/SSL Trust Issues• “Commercial certificate authorities protect you from
anyone from whom they are unwilling to take money.”– Matt Blaze, circa 2001
• So how many CAs do we have to worry about, anyway?
• Of course, it’s not just their greed that matters …
![Page 28: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/28.jpg)
![Page 29: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/29.jpg)
![Page 30: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/30.jpg)
![Page 31: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/31.jpg)
This appears to be a fully valid cert using normal browser validation rules.
Only detected by Chrome due to its recent introduction of cert “pinning” – requiring that certs for certain domains must be signed by specific CAs rather than any generally trusted CA
![Page 32: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/32.jpg)
![Page 33: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/33.jpg)
TLS/SSL Trust Issues• “Commercial certificate authorities protect you from
anyone from whom they are unwilling to take money.”– Matt Blaze, circa 2001
• So how many CAs do we have to worry about, anyway?
• Of course, it’s not just their greed that matters …• … and it’s not just their diligence & security that
matters …– “A decade ago, I observed that commercial certificate
authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much.” - Matt Blaze, circa 2010
![Page 34: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/34.jpg)
Conclusion
• Use SSL/TLS to secure communications end-to-end
• Relies on trustworthiness of certificates
![Page 35: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/35.jpg)
Network Security- intro to networking
- network attacks
CS 161: Computer SecurityProf. Raluca Ada Popa
February 27, 2018
Some slides credit David Wagner.
![Page 36: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/36.jpg)
Networking overview
Pay attention to this material (part of 168) because you will need this to understand it for the class
There will be a review session too
![Page 37: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/37.jpg)
Local-Area Networks
37
point-to-point shared
How does computer A send a message to computer C?
A C
![Page 38: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/38.jpg)
Local-Area Networks (LAN): Packets
38
Source: ADestination: CMessage: Hello world!
CA
Hello world!
A C Hello world!
![Page 39: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/39.jpg)
Wide-Area Networks
39
How do we connect two LANs?router
A
C
![Page 40: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/40.jpg)
Wide-Area Networks
40
How do we connect two LANs?router
C.comA.com
Hello world!
A RA
CC.comA.com
Hello world!
R C
C.comA.com
Hello world!
![Page 41: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/41.jpg)
41
Key Concept #1: Protocols
• A protocol is an agreement on how to communicate
• Includes syntax and semantics– How a communication is specified & structured
o Format, order messages are sent and received– What a communication means
o Actions taken when transmitting, receiving, or timer expires
• Example: making a comment in lecture?1. Raise your hand.2. Wait to be called on.3. Or: wait for speaker to pause and vocalize4. If unrecognized (after timeout): say “excuse me”
![Page 42: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/42.jpg)
42
Key Concept #2: Dumb Network
• Original Internet design: interior nodes (“routers”) have no knowledge* of ongoing connections going through them
• Not how you picture the telephone system works– Which internally tracks all of the active voice calls
• Instead: the postal system!– Each Internet message (“packet”) self-contained– Interior “routers” look at destination address to forward– If you want smarts, build it “end-to-end”, not “hop-by-hop”– Buys simplicity & robustness at the cost of shifting
complexity into end systems* Today’s Internet is full of hacks that violate this
![Page 43: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/43.jpg)
Self-Contained IP Packet Format
4-bitVersion
4-bitHeaderLength
8-bitType of Service
(TOS)16-bit Total Length (Bytes)
16-bit Identification3-bitFlags 13-bit Fragment Offset
8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum
32-bit Source IP Address
32-bit Destination IP Address
Payload (remainder of message).....
Header is like a letter envelope: contains all info needed for delivery
IP = Internet Protocol
![Page 44: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/44.jpg)
44
Key Concept #2: Dumb Network
• Original Internet design: interior nodes (“routers”) have no knowledge* of ongoing connections going through them
• Not: how you picture the telephone system works– Which internally tracks all of the active voice calls
• Instead: the postal system!– Each Internet message (“packet”) self-contained– Interior routers look at destination address to forward– If you want smarts, build it “end-to-end”, not “hop-by-hop”– Buys simplicity & robustness at the cost of shifting
complexity into end systems* Today’s Internet is full of hacks that violate this
![Page 45: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/45.jpg)
45
Key Concept #3: Layering
• Internet design is strongly partitioned into layers– Each layer relies on services provided by next layer
below …– … and provides services to layer above it
• Analogy:– Consider structure of an
application you’ve writtenand the “services” eachlayer relies on / provides
Code You Write
Run-Time Library
System Calls
Device Drivers
Voltage Levels /Magnetic Domains}Fully
isolatedfrom userprograms
![Page 46: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/46.jpg)
46
Internet Layering (“Protocol Stack”)
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Note on a point of potential confusion: these diagrams are always drawn with lower layers below higher layers …
But diagrams showing the layouts of packets are often the opposite, with the lower layers at the top since their headers precede those for higher layers
![Page 47: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/47.jpg)
47
Horizontal View of a Single Packet
Link Layer Header
(Inter)Network Layer Header
(IP)
Transport Layer
Header
Application Data: structure depends on the application
…
First bit transmitted
![Page 48: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/48.jpg)
48
Vertical View of a Single Packet
Link Layer Header
(Inter)Network Layer Header (IP)
Transport Layer Header
First bit transmitted
Application Data: structure depends on the
application.......
