SystemsSec 2016W Lecture 19: Difference between revisions

From Soma-notes
← Older edit
 
Line 61: Line 61:
       o Most people should not worry about this sort of attack. There are so many other ways that an attacker can compromise you.
       o Most people should not worry about this sort of attack. There are so many other ways that an attacker can compromise you.


'''IPhone case'''
===IPhone case===


   • The FBI dropped the case, the excuse they gave was that they did not need their help and had another way to do it
   • The FBI dropped the case, the excuse they gave was that they did not need their help and had another way to do it

Latest revision as of 18:55, 6 April 2016

Data Compression

 • Compression and encryption can mess with each other
 • People can reconstruct VoIP depending on how it was compressed

Reading: Data Compression In Network Services

 • Our paper was talking about “zip bombs” and they are everywhere
     o	Compressed archive is trivial to send to a server, but it is computationally demanding on the receiving server to process
     o	The decompression ties up resources
     o	Can be used against an anti-virus, scan a zip file which decompresses and fills up memory so much it crashes
     o	Attack uses lots of spaces, repeat the same data over and over
     o	How do you make a zip bomb, without blowing yourself up? 
       -  Hand craft it or you only have to do it once and can then send it multiple times (do hard work once VS server must do it multiple times).
 • Did they report every piece of software they tested?
     o	They did web, chat, and email (IMAP), but not SMTP...? 
     o	Probably because the results of SMTP wouldn't be interesting. 
       -  SMTP have spam filters and AV, so they could be vulnerable. 
       -  But email has been under attack for so long that email servers have been hardened over the years because of constant attacks.
 • DOS hasn't been used on the web as much because it is usually easy to counter thanks to the service providers.
 • Wasn't crazy scientific did not quantify the issue and the potential damage that could be done.
     o	Instead just affirmed there was an issue.
     o	Paper was published because the issue was not well recognised. Was published last August... 
 • Denial of Service
     o	Web servers
       -  Web servers are under attack all the time. There are many resources and tools on how to mitigate DOS attacks against a web server.
       -  How do you stop your web server from dying when web traffic gets a spike?
           • Use a content distribution network to mirror your content. Good for static content. Works okay for dynamic content.
           • If you are offering a service you have to build it to scale properly so it can run new instances to deal with the load.
     o	Chat server
       -  Chat server goes down. You can just use another one.
     o	IMAP (private email server)
       -  IMAP is attacked. You can't access email on that specific email client.
 • Compression is just one way to do DOS, there are many more.
     o	Amplification attacks: Send packet to a public server that then sends multiple to a specific target.
     o	Create Multiple Connection: In a SYN flood attack we send SYN packets to a TCP server to tie up resources by creating excessive connections.
     o	etc...
 • This paper is really about resource management.
     o	Right way to defend against this is to limit resources appropriately.

Reading: Thermal Covert Channels

 • Not about attacking a system, but about exfiltrating data
     o	IP over thermometers
 • Covert Channel: data stream that people do not know about
 • Why do we worry about these? 
     o	Data is either escaping or entering without our knowing.
     o	Covert channels that people care about are usually ones that go through something that shouldn't be possible or channels that have high bandwidth.
     o	How big is it? How much data can you pass through it?
       -  ~12 bits per second
 • Why is this paper interesting?
     o	The cloud
     o	If processes share the same core, it is possible to get information from another process just from sharing that core
     o	Temperature patterns can leak hash data
     o	Get secret key from another machine through the temperature of a shared core
     o	To keep secrecy put each machine on its own core
 • How usable is this threat?
     o	~12 bits per second
     o	In the cloud, if it is CPU intensive than it is hard to use, however the machines don't usually do CPU intensive tasks all the time
     o	Is a real covert channel, but not very useful right now for an attack
     o	Very hard to get a secret key using this
     o	In the future with higher resolution thermal sensors, the attack may be much more practical
     o	Most people should not worry about this sort of attack. There are so many other ways that an attacker can compromise you.

IPhone case

 • The FBI dropped the case, the excuse they gave was that they did not need their help and had another way to do it
 • A lot of people were against Apple in the polls.
     o	A large amount of the population do not know the importance of encryption
     o	Do not understand that a backdoor can both be abused by the government and other attackers
 • In Paris attacks there was no encryption used, they used burner phones instead
Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=SystemsSec_2016W_Lecture_19&oldid=20931"