![Page 49: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/49.jpg)
49
Internet Layering (“Protocol Stack”)
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
![Page 50: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/50.jpg)
50
Layer 1: Physical Layer
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Encoding bits to send them over a single physical link e.g. patterns of voltage levels / photon intensities / RF modulation
![Page 51: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/51.jpg)
51
Layer 2: Link Layer
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Framing and transmission of a collection of bits into individual messages sent across a single “subnetwork” (one physical technology)
Might involve multiple physical links (e.g., modern Ethernet)
Often technology supports broadcast transmission (every “node” connected to subnet receives)
![Page 52: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/52.jpg)
52
Layer 3: (Inter)Network Layer (IP)
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Bridges multiple “subnets” to provide end-to-end internet connectivity between nodes
• Provides global addressing
Works across different link technologies
}Different for each Internet “hop”
![Page 53: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/53.jpg)
53
Layer 4: Transport Layer
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
End-to-end communication between processes
Different services provided: TCP = reliable byte stream UDP = unreliable datagrams
(Datagram = single packet message)
![Page 54: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/54.jpg)
54
Layer 7: Application Layer
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Communication of whatever you wish
Can use whatever transport(s) is convenient
Freely structured
E.g.: Skype, SMTP (email), HTTP (Web), Halo, BitTorrent
![Page 55: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/55.jpg)
55
Internet Layering (“Protocol Stack”)
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
}Implemented only at hosts, not at interior routers(“dumb network”)
![Page 56: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/56.jpg)
56
Internet Layering (“Protocol Stack”)
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1 }Implemented everywhere
![Page 57: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/57.jpg)
57
Internet Layering (“Protocol Stack”)
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1 }Different for each Internet “hop”
~Same for each Internet “hop”}
![Page 58: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/58.jpg)
58
Hop-By-Hop vs. End-to-End Layers
Host A
Host BHost E
Host D
Host C
Router 1 Router 2
Router 3
Router 4
Router 5
Router 6 Router 7
Host A communicates with Host D
![Page 59: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/59.jpg)
59
Hop-By-Hop vs. End-to-End Layers
Host A
Host BHost E
Host D
Host C
Router 1 Router 2
Router 3
Router 4
Router 5
Router 6 Router 7
Host A communicates with Host D
Different Physical & Link Layers (Layers 1 & 2)
E.g., Wi-Fi
E.g., Ethernet
![Page 60: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/60.jpg)
60
Hop-By-Hop vs. End-to-End Layers
Host A
Host BHost E
Host D
Host C
Router 1 Router 2
Router 3
Router 4
Router 5
Router 6 Router 7
Host A communicates with Host D
Same Network / Transport / Application Layers (3/4/7)(Routers ignore Transport & Application layers)
E.g., HTTP over TCP over IP
![Page 61: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/61.jpg)
61
Layer 3: (Inter)Network Layer (IP)
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Bridges multiple “subnets” to provide end-to-end internet connectivity between nodes
• Provides global addressing
Works across different link technologies
![Page 62: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/62.jpg)
IP Packet Structure
4-bitVersion
4-bitHeaderLength
8-bitType of Service
(TOS)16-bit Total Length (Bytes)
16-bit Identification3-bitFlags 13-bit Fragment Offset
8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum
32-bit Source IP Address
32-bit Destination IP Address
Options (if any)
Payload
![Page 63: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/63.jpg)
IP Packet Structure
4-bitVersion
4-bitHeaderLength
8-bitType of Service
(TOS)16-bit Total Length (Bytes)
16-bit Identification3-bitFlags 13-bit Fragment Offset
8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum
32-bit Source IP Address
32-bit Destination IP Address
Options (if any)
Payload
Specifies the length of the entire IP packet: bytes in this header plus bytes in the Payload
![Page 64: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/64.jpg)
IP Packet Structure
4-bitVersion
4-bitHeaderLength
8-bitType of Service
(TOS)16-bit Total Length (Bytes)
16-bit Identification3-bitFlags 13-bit Fragment Offset
8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum
32-bit Source IP Address
32-bit Destination IP Address
Options (if any)
Payload
Specifies how to interpret the start of the Payload, which is the header of a Transport Protocol such as TCP or UDP
![Page 65: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/65.jpg)
IP Packet Structure
4-bitVersion
4-bitHeaderLength
8-bitType of Service
(TOS)16-bit Total Length (Bytes)
16-bit Identification3-bitFlags 13-bit Fragment Offset
8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum
32-bit Source IP Address
32-bit Destination IP Address
Options (if any)
Payload
![Page 66: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/66.jpg)
66
IP Packet Header (Continued)
•Two IP addresses–Source IP address (32 bits)–Destination IP address (32 bits)
•Destination address–Unique identifier/locator for the receiving host–Allows each node to make forwarding decisions
•Source address–Unique identifier/locator for the sending host–Recipient can decide whether to accept packet–Enables recipient to send a reply back to source
![Page 67: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/67.jpg)
67
Postal Envelopes:
(Post office doesn’t look at the letter inside the envelope)
![Page 68: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/68.jpg)
68
Analogy of IP to Postal Envelopes:
(Routers don’t look at the payload beyond the IP header)
IP source address
IP destination address
![Page 69: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/69.jpg)
69
IP: “Best Effort ” Packet Delivery
•Routers inspect destination address, locate “next hop” in forwarding table– Address = ~unique identifier/locator for the receiving host
•Only provides a “I’ll give it a try” delivery service:– Packets may be lost– Packets may be corrupted– Packets may be delivered out of order
source destination
IP network
![Page 70: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/70.jpg)
70
“Best Effort” is Lame! What to do?
• It’s the job of our Transport (layer 4) protocols to build services our apps need out of IP’s modest layer-3 service
![Page 71: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/71.jpg)
71
Layer 4: Transport Layer
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
End-to-end communication between processes
Different services provided: TCP = reliable byte stream UDP = unreliable datagrams
(Datagram = single packet message)
![Page 72: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/72.jpg)
72
“Best Effort” is Lame! What to do?
• It’s the job of our Transport (layer 4) protocols to build services our apps need out of IP’s modest layer-3 service
•#1 workhorse: TCP (Transmission Control Protocol)•Service provided by TCP:
– Connection oriented (explicit set-up / tear-down)o End hosts (processes) can have multiple concurrent long-lived
communication– Reliable, in-order, byte-stream delivery
o Robust detection & retransmission of lost data
![Page 73: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/73.jpg)
73
TCP “Bytestream” Service
Byte 0
Byte 1
Byte 2
Byte 3
Byte 0
Byte 1
Byte 2
Byte 3
Process A on host H1
Process B on host H2
Byte 80
Byte 80
Hosts don’t ever see packet boundaries, lost or corrupted packets, retransmissions, etc.
![Page 74: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/74.jpg)
74
Bidirectional communication:
Byte 0
Byte 1
Byte 2
Byte 3
Byte 0
Byte 1
Byte 2
Byte 3
Process B on host H2
Process A on host H1
Byte 73
Byte 73
There are two separate bytestreams, one in each direction
![Page 75: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/75.jpg)
75
TCP Header
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
![Page 76: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/76.jpg)
76
TCP Header
Ports areassociatedwith OSprocesses
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
![Page 77: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/77.jpg)
77
TCP Header
Ports areassociatedwith OSprocesses
IP source & destination addresses plus TCP source and destination ports uniquely identifies a TCP connection
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
(IP Header)
(Link Layer Header)
![Page 78: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/78.jpg)
78
TCP Header
Ports areassociatedwith OSprocesses
IP source & destination addresses plus TCP source and destination ports uniquely identifies a TCP connection
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
DataSome port numbers are “well known” / reservede.g. port 80 = HTTP
![Page 79: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/79.jpg)
79
TCP Header
Starting sequencenumber (byte offset) of datacarried in thispacket
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
![Page 80: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/80.jpg)
80
TCP Header
Starting sequencenumber (byte offset) of datacarried in thispacket
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
Byte streams numbered independently in each direction
![Page 81: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/81.jpg)
81
TCP Header
Starting sequencenumber (byte offset) of datacarried in thispacket
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
Byte stream numbered independently in each direction
Sequence number assigned to start of byte stream is picked when connection begins; doesn’t start at 0
![Page 82: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/82.jpg)
82
TCP Header
Acknowledgment gives seq # just beyond highest seq. received in order.
If sender sends N bytestream bytes starting at seq S then “ack” for it will be S+N.
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
![Page 83: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/83.jpg)
83
Sequence Numbers
Host A
Host B
TCP Data
TCP Data
TCP HDR
TCP HDR
ISN (initial sequence number)
Sequence number from A
= 1st byte of data
ACK sequence number from B
= next expected byte
![Page 84: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/84.jpg)
84
TCP Header
Uses include:
acknowledging data (“ACK”)
setting up (“SYN”) and closing connections (“FIN” and “RST”)
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
![Page 85: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/85.jpg)
85
Establishing a TCP Connection
•Three-way handshake to establish connection– Host A sends a SYN (open; “synchronize sequence
numbers”) to host B– Host B returns a SYN acknowledgment (SYN+ACK)– Host A sends an ACK to acknowledge the SYN+ACK
SYN
SYN+ACK
ACK
A B
DataData
Each host tells its Initial Sequence
Number (ISN) to the other host.
(Spec says to pick based on local clock)
![Page 86: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/86.jpg)
86
Timing Diagram: 3-Way Handshaking
Client (initiator)
Server
SYN, SeqNum = x
SYN + ACK, SeqNum = y, Ack = x + 1
ACK, Ack = y + 1
ActiveOpen
PassiveOpen
connect()
listen()
accept()
Different starting initial sequence
numbers (ISNs) in each direction
![Page 87: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/87.jpg)
87
Layer 7: Application Layer
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Communication of whatever you wish
Can use whatever transport(s) is convenient
Freely structured
E.g.: Skype, SMTP (email), HTTP (Web), Halo, BitTorrent
![Page 88: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/88.jpg)
GET /index.html HTTP/1.1Accept: image/gif, image/x-bitmap, image/jpeg, */*Accept-Language: enConnection: Keep-AliveUser-Agent: Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)Host: www.example.comReferer: http://www.google.com?q=dingbats
Web (HTTP) RequestMethod Resource HTTP version Headers
Data (if POST; none for GET)
Blank line
GET: download data. POST: upload data.
![Page 89: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/89.jpg)
HTTP/1.0 200 OKDate: Sun, 19 Apr 2009 02:20:42 GMTServer: Microsoft-Internet-Information-Server/5.0 Connection: keep-aliveContent-Type: text/htmlLast-Modified: Sat, 18 Apr 2009 17:39:05 GMTSet-Cookie: session=44eb; path=/servletsContent-Length: 2543 <HTML> Some data... blah, blah, blah </HTML>
Web (HTTP) Response
HTTP version Status code Reason phrase Headers
Data
![Page 90: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/90.jpg)
90
Host Names vs. IP addresses
•Host names–Examples: www.cnn.com and bbc.co.uk–Mnemonic name appreciated by humans–Variable length, full alphabet of characters–Provide little (if any) information about location
•IP addresses–Examples: 64.236.16.20 and 212.58.224.131–Numerical address appreciated by routers–Fixed length, binary number–Hierarchical, related to host location
![Page 91: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/91.jpg)
Networking Attacks:Link-, IP-, and TCP-layer
attacks
![Page 92: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/92.jpg)
92
General Communication Security Goals: CIA
•Confidentiality:– No one can read our data / communication unless we
want them to
• Integrity– No one can manipulate our data / processing /
communication unless we want them to
•Availability– We can access our data / conduct our processing /
use our communication capabilities when we want to
![Page 93: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/93.jpg)
No security built in at the network level
•Everything you have seen in this lecture is just plaintext, to integrity attached to it so an attacker can easily spoof packets at multiple levels
•TLS will give application level security
93
![Page 94: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/94.jpg)
Link-layer threats
94
• Confidentiality: eavesdropping (aka sniffing)• Integrity: injection of spoofed packets• Availability: delete legit packets (e.g., jamming)
![Page 95: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/95.jpg)
95
Layers 1 & 2: General Threats?
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Encoding bits to send them over a single physical link e.g. patterns of voltage levels / photon intensities / RF modulation
Framing and transmission of a collection of bits into individual messages sent across a single “subnetwork” (one physical technology)
![Page 96: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/96.jpg)
96
Eavesdropping
• For subnets using broadcast technologies (e.g., WiFi, some types of Ethernet), eavesdropping comes for “free”– Each attached system’s NIC (= Network Interface Card)
can capture any communication on the subnet– Some handy tools for doing so
o tcpdump / windump (low-level ASCII printout)o Wireshark (GUI for displaying 800+ protocols)
![Page 97: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/97.jpg)
97
TCPDUMP: Packet Capture & ASCII Dumper
![Page 98: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/98.jpg)
98
Wireshark: GUI for Packet Capture/Exam.
![Page 99: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/99.jpg)
99
Wireshark: GUI for Packet Capture/Exam.
![Page 100: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/100.jpg)
100
Wireshark: GUI for Packet Capture/Exam.
![Page 101: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/101.jpg)
101
Stealing Photons
![Page 102: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/102.jpg)
102
![Page 103: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/103.jpg)
103
• If attacker sees a packet he doesn’t like, he can jam it (integrity)
• Attacker can also overwhelm link-layer signaling, e.g., jam WiFi’s RF (denial-of-service)
Link-Layer Threat: Disruption
![Page 104: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/104.jpg)
104
• If attacker sees a packet he doesn’t like, he can jam it (integrity)
• Attacker can also overwhelm link-layer signaling, e.g., jam WiFi’s RF (denial-of-service)
• There’s also the heavy-handed approach …
Link-Layer Threat: Disruption
![Page 105: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/105.jpg)
105
![Page 106: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/106.jpg)
106
• Attacker can inject spoofed packets, and lie about the source address
Link-Layer Threat: Spoofing
M C Hello world!D
![Page 107: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/107.jpg)
107
• With physical access to a local network, attacker can create any message they like– When with a bogus source address: spoofing
• When using a typical computer, may require root/administrator to have full freedom
• Particularly powerful when combined with eavesdropping– Because attacker can understand exact state of
victim’s communication and craft their spoofed traffic to match it
– Spoofing w/o eavesdropping = blind spoofing
Physical/Link-Layer Threats: Spoofing
![Page 108: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/108.jpg)
108
On-path vs Off-path Spoofing
Host A
Host BHost E
Host D
Host C
Router 1 Router 2
Router 3
Router 4
Router 5
Router 6 Router 7
Host A communicates with Host D
On-path
Off-path
![Page 109: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/109.jpg)
109
• On-path attackers can see victim’s traffic ⇒ spoofing is easy
• Off-path attackers can’t see victim’s traffic– They have to resort to blind spoofing– Often must guess/infer header values to
succeedo We then care about work factor: how hard is this
– But sometimes they can just brute forceo E.g., 16-bit value: just try all 65,536 possibilities!
• When we say an attacker “can spoof”, we usually mean “w/ reasonable chance of success”
Spoofing on the Internet
![Page 110: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/110.jpg)
110
Layer 3: General Threats?
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Bridges multiple “subnets” to provide end-to-end internet connectivity between nodes
4-bitVersion
4-bitHeaderLength
8-bitType of Service
(TOS)16-bit Total Length (Bytes)
16-bit Identification3-bitFlags 13-bit Fragment Offset
8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum
32-bit Source IP Address
32-bit Destination IP Address
PayloadIP = Internet Protocol
![Page 111: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/111.jpg)
111
• Can set arbitrary source address– “Spoofing” - receiver has no idea who you are– Could be blind, or could be coupled w/ sniffing– Note: many attacks require two-way communication
o So successful off-path/blind spoofing might not suffice
• Can set arbitrary destination address– Enables “scanning” – brute force searching for hosts
• Can send like crazy (flooding)– IP has no general mechanism for tracking overuse– IP has no general mechanism for tracking consent– Very hard to tell where a spoofed flood comes from!
• If attacker can manipulate routing, can bring traffic to themselves for eavesdropping (not easy)
IP-Layer Threats
![Page 112: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/112.jpg)
DNS Service
•Runs Domain Name Servers
•Translates domain names google.com to IP addresses
•When user browser wants to contact google.com, it first contacts a DNS to find out the IP address for google.com and then sends a packet to that IP address
•More in future lectures..
112
![Page 113: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/113.jpg)
113
LAN Bootstrapping: DHCP
•New host doesn’t have an IP address yet– So, host doesn’t know what source address to use
•Host doesn’t know who to ask for an IP address– So, host doesn’t know what destination address to use
•Solution: shout to “discover” server that can help– Broadcast a server-discovery message (layer 2)– Server(s) sends a reply offering an address
host host host...
DHCP server
![Page 114: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/114.jpg)
114
Dynamic Host Configuration Protocol
newclient
DHCP server
DHCP discover(broadcast)
DHCP
offer
DHCP ACK
DHCP request(broadcast)
“offer” message includes IP address, DNS server, “gateway router”, and how long client can have these (“lease” time)
![Page 115: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/115.jpg)
115
Dynamic Host Configuration Protocol
newclient
DHCP server
DHCP discover(broadcast)
DHCP
offer
DHCP request
DHCP ACK
(broadcast)
“offer” message includes IP address, DNS server, “gateway router”, and how long client can have these (“lease” time)Threats?
![Page 116: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/116.jpg)
116
Dynamic Host Configuration Protocol
newclient
DHCP server
DHCP discover(broadcast)
DHCP
offer
DHCP request
DHCP ACK
(broadcast)
“offer” message includes IP address, DNS server, “gateway router”, and how long client can have these (“lease” time)
Attacker on same subnet can hear new host’s DHCP
request
![Page 117: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/117.jpg)
117
Dynamic Host Configuration Protocol
newclient
DHCP server
DHCP discover(broadcast)
DHCP
offer
DHCP request
DHCP ACK
(broadcast)
“offer” message includes IP address, DNS server, “gateway router”, and how long client can have these (“lease” time)
Attacker can race the actual server; if they win, replace DNS
server and/or gateway router
![Page 118: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/118.jpg)
118
• Substitute a fake DNS server– Redirect any of a host’s lookups to a machine of
attacker’s choice
• Substitute a fake gateway router– Intercept all of a host’s off-subnet traffic
o (even if not preceded by a DNS lookup)– Relay contents back and forth between host and
remote server and modify however attacker chooses
• An invisible Man In The Middle (MITM)– Victim host has no way of knowing it’s happening
o (Can’t necessarily alarm on peculiarity of receiving multiple DHCP replies, since that can happen benignly)
• How can we fix this?
DHCP Threats
Hard
![Page 119: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/119.jpg)
119
TCP
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
![Page 120: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/120.jpg)
120
TCP
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
These plus IP addresses define a given connection
![Page 121: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/121.jpg)
121
TCP
Application
Transport
(Inter)Network
Link
Physical
7
4
3
2
1
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
Defines where this packet fits within the sender’s bytestream
![Page 122: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/122.jpg)
122
TCP Conn. Setup & Data ExchangeClient (initiator)
IP address 1.2.1.2, port 3344Server
IP address 9.8.7.6, port 80SrcA=1.2.1.2, SrcP=3344,DstA=9.8.7.6, DstP=80, SYN, Seq = x
SrcA=9.8.7.6, SrcP=80,
DstA=1.2.1.2, DstP=3344, SYN+ACK, Seq = y, Ack = x+1
SrcA=1.2.1.2, SrcP=3344,DstA=9.8.7.6, DstP=80, ACK, Seq = x+1, Ack = y+1SrcA=1.2.1.2, SrcP=3344, DstA=9.8.7.6, DstP=80,ACK, Seq=x+1, Ack = y+1, Data=“GET /login.html
SrcA=9.8.7.6, SrcP=80, DstA=1.2.1.2, DstP=3344,
ACK, Seq = y+1, Ack = x+16, Data=“200 OK … <html> …”
![Page 123: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/123.jpg)
123
TCP Threat: Data Injection
• If attacker knows ports & sequence numbers (e.g., on-path attacker), attacker can inject data into any TCP connection– Receiver B is none the wiser!
• Termed TCP connection hijacking (or “session hijacking”)– In general means to take over an already-established connection!
• We are toasted if an attacker can see our TCP traffic!– Because then they immediately know the port & sequence numbers
SYN
SYN
ACK
ACK
Dat
a ACK
timeA
B
Nas
ty D
ata
Nas
ty D
ata2
![Page 124: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/124.jpg)
124
TCP Data InjectionClient (initiator)
IP address 1.2.1.2, port 3344Server
IP address 9.8.7.6, port 80
SrcA=1.2.1.2, SrcP=3344, DstA=9.8.7.6, DstP=80,ACK, Seq=x+1, Ack = y+1, Data=“GET /login.html
...
AttackerIP address 6.6.6.6, port N/A
SrcA=9.8.7.6, SrcP=80,DstA=1.2.1.2, DstP=3344,
ACK, Seq = y+1, Ack = x+16Data=“200 OK … <poison> …”
Client dutifully
processes as server’s response
![Page 125: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/125.jpg)
125
TCP Data InjectionClient (initiator)
IP address 1.2.1.2, port 3344Server
IP address 9.8.7.6, port 80
SrcA=1.2.1.2, SrcP=3344, DstA=9.8.7.6, DstP=80,ACK, Seq=x+1, Ack = y+1, Data=“GET /login.html
...
AttackerIP address 6.6.6.6, port N/A
SrcA=9.8.7.6, SrcP=80,DstA=1.2.1.2, DstP=3344,
ACK, Seq = y+1, Ack = x+16Data=“200 OK … <poison> …”Client
ignores since
already processed that part of bytestream
SrcA=9.8.7.6, SrcP=80, DstA=1.2.1.2, DstP=3344,
ACK, Seq = y+1, Ack = x+16, Data=“200 OK … <html> …”
![Page 126: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/126.jpg)
126
TCP Threat: Disruption
• Q: Is it possible for an on-path attacker to shut down a TCP connection if they can see our traffic?
• A: YES: they can infer the port and sequence numbers – they can insert fake data, too!(Great Firewall of China)
![Page 127: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/127.jpg)
127
TCP Threat: Blind Hijacking
• Q: Is it possible for an off-path attacker to inject into a TCP connection even if they can’t see our traffic?
• A: YES: if somehow they can infer or guess the port and sequence numbers
![Page 128: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/128.jpg)
128
TCP Threat: Blind Spoofing
• Q: Is it possible for an off-path attacker to create a fake TCP connection, even if they can’t see responses?
• A: YES: if somehow they can infer or guess the TCP initial sequence numbers
• Why would an attacker want to do this?– Perhaps to leverage a server’s trust of a given client as
identified by its IP address– Perhaps to frame a given client so the attacker’s
actions during the connections can’t be traced back to the attacker
![Page 129: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/129.jpg)
129
Blind Spoofing on TCP HandshakeAlleged Client (not actual)
IP address 1.2.1.2, port N/AServer
IP address 9.8.7.6, port 80
Blind Attacker SrcA=1.2.1.2, SrcP=5566,
DstA=9.8.7.6, DstP=80, SYN, Seq = z
SrcA=9.8.7.6, SrcP=80,
DstA=1.2.1.2, DstP=5566, SYN+ACK, Seq = y, Ack = z+1
Attacker’s goal:SrcA=1.2.1.2, SrcP=5566, DstA=9.8.7.6, DstP=80, ACK, Seq = z+1, ACK = y+1
SrcA=1.2.1.2, SrcP=5566, DstA=9.8.7.6, DstP=80, ACK, Seq = z+1, ACK = y+1,
Data = “GET /transfer-money.html”
![Page 130: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/130.jpg)
130
Blind Spoofing on TCP HandshakeAlleged Client (not actual)IP address 1.2.1.2, port NA
ServerIP address 9.8.7.6, port 80
Blind Attacker SrcA=1.2.1.2, SrcP=5566,
DstA=9.8.7.6, DstP=80, SYN, Seq = z
SrcA=9.8.7.6, SrcP=80,
DstA=1.2.1.2, DstP=5566, SYN+ACK, Seq = y, Ack = x+1
Small Note #1: if alleged client receives this, will be confused ⇒ send a RST back to server …… So attacker may need to hurry!
![Page 131: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/131.jpg)
131
Blind Spoofing on TCP HandshakeAlleged Client (not actual)IP address 1.2.1.2, port NA
ServerIP address 9.8.7.6, port 80
Blind Attacker SrcA=1.2.1.2, SrcP=5566,
DstA=9.8.7.6, DstP=80, SYN, Seq = z
SrcA=9.8.7.6, SrcP=80,
DstA=1.2.1.2, DstP=5566, SYN+ACK, Seq = y, Ack = z+1
Big Note #2: attacker doesn’t get to see this packet!
![Page 132: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/132.jpg)
132
Blind Spoofing on TCP HandshakeAlleged Client (not actual)
IP address 1.2.1.2, port N/AServer
IP address 9.8.7.6, port 80
Blind Attacker SrcA=1.2.1.2, SrcP=5566,
DstA=9.8.7.6, DstP=80, SYN, Seq = z
SrcA=9.8.7.6, SrcP=80,
DstA=1.2.1.2, DstP=5566, SYN+ACK, Seq = y, Ack = z+1
So how can the attacker figure out what value of y to use for their ACK?
SrcA=1.2.1.2, SrcP=5566, DstA=9.8.7.6, DstP=80, ACK, Seq = z+1, ACK = y+1
SrcA=1.2.1.2, SrcP=5566, DstA=9.8.7.6, DstP=80, ACK, Seq = z+1, ACK = y+1,
Data = “GET /transfer-money.html”
![Page 133: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/133.jpg)
133
Reminder: Establishing a TCP Connection
SYN
SYN+ACK
ACK
A B
DataData
Each host tells its Initial Sequence
Number (ISN) to the other host.
(Spec says to pick based on local clock)
Hmm, any way for the attacker to know this?
Sure – make a non-spoofed connection first, and see what
server used for ISN y then!
How Do We Fix This?
Use a (Pseudo)-Random ISN
![Page 134: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/134.jpg)
134
• An attacker who can observe your TCP connection can manipulate it:– Forcefully terminate by forging a RST packet– Inject (spoof) data into either direction by forging data packets– Works because they can include in their spoofed traffic the
correct sequence numbers (both directions) and TCP ports– Remains a major threat today
Summary of TCP Security Issues
![Page 135: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/135.jpg)
135
• An attacker who can observe your TCP connection can manipulate it:– Forcefully terminate by forging a RST packet– Inject (spoof) data into either direction by forging data packets– Works because they can include in their spoofed traffic the
correct sequence numbers (both directions) and TCP ports– Remains a major threat today
• If attacker could predict the ISN chosen by a server, could “blind spoof” a connection to the server– Makes it appear that host ABC has connected, and has sent data
of the attacker’s choosing, when in fact it hasn’t– Undermines any security based on trusting ABC’s IP address– Allows attacker to “frame” ABC or otherwise avoid detection– Fixed (mostly) today by choosing random ISNs
Summary of TCP Security Issues
![Page 136: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/136.jpg)
136
• No security against on-path attackers– Can sniff, inject packets, mount TCP spoofing, TCP
hijacking, man-in-the-middle attacks– Typical example: wireless networks, malicious network
operator
• More security against off-path attackers– TCP is more secure than UDP and IP
Summary of IP security
![Page 137: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/137.jpg)
137
Extra Material
![Page 138: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/138.jpg)
138
• Normally, TCP finishes (“closes”) a connection by each side sending a FIN control message– Reliably delivered, since other side must ack
• But: if a TCP endpoint finds unable to continue (process dies; info from other “peer” is inconsistent), it abruptly terminates by sending a RST control message– Unilateral– Takes effect immediately (no ack needed)– Only accepted by peer if has correct* sequence
number
TCP Threat: Disruption
![Page 139: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/139.jpg)
139
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
![Page 140: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/140.jpg)
140
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen
RST
0
Checksum Urgent pointer
Options (variable)
Data
![Page 141: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/141.jpg)
141
Abrupt Termination
• A sends a TCP packet with RESET (RST) flag to B– E.g., because app. process on A crashed– (Could instead be that B sends a RST to A)
• Assuming that the sequence numbers in the RST fit with what B expects, That’s It:– B’s user-level process receives: ECONNRESET– No further communication on connection is possible
SYN
SYN
ACK
ACK
Dat
a
RSTA
CK
timeA
B X
![Page 142: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/142.jpg)
142
• Normally, TCP finishes (“closes”) a connection by each side sending a FIN control message– Reliably delivered, since other side must ack
• But: if a TCP endpoint finds unable to continue (process dies; info from other “peer” is inconsistent), it abruptly terminates by sending a RST control message– Unilateral– Takes effect immediately (no ack needed)– Only accepted by peer if has correct* sequence
number
• So: if attacker knows ports & sequence numbers, can disrupt any TCP connection
TCP Threat: Disruption
![Page 143: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/143.jpg)
143
TCP RST InjectionClient (initiator)
IP address 1.2.1.2, port 3344Server
IP address 9.8.7.6, port 80
SrcA=1.2.1.2, SrcP=3344, DstA=9.8.7.6, DstP=80,ACK, Seq=x+1, Ack = y+1, Data=“GET /login.html
...
AttackerIP address 6.6.6.6, port N/A
SrcA=9.8.7.6, SrcP=80,DstA=1.2.1.2, DstP=3344,
RST, Seq = y+1, Ack = x+16
Client dutifully removes
connection
![Page 144: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/144.jpg)
144
TCP RST InjectionClient (initiator)
IP address 1.2.1.2, port 3344Server
IP address 9.8.7.6, port 80
SrcA=1.2.1.2, SrcP=3344, DstA=9.8.7.6, DstP=80,ACK, Seq=x+1, Ack = y+1, Data=“GET /login.html
...
SrcA=9.8.7.6, SrcP=80, DstA=1.2.1.2, DstP=3344,
ACK, Seq = y+1, Ack = x+16, Data=“200 OK … <html> …”
AttackerIP address 6.6.6.6, port N/A
SrcA=9.8.7.6, SrcP=80,DstA=1.2.1.2, DstP=3344,
RST, Seq = y+1, Ack = x+16
X
Client rejects
since no active
connection
![Page 145: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/145.jpg)
145
Threats to Comm. Security Goals
• Attacks can subvert each type of goal– Confidentiality: eavesdropping / theft of information– Integrity: altering data, manipulating execution (e.g., code
injection)– Availability: denial-of-service
• Attackers can also combine different types of attacks towards an overarching goal– E.g. use eavesdropping (confidentiality) to construct a spoofing
attack (integrity) that tells a server to drop an important connection (denial-of-service)
![Page 146: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/146.jpg)
146
TCP’s Rate Management
Unless there’s loss, TCP doubles data in flight every “round-trip”. All TCPs expected to obey (“fairness”).Mechanism: for each arriving ack for new data, increase allowed data by 1 maximum-sized packet
D0-99 A100D100-199
D200-299 A200A300 D D D D
1 2 43
A A A A
8
E.g., suppose maximum-sized packet = 100 bytes
Src
DestTime
![Page 147: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/147.jpg)
147
Protocol Cheating
How can the destination (receiver) get data to come to them faster than normally allowed?
D0-99
Src
Dest
1
A25A50
A75 A100
D100-199
D200-299
2
How do we defend against this?
D300-399
3
D400-499
4
D500-599
5
ACK-Splitting: each ack, even though partial, increases allowed data by one maximum-sized packet
TimeChange rule to require “full” ack for all data sent in a packet
![Page 148: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/148.jpg)
148
Protocol Cheating
How can the destination (receiver) still get data to come to them faster than normally allowed?
D0-99
Src
Dest
1
A100A200
A300 A400
D100-199
D200-299
2
How do we defend against this?
D300-399
3
D400-499
4
D500-599
5
Opportunistic ack’ing: acknowledge data not yet seen!
Time
![Page 149: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/149.jpg)
149
• Approach #1: if you receive an ack for data you haven’t sent, kill the connection– Works only if receiver acks too far ahead
• Approach #2: follow the “round trip time” (RTT) and if ack arrives too quickly, kill the connection– Flaky: RTT can vary a lot, so you might kill innocent
connections
• Approach #3: make the receiver prove they received the data– Add a nonce (“random” marker) & require receiver to
include it in ack. Kill connections w/ incorrect nonceso (nonce could be function computed over payload, so sender
doesn’t explicitly transmit, only implicitly)
Keeping Receivers Honest
Note: a protocol change
![Page 150: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/150.jpg)
IP Packet Structure
4-bitVersion
4-bitHeaderLength
8-bitType of Service
(TOS)16-bit Total Length (Bytes)
16-bit Identification3-bitFlags 13-bit Fragment Offset
8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum
32-bit Source IP Address
32-bit Destination IP Address
Options (if any)
Payload
![Page 151: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/151.jpg)
151
IP Packet Header Fields (Continued)
•Total length (16 bits)– Number of bytes in the packet– Maximum size is 65,535 bytes (216 -1)– … though underlying links may impose smaller limits
•Fragmentation: when forwarding a packet, an Internet router can split it into multiple pieces (“fragments”) if too big for next hop link
•End host reassembles to recover original packet•Fragmentation information (32 bits)
– Packet identifier, flags, and fragment offset– Supports dividing a large IP packet into fragments– … in case a link cannot handle a large IP packet
![Page 152: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/152.jpg)
152
Example: E-Mail Message Using MIME
From: [email protected] To: [email protected] Subject: picture of my cat MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg
Base64 encoded data …. JVBERi0xLjMNJeLjz9MNMSAwI ......................... ......base64 encoded data
type and subtype
method usedto encode data
MIME version
encoded data
![Page 153: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/153.jpg)
153
Example With Received HeaderReturn-Path: <[email protected]>Received: from ribavirin.CS.Princeton.EDU (ribavirin.CS.Princeton.EDU [128.112.136.44]) by newark.CS.Princeton.EDU (8.12.11/8.12.11) with SMTP id k04M5R7Y023164 for <[email protected]>; Wed, 4 Jan 2006 17:05:37 -0500 (EST)Received: from bluebox.CS.Princeton.EDU ([128.112.136.38]) by ribavirin.CS.Princeton.EDU (SMSSMTP 4.1.0.19) with SMTP id M2006010417053607946 for <[email protected]>; Wed, 04 Jan 2006 17:05:36 -0500Received: from smtp-roam.Stanford.EDU (smtp-roam.Stanford.EDU [171.64.10.152]) by bluebox.CS.Princeton.EDU (8.12.11/8.12.11) with ESMTP id k04M5XNQ005204 for <[email protected]>; Wed, 4 Jan 2006 17:05:35 -0500 (EST)Received: from [192.168.1.101] (adsl-69-107-78-147.dsl.pltn13.pacbell.net [69.107.78.147]) (authenticated bits=0) by smtp-roam.Stanford.EDU (8.12.11/8.12.11) with ESMTP id k04M5W92018875 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 4 Jan 2006 14:05:32 -0800Message-ID: <[email protected]>Date: Wed, 04 Jan 2006 14:05:35 -0800From: Martin Casado <[email protected]>User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)MIME-Version: 1.0To: [email protected]: Martin Casado <[email protected]>Subject: Using VNS in ClassContent-Type: text/plain; charset=ISO-8859-1; format=flowedContent-Transfer-Encoding: 7bit
![Page 154: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/154.jpg)
IP Packet Structure
4-bitVersion
4-bitHeaderLength
8-bitType of Service
(TOS)16-bit Total Length (Bytes)
16-bit Identification3-bitFlags 13-bit Fragment Offset
8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum
32-bit Source IP Address
32-bit Destination IP Address
Options (if any)
Payload
![Page 155: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/155.jpg)
155
IP Packet Header Fields
•Version number (4 bits)– Indicates the version of the IP protocol– Necessary to know what other fields to expect– Typically “4” (for IPv4), and sometimes “6” (for IPv6)
•Header length (4 bits)– Number of 32-bit words in the header– Typically “5” (for a 20-byte IPv4 header)– Can be more when IP options are used
•Type-of-Service (8 bits)– Allow packets to be treated differently based on needs– E.g., low delay for audio, high bandwidth for bulk transfer
![Page 156: Prof. Raluca Ada Popa CS 161: Computer Security Feb 27 ...cs161/sp18/slides/2.27.TL2-Network.pdfProf. Raluca Ada Popa February 27, 2018 Some slides credit David Wagner. Networking](https://reader036.fdocuments.in/reader036/viewer/2022063013/5fce054521a34d6e9c5e9b5a/html5/thumbnails/156.jpg)
156
Sample Email (SMTP) interaction S: 220 hamburger.edu C: HELO crepes.fr S: 250 Hello crepes.fr, pleased to meet you C: MAIL FROM: <[email protected]> S: 250 [email protected]... Sender ok C: RCPT TO: <[email protected]> S: 250 [email protected] ... Recipient ok C: DATA S: 354 Enter mail, end with "." on a line by itself C: From: [email protected] C: To: [email protected] C: Subject: Do you like ketchup? C: C: How about pickles? C: . S: 250 Message accepted for delivery C: QUIT S: 221 hamburger.edu closing connection
Email header
Email body
Lone period marks end of message